SSL Certificate Analysis for lshrxg.cn - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=ucpnm.org

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

May 27, 2026

Valid Until

August 25, 2026 78 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

8A:35:00:4A:51:75:3A:6B:5B:74:1A:0A:44:6B:57:7D:C0:23:FE:1E:4E:B0:33:B1:46:11:C5:B6:34:19:C1:60

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

lshrxg.cn *.lshrxg.cn *.8th4z.lshrxg.cn *.appu1.lshrxg.cn *.b.lshrxg.cn *.ccioajcuxz.lshrxg.cn *.ipzxnnqbor517y.lshrxg.cn *.mobile.lshrxg.cn *.nt.lshrxg.cn *.server.lshrxg.cn *.shop.lshrxg.cn *.status.lshrxg.cn *.support.lshrxg.cn *.test.lshrxg.cn *.upfngory.lshrxg.cn *.web.lshrxg.cn *.www.lshrxg.cn

Other domains in certificate

*.0152c851fa.1175clx301.top *.10e0758656.1175clx301.top 1175clx301.top *.1175clx301.top *.odgveg.1175clx301.top

6dhq.buzz *.6dhq.buzz *.ww16.6dhq.buzz

*.10-day-weather-for-peoria-il.ascendu.cfd ascendu.cfd *.ascendu.cfd *.coc-2-save-editor.ascendu.cfd *.depop-pending-payment.ascendu.cfd *.homer-simpson-mmm-bacon.ascendu.cfd *.kourend-teleport-portal-osrs.ascendu.cfd *.mining-sim-pets.ascendu.cfd *.recover-att-email-account.ascendu.cfd *.solasta-colossus-slayer.ascendu.cfd *.test.ascendu.cfd *.ww17.ascendu.cfd

hataokase.com *.hataokase.com *.ww7.hataokase.com

lakepearl2023.com *.lakepearl2023.com *.prod.lakepearl2023.com

mycardhdfc.com *.mycardhdfc.com *.ww2.mycardhdfc.com

*.bi.ofa.be *.demo.ofa.be *.ele.ofa.be *.ftp.ofa.be *.ketla.ofa.be *.m.ofa.be *.mail.ofa.be *.new.ofa.be *.news.ofa.be *.notexistsele.ofa.be *.o.ofa.be ofa.be *.ofa.be *.pop.ofa.be *.random.ofa.be *.remote.ofa.be *.reports.ofa.be *.sipexternal.ofa.be *.superset.ofa.be *.test.ofa.be *.www.ofa.be

*.admin.remotify.org *.dev.remotify.org *.m.remotify.org remotify.org *.remotify.org *.vzncaapi.remotify.org *.webmail.remotify.org *.xxmapm.remotify.org

sleepoautcurtains.com *.sleepoautcurtains.com *.ww38.sleepoautcurtains.com

*.app.ucpnm.org *.ns1.ucpnm.org *.sitemap.ucpnm.org ucpnm.org *.ucpnm.org *.ww38.ucpnm.org

*.cloud.zqhbxh.cn *.remote.zqhbxh.cn *.stats.zqhbxh.cn zqhbxh.cn *.zqhbxh.cn