SSL Certificate Analysis for d35.lol - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=18256.click

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

May 11, 2026

Valid Until

August 09, 2026 56 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

AC:C3:1D:0F:52:99:C9:E0:E9:CD:F1:BF:41:58:66:94:DA:C5:48:B2:FE:28:08:CE:0E:F3:36:13:D1:A4:FB:29

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

d35.lol *.d35.lol

Other domains in certificate

18256.click *.18256.click

226699jj.cc *.226699jj.cc

408038.cc *.408038.cc

51368.blog *.51368.blog

53895.blog *.53895.blog

63952.lgbt *.63952.lgbt

66585.lgbt *.66585.lgbt

67859.my *.67859.my

67881.my *.67881.my

6fgy29pwh2.top *.6fgy29pwh2.top

72067.my *.72067.my

748536.co *.748536.co

77961.loan *.77961.loan

808bet.vip *.808bet.vip

816894.lgbt *.816894.lgbt

81776.one *.81776.one

82135.app *.82135.app

85631.my *.85631.my

86133.win *.86133.win

86161.lgbt *.86161.lgbt

86923.lgbt *.86923.lgbt

87178.lgbt *.87178.lgbt

89058.my *.89058.my

89464.click *.89464.click

89675.blog *.89675.blog

89788.blog *.89788.blog

89av.vip *.89av.vip

8pmtbn.cyou *.8pmtbn.cyou

90091.blog *.90091.blog

91p665.com *.91p665.com

92137.my *.92137.my

92513.my *.92513.my

93245.blog *.93245.blog

93878.my *.93878.my

94023.blog *.94023.blog

94655.my *.94655.my

983466.town *.983466.town

beach-holidays-6x.click *.beach-holidays-6x.click

comprar-carro-parcelado-no-boleto-br.sbs *.comprar-carro-parcelado-no-boleto-br.sbs

consulatechina.com *.consulatechina.com

f1cgt7.top *.f1cgt7.top

pk95r3.com *.pk95r3.com

smart-tv-credit-de.sbs *.smart-tv-credit-de.sbs

wwwk98v.cc *.wwwk98v.cc