SSL Certificate Analysis for random.nftath.com - Security Grade & TLS Configuration

Open Cached · 5h ago

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=tlsp05.xyz

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

May 20, 2026

Valid Until

August 18, 2026 73 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

82:69:DB:CE:B2:96:6C:C2:37:76:11:13:6F:30:A4:4A:80:38:A4:AF:FF:B6:6E:C1:B5:20:32:FD:58:C3:7E:FA

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

nftath.com *.nftath.com *.random.nftath.com

Other domains in certificate

*.aee73f46-938a-48a2-96a0-ca5371dd7d0b.dallasconcerts2026.com dallasconcerts2026.com *.dallasconcerts2026.com *.hostmaster.dallasconcerts2026.com *.remote.dallasconcerts2026.com *.www.dallasconcerts2026.com

*.admin.furbini.it *.app.furbini.it *.dev.furbini.it furbini.it *.furbini.it

*.gjdvb.ketuaparis77.xyz *.hgsq5.ketuaparis77.xyz ketuaparis77.xyz *.ketuaparis77.xyz *.members.ketuaparis77.xyz *.osldc.ketuaparis77.xyz *.tpxa3.ketuaparis77.xyz

*.1578914e-4737-419a-9aa9-6434440dafde.koko99.sbs koko99.sbs *.koko99.sbs *.sitemap.koko99.sbs

*.app.kynu.it *.cpanel.kynu.it *.cpcalendars.kynu.it *.cpcontacts.kynu.it kynu.it *.kynu.it *.webdisk.kynu.it *.www.kynu.it

*.api.nexiasqetrnia.com nexiasqetrnia.com *.nexiasqetrnia.com *.sitemap.nexiasqetrnia.com *.www.nexiasqetrnia.com

*.hostmaster.nftsmartwatch.com *.metric.nftsmartwatch.com *.mta-sts.nftsmartwatch.com nftsmartwatch.com *.nftsmartwatch.com *.www.nftsmartwatch.com

*.qeqbn.rongfengkeji.com.cn rongfengkeji.com.cn *.rongfengkeji.com.cn

*.0712.tlsp05.xyz *.0713140.tlsp05.xyz *.0714.tlsp05.xyz *.0714090.tlsp05.xyz *.0715.tlsp05.xyz *.0727160.tlsp05.xyz *.0807150.tlsp05.xyz *.0808151.tlsp05.xyz *.0809171.tlsp05.xyz *.0818160.tlsp05.xyz *.0818171.tlsp05.xyz *.0820161.tlsp05.xyz *.0826151.tlsp05.xyz *.0830020.tlsp05.xyz *.0902070.tlsp05.xyz *.0903181.tlsp05.xyz *.0908180.tlsp05.xyz *.0909080.tlsp05.xyz *.0911.tlsp05.xyz *.1003.tlsp05.xyz *.110712.tlsp05.xyz *.land.tlsp05.xyz tlsp05.xyz *.tlsp05.xyz

*.sitemap.twoup-emails2.com twoup-emails2.com *.twoup-emails2.com

*.assets.wholesaletous.com *.demo.wholesaletous.com *.hostmaster.wholesaletous.com *.intranet.wholesaletous.com *.nextcloud.wholesaletous.com *.portal.wholesaletous.com *.store.wholesaletous.com *.test.wholesaletous.com *.webdisk.wholesaletous.com *.webmail.wholesaletous.com wholesaletous.com *.wholesaletous.com *.ww17.wholesaletous.com

*.23b5fafe.wu3a4s6.top wu3a4s6.top *.wu3a4s6.top