SSL Certificate Analysis for ghost.to - Security Grade & TLS Configuration

Certificate Information

Subject

CN=dier.life

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

January 20, 2026

Valid Until

April 20, 2026 69 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

95:0D:11:55:BC:EA:37:DD:B6:F6:87:EF:A3:6F:07:B3:5E:A4:F6:63:C2:12:F7:35:07:26:20:09:22:D9:98:35

Alternative Names

80 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

80 domains

ghost.to *.ghost.to *.ai.ghost.to *.cute.ghost.to *.for.ghost.to *.ww38.ghost.to

Other domains in certificate

*.16.42ndstreetcinema.com 42ndstreetcinema.com *.42ndstreetcinema.com

481u6.xyz *.481u6.xyz *.yf.481u6.xyz

advancedscienceresearchjournals.org *.advancedscienceresearchjournals.org

bestmfozaim.online *.bestmfozaim.online

bonsiam.online *.bonsiam.online

briskibuy.store *.briskibuy.store

cashamcash.online *.cashamcash.online

ceramostone.online *.ceramostone.online

cheatokfa.store *.cheatokfa.store

companyonwork.online *.companyonwork.online

demi.bio *.demi.bio

dier.life *.dier.life

digigrove.live *.digigrove.live

downloandzow.space *.downloandzow.space

dp2311c.xyz *.dp2311c.xyz *.ww16.dp2311c.xyz *.ww25.dp2311c.xyz

drdrschuetz.com *.drdrschuetz.com

elblogdelingeniero.online *.elblogdelingeniero.online

extoledmonel.website *.extoledmonel.website

fawn.website *.fawn.website

fullmarket.website *.fullmarket.website

gaixinhz.online *.gaixinhz.online

hackingcourses.website *.hackingcourses.website

heavenhouse.store *.heavenhouse.store

holdloves.website *.holdloves.website

*.imap.indiaman.com indiaman.com *.indiaman.com

investu.online *.investu.online

johnstonmurph.com *.johnstonmurph.com

luckyirishslots.bet *.luckyirishslots.bet

packmania.online *.packmania.online *.testing.packmania.online

petmaniashop.online *.petmaniashop.online

pixelperegrines.online *.pixelperegrines.online

swis-com.online *.swis-com.online

vertolet.website *.vertolet.website

zonya.tech *.zonya.tech