See: -http://exitoesclerosis.com
Detected libraries:
jquery - 1.4.2 : (active1) -http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected
Links to avoid: https://www.mywot.com/en/scorecard/widgeo.net?utm_source=addon&utm_content=warn-viewsc
and https://www.mywot.com/en/scorecard/www.topcpm.com
See: http://killmalware.com/exitoesclerosis.com/#
This link cannot be found: http://toolbar.netcraft.com/site_report?url=https://jqueryrotate.googlecode.com
Poodle vulnerable and abused for DNS manipulation…
Crypto report with vulnerabilities: Certificate is installed correctly
jqueryrotate.googlecode.com
Warnings
RC4
This server uses the RC4 cipher algorithm which is not secure. Disable the RC4 cipher suite and update the server software to support the Advanced Encryption Standard (AES) cipher algorithm. Contact your web server vendor for assistance.
SSLv3
This server uses the SSLv3 protocol which is not secure. Disable the SSLv3 protocol and enable a higher protocol version. Contact your web server vendor for assistance.
RSA remove cross certificates
The certificate chain contains a cross root (primary intermediate) certificate that should be removed. Use Symantec CryptoReport to remove cross root certificates.
Info
BEAST
The BEAST attack is not mitigated on this server.
Certificate information
This server uses an Organizationally Validated (OV) certificate. Information about the site owner has been validated by Google Inc to help secure personal and financial information.
Common name:
*.googlecode.com
SAN:
*.googlecode.com, *.cloud.google.com, *.code.google.com, *.codespot.com, *.developers.google.com, *.gcr.io, *.googlesource.com, *.u.googlecode.com, gcr.io, googlecode.com, googlesource.com
Valid from:
2016-May-18 11:16:47 GMT
Valid to:
2016-Aug-10 10:46:00 GMT
Certificate status:
Valid
Revocation check method:
OCSP
Organization:
Google Inc
Organizational unit:
City/locality:
Mountain View
State/province:
California
Country:
US
Certificate Transparency:
Not embedded in certificate
Serial number:
04af00a86ec30d52
Algorithm type:
SHA256withRSA
Key size:
2048
Certificate chainShow details
GeoTrust Global CAIntermediate certificate
Google Internet Authority G2Intermediate certificate
*.googlecode.comTested certificate
Server configuration
Host name:
173.194.68.82
Server type:
Google Frontend
IP address:
173.194.68.82
Port number:
443
Protocols enabled:
TLS1.2
TLS1.1
TLS1.0
SSLv3
Protocols not enabled:
SSLv2
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Enabled
Next Protocol Negotiation:
Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Not Enabled
RC4:
Enabled
OCSP stapling:
Not Enabled
polonus (volunteer website security analyst and website error-hunter)