SSL Certificate Analysis for mail.voodoo.studio - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=xn--9kqy4sc0no20ba.xyz

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 04, 2026

Valid Until

May 05, 2026 83 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

1D:7D:5A:6D:CC:78:9E:39:29:2F:E8:0C:78:8A:CA:9C:15:62:AF:47:9C:F0:86:3D:B6:1C:90:E3:B1:F5:8A:D4

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

voodoo.studio *.voodoo.studio *.portal.voodoo.studio

Other domains in certificate

4lookups.com *.4lookups.com *.m.4lookups.com

7696bet.xyz *.7696bet.xyz *.kwid9.7696bet.xyz

*.0ysiom.chinablognetwork.com chinablognetwork.com *.chinablognetwork.com *.cn.chinablognetwork.com *.com.chinablognetwork.com *.net.chinablognetwork.com *.org.chinablognetwork.com

concept-mount.xyz *.concept-mount.xyz *.www.concept-mount.xyz

*.3b747623-6233-4e10-8164-fabe45758f01.danhickeyplumbing.com *.admin.danhickeyplumbing.com *.backup.danhickeyplumbing.com danhickeyplumbing.com *.danhickeyplumbing.com *.mta-sts.danhickeyplumbing.com *.uat.danhickeyplumbing.com

dateover50.com *.dateover50.com *.ww11.dateover50.com

defrain.com *.defrain.com *.smtp.defrain.com

frankhz.co *.frankhz.co *.ww38.frankhz.co

*.ftp.mandala77.vip mandala77.vip *.mandala77.vip

*.a4c3280a-c454-41d8-9dda-25bd075a374f.mecerwise.com *.ai-demo.mecerwise.com mecerwise.com *.mecerwise.com

*.citrix.nanpuu.com nanpuu.com *.nanpuu.com

*.backend.onlinecourses100.site *.ci.onlinecourses100.site *.demo.onlinecourses100.site *.dev.onlinecourses100.site onlinecourses100.site *.onlinecourses100.site *.staging-jenkins.onlinecourses100.site *.staging.onlinecourses100.site *.www.onlinecourses100.site

playmarcet.life *.playmarcet.life *.sitemap.playmarcet.life

*.0afmf.touchcric.xyz *.0u12d.touchcric.xyz *.39ir6.touchcric.xyz *.41facac8-da63-4768-9621-b5d351dfcea3.touchcric.xyz *.87ab5.touchcric.xyz *.8joac.touchcric.xyz *.98d5ad09-8b98-4e3a-9f08-08305b7d0b57.touchcric.xyz *.aowpq.touchcric.xyz *.cnfr9.touchcric.xyz *.gjdvb.touchcric.xyz *.hrka1.touchcric.xyz *.osldc.touchcric.xyz *.pp4gk.touchcric.xyz *.ques8.touchcric.xyz touchcric.xyz *.touchcric.xyz *.vn8e3h.touchcric.xyz *.xyz.touchcric.xyz *.z4gbs.touchcric.xyz *.zl1z8.touchcric.xyz *.zruod.touchcric.xyz

*.kwid9.weeklydiyprojects.xyz weeklydiyprojects.xyz *.weeklydiyprojects.xyz

*.kwid9.xn--9kqy4sc0no20ba.xyz xn--9kqy4sc0no20ba.xyz *.xn--9kqy4sc0no20ba.xyz

*.kwid9.xn--mes358agmidv5a.xyz xn--mes358agmidv5a.xyz *.xn--mes358agmidv5a.xyz

*.rustore.zacisze.com zacisze.com *.zacisze.com