SSL FREAK Report

This report identifies hosts that allow the use of SSL/TLS with RSA_EXPORT ciphers (aka “export-grade” encryption).

Hosts with these weakened ciphers can be used in a man-in-the-middle attack, which forces a browser to use a weak export key, which is easily crackable. This is called a FREAK (Factoring RSA Export Keys) attack.

More information on the FREAK attack can be found at https://www.smacktls.com/.

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • port
    Port that the SSL response came from
  • hostname
    Reverse DNS name of the device in question
  • tag
    Report tag (SSL)
  • handshake
    The highest SSL handshake that could be negotiated (TLSv1.2, TLSv1.1, TLSv1.0, SSLv3)
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • cipher_suite
    The highest CipherSuite that was able to be negotiated
  • freak_vulnerable
    If "Y", then the device allowed the use of export-grade ciphers and can be used in a FREAK attack
  • freak_cipher_suite
    The export-grade CipherSuite that was able to be negotiated
  • cert_length
    Certificate Key Length (1024 bit, 2048 bit, etc)
  • subject_common_name
    The Common Name (CN) of the SSL certificate
  • issuer_common_name
    The Common Name of the entity that signed the SSL certificate
  • cert_issue_date
    Date when the SSL certificate became valid
  • cert_expiration_date
    Date when the SSL certificate expires

