SSL Certificate Analysis for random.pocketknife.au - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=kff51.xyz

Issuer

C=US, O=Let's Encrypt, CN=YR2

Valid From

June 10, 2026

Valid Until

September 08, 2026 84 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

71:BC:5E:6F:FB:81:7F:D6:8E:37:3A:3C:07:7B:70:72:F3:C7:6B:50:63:89:03:5A:D5:EE:64:38:BA:D0:B0:55

Alternative Names

88 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

88 domains

pocketknife.au *.pocketknife.au *.random.pocketknife.au

Other domains in certificate

123vvvv.com *.123vvvv.com *.38.123vvvv.com *.dy45gaowww.123vvvv.com *.infwww.123vvvv.com *.www.123vvvv.com

albuquerque.au *.albuquerque.au

*.admin.amaccess.biz amaccess.biz *.amaccess.biz *.biz.amaccess.biz *.dev.amaccess.biz *.tnbultpmurpanel.amaccess.biz *.user.amaccess.biz *.ww12.amaccess.biz

autonami.co *.autonami.co *.wapstarter.autonami.co

colorhunter.co *.colorhunter.co *.m.colorhunter.co *.wildcard.colorhunter.co *.ww25.colorhunter.co

*.apple.com-recentactivity.com com-recentactivity.com *.com-recentactivity.com

green-ace.com *.green-ace.com *.m.green-ace.com *.mail.green-ace.com

housingbelong-destinationflorence.com *.housingbelong-destinationflorence.com *.random.housingbelong-destinationflorence.com *.ww38.housingbelong-destinationflorence.com

hvacexpertsfairfield.com *.hvacexpertsfairfield.com *.q4i45d.hvacexpertsfairfield.com

indoors.au *.indoors.au

*.52r.kff51.xyz *.98nr.kff51.xyz kff51.xyz *.kff51.xyz *.random.kff51.xyz *.uym6.kff51.xyz

psvb-segeln.at *.psvb-segeln.at

riciclalolio.it *.riciclalolio.it

sandcrab.au *.sandcrab.au

sleeves.au *.sleeves.au

*.1teste.vrautumn.com.br *.bpa.vrautumn.com.br *.brasil.vrautumn.com.br *.caliman.vrautumn.com.br *.colitur.vrautumn.com.br *.cordial.vrautumn.com.br *.expressosaoluiz.vrautumn.com.br *.infraestrutura.vrautumn.com.br *.juina.vrautumn.com.br *.lopesecia.vrautumn.com.br *.moreira.vrautumn.com.br *.ns2.vrautumn.com.br *.ns3.vrautumn.com.br *.paraty.vrautumn.com.br *.pretti.vrautumn.com.br *.saojose.vrautumn.com.br *.saovicente.vrautumn.com.br *.specialbus.vrautumn.com.br *.teste.vrautumn.com.br *.teste2.vrautumn.com.br *.transcotta.vrautumn.com.br *.transmoreira.vrautumn.com.br *.turin.vrautumn.com.br *.unir.vrautumn.com.br *.viacaocetro.vrautumn.com.br *.viagoias.vrautumn.com.br vrautumn.com.br *.vrautumn.com.br

*.kp4gyv.zrzon.com zrzon.com *.zrzon.com