Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=xn--3kq82h1tr.com
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
May 19, 2026
Valid Until
August 17, 2026
87 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
0D:98:AC:D8:67:59:E1:69:61:86:70:C5:81:5D:9F:02:B9:EA:D6:12:35:D0:A3:17:6F:86:00:9E:2F:88:C4:A0
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
90 domains
quicktsm.com
*.quicktsm.com
*.sys.quicktsm.com
*.typebot.quicktsm.com
ainipa.net
*.ainipa.net
*.com.ainipa.net
bankofcolorado.co
*.bankofcolorado.co
*.integration-pipeline.bankofcolorado.co
*.sipexternal.bankofcolorado.co
*.smtp-1.bankofcolorado.co
*.wap.bankofcolorado.co
designworkbyacs.com
*.designworkbyacs.com
*.f87b84e4-c527-405f-8a90-3e79a907f31a.designworkbyacs.com
hashkey613.com
*.hashkey613.com
jaca.info
*.jaca.info
*.random.jaca.info
*.wildcard.jaca.info
kalinga.co
*.kalinga.co
minihumanoid.com
*.minihumanoid.com
mobileagent.org
*.mobileagent.org
mwekoo3wnubmzb.cc
*.mwekoo3wnubmzb.cc
nbmarshell.com
*.nbmarshell.com
ofacz.loan
*.ofacz.loan
*.grumium.office-matoba.net
office-matoba.net
*.office-matoba.net
*.slc-b-origin-posprivate.office-matoba.net
*.ww99.office-matoba.net
pizzaart.eu
*.pizzaart.eu
platime.co
*.platime.co
radiantseeker92.shop
*.radiantseeker92.shop
rajbetcasinoonline.top
*.rajbetcasinoonline.top
realtimeracetrac.com
*.realtimeracetrac.com
redapp.co
*.redapp.co
*.admin.redrube.co
redrube.co
*.redrube.co
rpjpfl.cc
*.rpjpfl.cc
*.random.shinynewgadgets.com
shinynewgadgets.com
*.shinynewgadgets.com
*.ww38.shinynewgadgets.com
*.www.shinynewgadgets.com
*.client.usmail.com
usmail.com
*.usmail.com
*.cpcalendars.wolfpastiwin.com
*.f8970609-66cd-46ca-8a3a-04581d61c8c3.wolfpastiwin.com
*.ftp.wolfpastiwin.com
*.webmail.wolfpastiwin.com
*.whm.wolfpastiwin.com
wolfpastiwin.com
*.wolfpastiwin.com
*.admin.xn--3kq82h1tr.com
xn--3kq82h1tr.com
*.xn--3kq82h1tr.com
xn--davidcario-19a.com
*.xn--davidcario-19a.com
*.apps.xn--fhqy4yp1bj11d5yc.com
*.cloud.xn--fhqy4yp1bj11d5yc.com
*.gateway.xn--fhqy4yp1bj11d5yc.com
*.m.xn--fhqy4yp1bj11d5yc.com
*.rds.xn--fhqy4yp1bj11d5yc.com
*.rdweb.xn--fhqy4yp1bj11d5yc.com
*.remote.xn--fhqy4yp1bj11d5yc.com
*.sitemaps.xn--fhqy4yp1bj11d5yc.com
*.vpn.xn--fhqy4yp1bj11d5yc.com
xn--fhqy4yp1bj11d5yc.com
*.xn--fhqy4yp1bj11d5yc.com
*.shop.youjozz.co
youjozz.co
*.youjozz.co
Other domains in certificate