Sample

"timestamp","ip","port","hostname","tag","handshake","asn","geo","region","city","cipher_suite","cert_length","subject_common_name","issuer_common_name","cert_issue_date","cert_expiration_date","sha1_fingerprint","cert_serial_number","signature_algorithm","key_algorithm","subject_organization_name","subject_organization_unit_name","subject_country","subject_state_or_province_name","subject_locality_name","subject_street_address","subject_postal_code","subject_surname","subject_given_name","subject_email_address","subject_business_category","subject_serial_number","issuer_organization_name","issuer_organization_unit_name","issuer_country","issuer_state_or_province_name","issuer_locality_name","issuer_street_address","issuer_postal_code","issuer_surname","issuer_given_name","issuer_email_address","issuer_business_category","issuer_serial_number","naics","sic","freak_vulnerable","freak_cipher_suite"
"2015-03-07 01:40:19","205.178.184.209",443,"unused.networksolutions.com","ssl","TLSv1.0",19871,"US","FLORIDA","JACKSONVILLE","TLS_RSA_WITH_RC4_128_SHA",2048,"secure.gibsonmoore.net","Network Solutions Certificate Authority","Oct 18 00:00:00 2012 GMT","Oct 18 23:59:59 2016 GMT","E4:E2:6F:19:5C:88:A1:26:A0:A4:69:E6:DE:42:B6:FD:5E:8E:09:30","C16CA8A16545B484098626F6F2541343","sha1WithRSAEncryption","rsaEncryption","Gibson Moore Appellate Services, LLC","Secure Link SSL Pro","US","VA","Richmond","421 East Franklin Street, Suite 230",23219,,,,,,"Network Solutions L.L.C.",,"US",,,,,,,,,,0,0,"Y","TLS_RSA_EXPORT_WITH_RC4_40_MD5"
"2015-03-07 01:40:19","72.246.88.167",443,"a72-246-88-167.deploy.akamaitechnologies.com","ssl","TLSv1.2",20940,"US","MASSACHUSETTS","CAMBRIDGE","TLS_RSA_WITH_AES_256_CBC_SHA",2048,"securepics.ebaystatic.com","Verizon Akamai SureServer CA G14-SHA1","Dec  5 20:40:08 2014 GMT","Dec  5 20:40:07 2015 GMT","08:18:C8:57:30:90:5A:4F:9F:0B:C4:83:7F:1C:8F:6B:7D:05:CA:8A","286BA72F9D7F29E9B8CEE44EB949247C66C18CDB","sha1WithRSAEncryption","rsaEncryption","eBay Inc.","Site Operations","US","CA","San Jose",,,,,,,,"Verizon Enterprise Solutions","Cybertrust","NL",,"Amsterdam",,,,,,,,541511,737101,"Y","TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"
"2015-03-07 01:40:19","207.35.93.117",443,,"ssl","TLSv1.0",577,"CA","BRITISH COLUMBIA","VANCOUVER","TLS_RSA_WITH_RC4_128_SHA",1024,"testeroom.eldoradogold.com","testeroom.eldoradogold.com","Mar  8 22:30:30 2010 GMT","Mar  7 22:30:30 2013 GMT","25:E5:B4:0F:1F:A9:E5:E8:4C:CE:D1:6C:0D:EC:09:23:8B:8F:98:74","6905F7C9C8278AAD4E5E19B2D5BA88D4","sha1WithRSA","rsaEncryption",,,,,,,,,,,,,,,,,,,,,,,,,0,0,"Y","TLS_RSA_EXPORT_WITH_RC4_40_MD5"
"2015-03-07 01:40:19","23.33.18.248",443,"a23-33-18-248.deploy.static.akamaitechnologies.com","ssl","TLSv1.2",2828,"US","TEXAS","DALLAS","TLS_RSA_WITH_AES_256_CBC_SHA",2048,"imgak.mmtcdn.com","GeoTrust SSL CA","Nov  6 08:07:15 2014 GMT","Nov  8 19:53:39 2015 GMT","7E:F1:C6:5C:93:88:36:5E:24:74:7E:05:55:7A:0C:E8:9C:BD:04:C6","03062E","sha1WithRSAEncryption","rsaEncryption","Makemytrip India Pvt Ltd.","E-Commerce Dept.","IN","Haryana","Gurgaon",,,,,,,"8KnsDSvZY0neMloI0rqAbya97vP-W0EA","GeoTrust, Inc.",,"US",,,,,,,,,,541511,737101,"Y","TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"
"2015-03-07 01:40:19","23.6.29.33",443,"a23-6-29-33.deploy.static.akamaitechnologies.com","ssl","TLSv1.2",20940,"US","VIRGINIA","ASHBURN","TLS_RSA_WITH_AES_256_CBC_SHA",2048,"www.bhcosmetics.com","GeoTrust SSL CA","Oct 12 03:22:15 2014 GMT","Dec 14 14:45:23 2015 GMT","3D:D6:C2:3F:A7:2A:A2:BF:26:A2:1B:63:FB:6A:DF:09:7C:B1:2C:25","0301A2","sha1WithRSAEncryption","rsaEncryption","BHCOSMETICS INC","IT","US","California","Burbank",,,,,,,"XNw15ETRVbJHUgM8knaOpgtYLOPyUzgV","GeoTrust, Inc.",,"US",,,,,,,,,,541511,737101,"Y","TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"
