SSL Certificate Analysis for moonhiba.com - Security Grade & TLS Configuration

Certificate Information

Subject

CN=asphalt-paving-au2-dp.click

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

January 31, 2026

Valid Until

May 01, 2026 80 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

46:1B:F8:20:FD:AF:2A:85:C7:90:41:22:D9:74:99:26:3B:4A:82:86:20:E1:29:35:7D:7D:8A:69:E1:E3:0D:A0

Alternative Names

88 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

88 domains

moonhiba.com *.moonhiba.com

Other domains in certificate

17ccmo.com *.17ccmo.com

199vv8.my *.199vv8.my

24784.mobi *.24784.mobi

61492.pictures *.61492.pictures

64341.pictures *.64341.pictures

66956.locker *.66956.locker

71251.loan *.71251.loan

7x12smc.top *.7x12smc.top

85499.locker *.85499.locker

97819.pizza *.97819.pizza

99622.net *.99622.net

99852.net *.99852.net

aphormic.com *.aphormic.com

asphalt-paving-au2-dp.click *.asphalt-paving-au2-dp.click

atkinsonphoto.com *.atkinsonphoto.com

ayearandaday.com *.ayearandaday.com

benefactor.com.au *.benefactor.com.au

bet-v35.com *.bet-v35.com

bitcoininterview.com *.bitcoininterview.com

bitcointothemoon.net *.bitcointothemoon.net

brightpathsupport.org *.brightpathsupport.org

bruteforce.com.au *.bruteforce.com.au

building-x-bundle.com *.building-x-bundle.com

buyzaar.world *.buyzaar.world

c36420e0b1a7f2a0.com *.c36420e0b1a7f2a0.com

cis7777.com *.cis7777.com

ckmnv.tv *.ckmnv.tv

jibika.com *.jibika.com

jiyuugaoka.com *.jiyuugaoka.com

justbusiness.com.au *.justbusiness.com.au

karakawa.com *.karakawa.com

longfeng75.cc *.longfeng75.cc

macierz.com *.macierz.com

mbk05.top *.mbk05.top

mvcak.tv *.mvcak.tv

mywillowglen.com *.mywillowglen.com

ngjad.tv *.ngjad.tv

olamaid.com *.olamaid.com

pf13.top *.pf13.top

pgoqq.cc *.pgoqq.cc

plq9t5m.top *.plq9t5m.top

pnbanh.academy *.pnbanh.academy

pro-infonews.com *.pro-infonews.com