SSL Certificate Analysis for 99388.one - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=cg71m4.top

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

May 18, 2026

Valid Until

August 16, 2026 52 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

E6:D9:90:CD:45:96:FA:BA:D2:8F:F7:C4:BD:CE:7E:19:0A:EE:FD:10:9F:9F:A8:43:3D:38:20:30:38:61:7C:B5

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

99388.one *.99388.one

Other domains in certificate

1wincasino1.pro *.1wincasino1.pro

234z.my *.234z.my

2666.ws *.2666.ws

2dxmy.lol *.2dxmy.lol

33streaming.co *.33streaming.co

36745.my *.36745.my

506sports.co *.506sports.co

5637.my *.5637.my

62739.cc *.62739.cc

663619.club *.663619.club

664252.club *.664252.club

677230.club *.677230.club

688772.club *.688772.club

698454.club *.698454.club

7year.co *.7year.co

983312.xyz *.983312.xyz

adnaturam.co *.adnaturam.co

astrit.net *.astrit.net

atrilli.co *.atrilli.co

beasttracker.co *.beasttracker.co

bidob.com *.bidob.com

bigwingame.pro *.bigwingame.pro

bonnierpublications.co *.bonnierpublications.co

brandonconcrete.co *.brandonconcrete.co

callhouse.pro *.callhouse.pro

carjam.co *.carjam.co

cg71m4.top *.cg71m4.top

ciengo.co *.ciengo.co

clearbanc.co *.clearbanc.co

cozycritter.co *.cozycritter.co

crystalboss.co *.crystalboss.co

cssjs.co *.cssjs.co

d7bszz.cyou *.d7bszz.cyou

danejones.co *.danejones.co

dckbdqwtmr.xyz *.dckbdqwtmr.xyz

e8bagd.co *.e8bagd.co

equineportal.co *.equineportal.co

ffgsqwnmasgcynz.cc *.ffgsqwnmasgcynz.cc

hoodcity.co *.hoodcity.co

kimame.co *.kimame.co

kjsports.co *.kjsports.co

uwatchfree.co *.uwatchfree.co

valpisistemas.co *.valpisistemas.co

vanillavisa.co *.vanillavisa.co