"2015-03-07 01:40:19","23.60.88.74",443,"a23-60-88-74.deploy.static.akamaitechnologies.com","ssl","TLSv1.2",3257,"US","ILLINOIS","CHICAGO","TLS_RSA_WITH_AES_256_CBC_SHA",2048,"test-www.cingular.com","Verizon Akamai SureServer CA G14-SHA1","Jan 22 21:48:42 2015 GMT","Jan 22 21:48:40 2016 GMT","0B:C4:FF:C6:87:A3:6D:F1:1A:A6:A1:F4:42:73:43:CA:E5:F1:03:AD","3CC4B211E3060D86C8182F5ED7412B77871B7577","sha1WithRSAEncryption","rsaEncryption","AT&T Services inc","IT","US","MT","Saint Louis",,,,,,,,"Verizon Enterprise Solutions","Cybertrust","NL",,"Amsterdam",,,,,,,,541511,737101,"Y","TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"
"2015-03-07 01:40:19","50.118.93.148",443,,"ssl","TLSv1.0",32392,"US","OHIO","COLUMBUS","TLS_RSA_WITH_RC4_128_SHA",2048,"*.opentransfer.com","COMODO SSL CA","Jun  4 00:00:00 2014 GMT","Jul 20 23:59:59 2015 GMT","5F:71:20:3C:EA:7A:22:A2:07:D8:C2:70:DB:3E:F4:2A:67:FC:E1:D9","221EA22B0624E9C729331C22B1C20CFF","sha1WithRSAEncryption","rsaEncryption",,"COMODO SSL Wildcard",,,,,,,,,,,"COMODO CA Limited",,"GB","Greater Manchester","Salford",,,,,,,,0,0,"Y","TLS_RSA_EXPORT_WITH_RC4_40_MD5"
"2015-03-07 01:40:19","172.226.164.235",443,"a172-226-164-235.deploy.static.akamaitechnologies.com","ssl","TLSv1.2",1239,"US","CALIFORNIA","LOS ANGELES","TLS_RSA_WITH_AES_256_CBC_SHA",2048,"www.nutshellmail.com","GeoTrust SSL CA","Nov  1 19:17:20 2014 GMT","Nov  5 04:08:25 2015 GMT","C1:57:5C:BB:C9:37:99:DE:03:94:66:99:C5:B0:67:41:D1:BA:7A:4E",030566,"sha1WithRSAEncryption","rsaEncryption","Constant Contact, Inc.","Operations","US","Massachusetts","Waltham",,,,,,,"iH6aVeHtbz8JQKBP35UWXVbYolFoqgeL","GeoTrust, Inc.",,"US",,,,,,,,,,541511,737101,"Y","TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"
"2015-03-07 01:40:19","64.131.69.161",443,"vps.simplywebspace.ws","ssl","TLSv1.0",25847,"US","VIRGINIA","RESTON","TLS_RSA_WITH_RC4_128_SHA",2048,"plesk","plesk","Dec 19 15:53:47 2007 GMT","Dec 18 15:53:47 2008 GMT","4D:03:12:8F:9F:3B:28:7B:06:91:FD:0E:47:56:9F:43:09:D3:83:2E","47693E8A","md5WithRSAEncryption","rsaEncryption","SWsoft, Inc.","Plesk","US","Virginia","Herndon",,,,,"info@plesk.com",,,"SWsoft, Inc.","Plesk","US","Virginia","Herndon",,,,,"info@plesk.com",,,0,0,"Y","TLS_RSA_EXPORT_WITH_RC4_40_MD5"
"2015-03-07 01:40:19","76.162.108.223",443,"rev.opentransfer.com.223.108.162.76.in-addr.arpa","ssl","TLSv1.0",32392,"US","OHIO","COLUMBUS","TLS_RSA_WITH_RC4_128_SHA",2048,"*.opentransfer.com","COMODO SSL CA","Jun  4 00:00:00 2014 GMT","Jul 20 23:59:59 2015 GMT","5F:71:20:3C:EA:7A:22:A2:07:D8:C2:70:DB:3E:F4:2A:67:FC:E1:D9","221EA22B0624E9C729331C22B1C20CFF","sha1WithRSAEncryption","rsaEncryption",,"COMODO SSL Wildcard",,,,,,,,,,,"COMODO CA Limited",,"GB","Greater Manchester","Salford",,,,,,,,0,0,"Y","TLS_RSA_EXPORT_WITH_RC4_40_MD5"
"2015-03-07 01:40:19","23.3.176.215",443,"a23-3-176-215.deploy.static.akamaitechnologies.com","ssl","TLSv1.2",8151,"MX","DISTRITO FEDERAL","MEXICO CITY","TLS_RSA_WITH_AES_256_CBC_SHA",2048,"*.wbplay.com","Verizon Akamai SureServer CA G14-SHA1","Jan 21 21:56:08 2015 GMT","Jan 21 21:56:06 2016 GMT","11:A9:F9:EF:9A:76:68:34:DC:A3:26:4E:DA:9C:9D:97:AC:75:1B:44","22C76C8AE00FF4C54F1F352C814CBBFA98014DAD","sha1WithRSAEncryption","rsaEncryption","Turbine, Inc.","N/A","US","MA","Needham",,,,,,,,"Verizon Enterprise Solutions","Cybertrust","NL",,"Amsterdam",,,,,,,,541511,737101,"Y","TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"

Our 73 Report Types