Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=nanhko.net
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
April 24, 2026
Valid Until
July 23, 2026
61 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
33:A8:53:41:A7:01:93:FF:16:CD:B0:51:27:80:E4:44:95:BE:57:F7:4A:D0:63:54:A4:3F:EF:B3:84:C4:44:6D
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
90 domains
supremeoak.com
*.supremeoak.com
*.a.supremeoak.com
*.api.betflik666k.live
*.backend.betflik666k.live
betflik666k.live
*.betflik666k.live
*.demo.betflik666k.live
*.dev.betflik666k.live
*.staging.betflik666k.live
*.betting.bettwenty.vip
bettwenty.vip
*.bettwenty.vip
*.hostmaster.bettwenty.vip
binarium.live
*.binarium.live
*.mail.binarium.live
goodwincollege.com
*.goodwincollege.com
*.mailserver.goodwincollege.com
*.ww25.goodwincollege.com
*.ww38.goodwincollege.com
*.acc-shinobi.nanhko.net
*.colong.nanhko.net
*.cuuvi.nanhko.net
*.hoachi.nanhko.net
*.hocvienninja.nanhko.net
*.mulegend.nanhko.net
nanhko.net
*.nanhko.net
*.pay-thienkiem.nanhko.net
*.picaht.nanhko.net
*.pnmobile.nanhko.net
*.saiyanlegend.nanhko.net
*.shinobi.nanhko.net
*.sieuthanthu.nanhko.net
*.thanhchien.nanhko.net
*.thanma2d.nanhko.net
*.thanthudaichien.nanhko.net
*.1eea9d90-db54-441a-b54e-1a97ef7abf23.resistiv.com
resistiv.com
*.resistiv.com
*.m.romabet1031.com
romabet1031.com
*.romabet1031.com
*.sitemaps.romabet1031.com
teenpattihearts-vip.com
*.teenpattihearts-vip.com
*.vietnamese.teenpattihearts-vip.com
*.m.trulygreenrv.com
trulygreenrv.com
*.trulygreenrv.com
*.pay.vanoma.shop
vanoma.shop
*.vanoma.shop
*.41ef3784-9f38-429b-9228-5836220393dd.verified.locker
*.823069d9-d3a9-478b-88d0-89a8112c023d.verified.locker
*.a9174bd2-a762-44fe-a7bf-d4f5ee754dce.verified.locker
*.admin.verified.locker
*.api.verified.locker
*.assets.verified.locker
*.backup.verified.locker
*.boutique.verified.locker
*.d072716b-3a74-4496-9e77-9fe916b96de2.verified.locker
*.dashboard.verified.locker
*.demo.verified.locker
*.dev.verified.locker
*.ff0f3479-4d9c-4194-90f3-7ada951c60cf.verified.locker
*.hostmaster.verified.locker
*.idtmbbackup.verified.locker
*.mail.verified.locker
*.mailer.verified.locker
*.marketing.verified.locker
*.portal.verified.locker
*.qa.verified.locker
*.secure.verified.locker
*.sohjkstg.verified.locker
*.staging.verified.locker
*.stg.verified.locker
*.test.verified.locker
*.uat.verified.locker
*.v1.verified.locker
*.v2.verified.locker
verified.locker
*.verified.locker
*.web.verified.locker
*.catalog.zackarysholemberger.art
*.m.zackarysholemberger.art
zackarysholemberger.art
*.zackarysholemberger.art
Other domains in certificate