SSL Certificate Analysis for beta.paycheplus.com - Security Grade & TLS Configuration

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=fuckfriend.it

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 13, 2026

Valid Until

May 14, 2026 88 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

B9:4C:55:21:65:79:D1:C7:DF:99:5E:20:DC:6E:BE:A7:38:99:CA:F1:3D:08:A2:54:E6:FC:DE:B9:69:68:39:8A

Alternative Names

88 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

88 domains

paycheplus.com *.paycheplus.com *.7.paycheplus.com *.api.paycheplus.com *.app.paycheplus.com *.backup.paycheplus.com *.bbs.paycheplus.com *.beta.paycheplus.com *.blog.paycheplus.com *.cpanel.paycheplus.com *.crm.paycheplus.com *.demo.paycheplus.com *.dev.paycheplus.com *.dgw.paycheplus.com *.dns.paycheplus.com *.forum.paycheplus.com *.forums.paycheplus.com *.ftp.paycheplus.com *.help.paycheplus.com *.home.paycheplus.com *.localhost.paycheplus.com *.m.paycheplus.com *.mail.paycheplus.com *.mobile.paycheplus.com *.mx7.paycheplus.com *.new.paycheplus.com *.news.paycheplus.com *.notexistsmx7.paycheplus.com *.ns2.paycheplus.com *.old.paycheplus.com *.remote.paycheplus.com *.shop.paycheplus.com *.store.paycheplus.com *.temp.paycheplus.com *.test.paycheplus.com *.vpn.paycheplus.com *.wiki.paycheplus.com *.ww7.paycheplus.com *.wwww.paycheplus.com

Other domains in certificate

42238.plus *.42238.plus *.api.42238.plus *.app.42238.plus *.members.42238.plus *.test.42238.plus

*.64ab70a0-76e1-43c2-b564-41b2e063ed5c.ayamgoreng.quest ayamgoreng.quest *.ayamgoreng.quest

dspwl.bid *.dspwl.bid *.intranet.dspwl.bid

fuckfriend.it *.fuckfriend.it *.staging.fuckfriend.it

*.eposta.ghera.it *.exmail2.ghera.it ghera.it *.ghera.it *.ogrencieposta.ghera.it *.smail.ghera.it

*.dev.italianlawpractice.it italianlawpractice.it *.italianlawpractice.it *.reporting.italianlawpractice.it *.reports.italianlawpractice.it *.staging.italianlawpractice.it

*.analytics.martella.it *.mail.martella.it martella.it *.martella.it *.remoto.martella.it *.supersets.martella.it *.vpnapac.martella.it

*.c1d2e3f4.sybbdh47.top *.o1p2q3r4.sybbdh47.top sybbdh47.top *.sybbdh47.top

*.admin.treatment.live *.api.treatment.live *.dev.treatment.live *.slffbpkmewr.treatment.live treatment.live *.treatment.live *.uxskmfitvxa.treatment.live

*.dogx8jomvx.udc.com udc.com *.udc.com *.webmail.udc.com