DNS Gurus

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Hostname Mismatch - certificate is issued for *.cdn.myqcloud.com, *.2144.cn, *.2144.com, *.4399.com, *.5054399.com, *.58cdn.com.cn, *.bldimg.com, *.cdn-go.cn, *.cntv.qcloudcdn.com, not for api.geetest.com.eo.dnse2.com

Cached · just now
75/100 SECURITY SCORE

Certificate Information

Subject
CN=*.cdn.myqcloud.com
Issuer
C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia RSA DV TLS CA G3
Valid From
June 12, 2025
Valid Until
June 12, 2026 42 days
Public Key
RSA 2048 bit Adequate
Signature Algorithm
SHA384-RSA
SHA-256 Fingerprint
11:68:03:7C:61:6C:DA:EA:A8:81:93:D6:A8:1B:BC:A4:EC:B3:96:CB:6D:2E:A6:0B:6F:5C:65:2E:BF:37:0A:D3
Alternative Names
103 domains

Security Configuration

TLS Protocols
TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)
Warnings
  • TLS 1.1 is deprecated and should be disabled
  • TLS 1.0 is deprecated and should be disabled

HTTP Security Headers

Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Missing
Not configured Analyze
Content-Security-Policy-Report-Only
Missing
Not configured Analyze
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Add Strict-Transport-Security header with max-age of at least 1 year
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Not Configured (Any CA can issue certificates)
CAA Issues
  • No CAA records configured - any CA can issue certificates
Recommendations
  • Implement CAA records to restrict which CAs can issue certificates for your domain
  • This adds an extra layer of security against unauthorized certificate issuance
  • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
  • Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

103 domains
2144.cn *.2144.cn
2144.com *.2144.com flash.2144.com *.flash.2144.com
4399.com *.4399.com nitrome.com.4399.com
www.miniclip.com.4399pk.com
5054399.com *.5054399.com
58cdn.com.cn *.58cdn.com.cn
xpdl999.aiwan4399.com
bldimg.com *.bldimg.com
cdn-go.cn *.cdn-go.cn
vip.cdngot.com *.vip.cdngot.com
dd.cdntips.net *.dd.cdntips.net dlied1.cdntips.net *.dlied1.cdntips.net
danmu.com *.danmu.com
dianping.com *.dianping.com
dpfile.com *.dpfile.com
ffnews.cn *.ffnews.cn
flash.cn *.flash.cn
geetest.com *.geetest.com
gtimg.cn *.gtimg.cn
gtimg.com *.gtimg.com
img4399.com *.img4399.com
jsbchina.cn *.jsbchina.cn
lof3.xyz *.lof3.xyz
meituan.net *.meituan.net
myapp.com *.myapp.com
mykeeta.net *.mykeeta.net
cdn.myqcloud.com *.cdn.myqcloud.com file.myqcloud.com *.file.myqcloud.com hls.cdn.myqcloud.com *.hls.cdn.myqcloud.com image.myqcloud.com *.image.myqcloud.com video.myqcloud.com *.video.myqcloud.com vod.cdn.myqcloud.com *.vod.cdn.myqcloud.com vod.myqcloud.com *.vod.myqcloud.com vod2.myqcloud.com *.vod2.myqcloud.com
cntv.qcloudcdn.com *.cntv.qcloudcdn.com qcloudcdn.com *.qcloudcdn.com vda.v.qcloudcdn.com *.vda.v.qcloudcdn.com
qpic.cn *.qpic.cn
dd.qq.com *.dd.qq.com weishi.qq.com *.weishi.qq.com wx.qq.com *.wx.qq.com
sogoucdn.com *.sogoucdn.com
suyinwealth.com *.suyinwealth.com
www.tencentwm.com
dl.txcdns.com *.dl.txcdns.com
www.txfund.com
ugdtimg.com *.ugdtimg.com
uniqlo.cn *.uniqlo.cn
vod-qcloud.com *.vod-qcloud.com
wanyabox.com *.wanyabox.com
zhongcheng818.com *.zhongcheng818.com
zservey.net *.zservey.net