SSL Certificate Analysis for api.be - Security Grade & TLS Configuration

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=mandoob.store

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

December 18, 2025

Valid Until

March 18, 2026 33 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

17:E3:74:93:84:63:A3:70:AF:E0:2E:7B:18:26:45:17:DA:DE:04:76:C7:9E:61:77:9D:A7:09:1C:06:8C:A7:33

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

api.be *.api.be *.itidmapp.api.be *.ww31.api.be

Other domains in certificate

505pinball.com *.505pinball.com *.blog.505pinball.com *.demo.505pinball.com *.dev.505pinball.com *.mail.505pinball.com *.preprod.505pinball.com *.random.505pinball.com *.webmail.505pinball.com

aceministeries.com *.aceministeries.com

artpandora.com *.artpandora.com *.autodiscover.artpandora.com *.gitlab.artpandora.com *.hostmaster.artpandora.com

avamovie8.xyz *.avamovie8.xyz

bombnav.us *.bombnav.us

cancerfit.me *.cancerfit.me

*.au.edaproject.space edaproject.space *.edaproject.space *.hl.edaproject.space *.kb.edaproject.space *.mo.edaproject.space *.nw.edaproject.space *.rm.edaproject.space *.to.edaproject.space *.vy.edaproject.space *.wv.edaproject.space *.wx.edaproject.space *.yx.edaproject.space

*.demo.exxonmobileaccount.com exxonmobileaccount.com *.exxonmobileaccount.com *.mail.exxonmobileaccount.com *.my.exxonmobileaccount.com

*.expedia.getyourguide.au getyourguide.au *.getyourguide.au *.gov.getyourguide.au *.ww25.getyourguide.au

lapphund.com *.lapphund.com *.ww12.lapphund.com

mandoob.store *.mandoob.store

milfmompics.com *.milfmompics.com *.www.milfmompics.com

mokuren.info *.mokuren.info

oumei.live *.oumei.live

*.seso.seso1.top seso1.top *.seso1.top

shaggycunt.com *.shaggycunt.com

spectraliquid.com *.spectraliquid.com *.www.spectraliquid.com

*.al.texts.net *.buddhist.texts.net *.contingency.texts.net *.mx.texts.net texts.net *.texts.net

*.dns.woundedwarrier.com *.hostmaster.woundedwarrier.com *.mx7.woundedwarrier.com woundedwarrier.com *.woundedwarrier.com

*.account.xn--umowaoprac-nnb.pl *.demo.xn--umowaoprac-nnb.pl *.hostmaster.xn--umowaoprac-nnb.pl *.mail.xn--umowaoprac-nnb.pl *.www.xn--umowaoprac-nnb.pl xn--umowaoprac-nnb.pl *.xn--umowaoprac-nnb.pl

*.ww38.xnxxinhindi.com xnxxinhindi.com *.xnxxinhindi.com