SSL Certificate Analysis for shish.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=bigsloto.cc

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

December 21, 2025

Valid Until

March 21, 2026 58 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

C4:EB:A3:6B:7F:EE:5B:0F:99:A5:5F:9A:CD:55:59:23:85:8D:ED:29:0F:F6:AB:B9:59:5A:0B:05:2D:B4:F8:54

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

shish.com *.shish.com *.correo.shish.com *.correu.shish.com *.disrationhub.shish.com *.ex02.shish.com *.exchange.shish.com *.la.shish.com *.li.shish.com *.mail3.shish.com *.msexch2k13.shish.com *.newmail2013.shish.com *.ogrencieposta.shish.com *.outlook.shish.com *.smoke.shish.com *.smtpa.shish.com *.static.shish.com *.webmail05.shish.com *.ww41.shish.com

Other domains in certificate

bigsloto.cc *.bigsloto.cc *.data.bigsloto.cc *.ww25.bigsloto.cc *.ww38.bigsloto.cc

*.api.clickhead.me clickhead.me *.clickhead.me *.ww25.clickhead.me

edelweissrestaurant.co.uk *.edelweissrestaurant.co.uk *.ww25.edelweissrestaurant.co.uk

*.acupunturapcpanel.euroshield.xyz *.aqx.euroshield.xyz *.bg.euroshield.xyz *.bv.euroshield.xyz *.da.euroshield.xyz *.dkza.euroshield.xyz euroshield.xyz *.euroshield.xyz *.fdvo.euroshield.xyz *.fzxt.euroshield.xyz *.grev.euroshield.xyz *.gsx.euroshield.xyz *.gsyip.euroshield.xyz *.gur.euroshield.xyz *.gvqz.euroshield.xyz *.hostmaster.euroshield.xyz *.hypwr.euroshield.xyz *.kevv.euroshield.xyz *.mnry.euroshield.xyz *.nl.euroshield.xyz *.nyft.euroshield.xyz *.pif.euroshield.xyz *.qu.euroshield.xyz *.ragy.euroshield.xyz *.rm.euroshield.xyz *.tgg.euroshield.xyz *.tlhf.euroshield.xyz *.tsw.euroshield.xyz *.us.euroshield.xyz *.vmvih.euroshield.xyz *.vw.euroshield.xyz *.web.euroshield.xyz *.webdisk.euroshield.xyz *.wmny.euroshield.xyz *.wntgk.euroshield.xyz *.wug.euroshield.xyz *.ww25.euroshield.xyz *.ww7.euroshield.xyz *.yke.euroshield.xyz *.ytqwk.euroshield.xyz *.yuwii.euroshield.xyz *.zuh.euroshield.xyz

lowtemperaturefreezer513389.icu *.lowtemperaturefreezer513389.icu

*.aaa.yuedu.com *.api.yuedu.com *.crm.yuedu.com *.daoke.yuedu.com *.ir.yuedu.com *.ji.yuedu.com *.open.yuedu.com *.qingsong.yuedu.com *.qq.yuedu.com *.sense.yuedu.com *.so.yuedu.com *.ww.yuedu.com *.wx.yuedu.com yuedu.com *.yuedu.com