SSL Certificate Analysis for mail.popupevent.com - Security Grade & TLS Configuration

Certificate Information

Subject

CN=byon88best.it.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

January 29, 2026

Valid Until

April 29, 2026 80 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

29:F0:4D:BF:B5:E7:06:31:48:D1:20:97:D0:C1:58:F2:C1:C0:7F:74:47:B3:8D:5E:71:5B:91:FA:DD:17:07:84

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

popupevent.com *.popupevent.com

Other domains in certificate

0gomovies.tv *.0gomovies.tv

24801.net *.24801.net

2515769.pizza *.2515769.pizza

25549.pizza *.25549.pizza

37263.pizza *.37263.pizza

53710.pizza *.53710.pizza

542546.vip *.542546.vip

57213.loan *.57213.loan

572806.top *.572806.top

59027.loan *.59027.loan

59444.mobi *.59444.mobi

9festival.com *.9festival.com

9krummy.com *.9krummy.com

allnassau.com *.allnassau.com

allterrainhunter.com *.allterrainhunter.com

ax566.com *.ax566.com

balvar.com *.balvar.com

bedsidebunny.com *.bedsidebunny.com

beerwheel.com *.beerwheel.com

behindthebarcode.com *.behindthebarcode.com

bekijkhetmaar.com *.bekijkhetmaar.com

bigfatelephant.com *.bigfatelephant.com

bingelysnacks.com *.bingelysnacks.com

blancojet.com *.blancojet.com

centrumzaopatrzeniatynkarzy.pl *.centrumzaopatrzeniatynkarzy.pl

culppy.org *.culppy.org

cyberoutfits.com *.cyberoutfits.com

deathcube.com *.deathcube.com

developdock.com *.developdock.com

dtns.pl *.dtns.pl

goldenmangas.top *.goldenmangas.top

hrzm.org *.hrzm.org

byon88best.it.com *.byon88best.it.com

pathfinderskc.com *.pathfinderskc.com

polylinker.com *.polylinker.com

propaktani.com *.propaktani.com

psg77dana.com *.psg77dana.com

realizepost.com *.realizepost.com

rightdark-scan.com *.rightdark-scan.com

risepay.info *.risepay.info

riyati.com *.riyati.com

royalgpt.com *.royalgpt.com

samssnackpack.com *.samssnackpack.com

scalewaldoai.com *.scalewaldoai.com