Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=aff009.org
Issuer
C=US, O=Let's Encrypt, CN=YR1
Valid From
June 02, 2026
Valid Until
August 31, 2026
83 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
4E:3F:AB:96:6F:03:EE:F6:51:02:1A:AE:81:B2:CF:D3:CB:0C:1B:85:D6:99:49:54:B2:CB:B0:D9:35:FF:F7:DB
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
90 domains
certain.one
*.certain.one
*.admin.certain.one
*.api.certain.one
*.app.certain.one
*.assets.certain.one
*.blog.certain.one
*.dcf4fbd3-8702-4933-8346-187da7fd2797.certain.one
*.demo.certain.one
*.dev.certain.one
*.homologacao.certain.one
*.hostmaster.certain.one
*.izaxaapi.certain.one
*.m.certain.one
*.mail.certain.one
*.members.certain.one
*.no.certain.one
*.shop.certain.one
*.staging.certain.one
*.storage.certain.one
*.test.certain.one
*.wanted.certain.one
*.www.certain.one
*.xhhfaizaxaapi.certain.one
*.yebjbtest.certain.one
1147lls301.top
*.1147lls301.top
*.26af664675.1147lls301.top
*.eybqeb.1147lls301.top
aff009.org
*.aff009.org
*.dsp.aff009.org
artforart.it
*.artforart.it
*.gpadmin.artforart.it
*.mail.artforart.it
*.mx.artforart.it
*.mymail.artforart.it
*.notexistssmtp-in.artforart.it
*.owa.artforart.it
*.remote.artforart.it
*.reporting.artforart.it
*.yruqhsmtpclient.artforart.it
*.zimbra.artforart.it
*.bstoneman.carrad.co
carrad.co
*.carrad.co
*.endsars.carrad.co
*.sophia.carrad.co
citiban.co
*.citiban.co
*.eyespot.citiban.co
*.370u15.cocol88-rtp.xyz
cocol88-rtp.xyz
*.cocol88-rtp.xyz
*.cari.dimelo.co
dimelo.co
*.dimelo.co
*.engagement.dimelo.co
*.16.gegelu.com
gegelu.com
*.gegelu.com
*.ww01.gegelu.com
*.ww25.gegelu.com
*.www.gegelu.com
*.xn--www-dw3fj48r.gegelu.com
*.hostmaster.technogeek.co
*.mx.technogeek.co
technogeek.co
*.technogeek.co
*.www.technogeek.co
*.gateway.transcendingbizarre.com
transcendingbizarre.com
*.transcendingbizarre.com
worldwarcraft.com
*.worldwarcraft.com
*.2cafd022-278b-469e-b781-d3f0acfb6a66.xn--jdyyl.com
*.angels.xn--jdyyl.com
*.backup.xn--jdyyl.com
*.bbs.xn--jdyyl.com
*.demo.xn--jdyyl.com
*.hostmaster.xn--jdyyl.com
*.m.xn--jdyyl.com
*.portal.xn--jdyyl.com
*.sitemaps.xn--jdyyl.com
*.vpn.xn--jdyyl.com
*.wap.xn--jdyyl.com
*.www.xn--jdyyl.com
xn--jdyyl.com
*.xn--jdyyl.com
Other domains in certificate