SSL FREAK Report

LAST UPDATED:  2021-11-12

This report identifies hosts that allow the use of SSL/TLS with RSA_EXPORT ciphers (aka “export-grade” encryption).

Hosts with these weakened ciphers can be used in a man-in-the-middle attack, which forces a browser to use a weak export key, which is easily crackable. This is called a FREAK (Factoring RSA Export Keys) attack.

More information on the FREAK attack can be found at https://www.smacktls.com/.

For more details behind the scan methodology and a daily update of global FREAK scan statistics please visit our dedicated FREAK scan page.

For more information on our scanning efforts, check out our Internet scanning summary page.

This report comes in 2 versions, IPv4 and IPv6.

Filenames: scan_ssl_freak, scan6_ssl_freak

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • port
    Port that the SSL response came from
  • hostname
    Reverse DNS name of the device in question
  • tag
    Report tag (SSL)
  • handshake
    The highest SSL handshake that could be negotiated (TLSv1.2, TLSv1.1, TLSv1.0, SSLv3)
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • cipher_suite
    The highest CipherSuite that was able to be negotiated
  • freak_vulnerable
    If "Y", then the device allowed the use of export-grade ciphers and can be used in a FREAK attack
  • freak_cipher_suite
    The export-grade CipherSuite that was able to be negotiated
  • cert_length
    Certificate Key Length (1024 bit, 2048 bit, etc)
  • subject_common_name
    The Common Name (CN) of the SSL certificate
  • issuer_common_name
    The Common Name of the entity that signed the SSL certificate
  • cert_issue_date
    Date when the SSL certificate became valid
  • cert_expiration_date
    Date when the SSL certificate expires

Sample

"timestamp","ip","port","hostname","tag","handshake","asn","geo","region","city","cipher_suite","cert_length","subject_common_name","issuer_common_name","cert_issue_date","cert_expiration_date","sha1_fingerprint","cert_serial_number","signature_algorithm","key_algorithm","subject_organization_name","subject_organization_unit_name","subject_country","subject_state_or_province_name","subject_locality_name","subject_street_address","subject_postal_code","subject_surname","subject_given_name","subject_email_address","subject_business_category","subject_serial_number","issuer_organization_name","issuer_organization_unit_name","issuer_country","issuer_state_or_province_name","issuer_locality_name","issuer_street_address","issuer_postal_code","issuer_surname","issuer_given_name","issuer_email_address","issuer_business_category","issuer_serial_number","naics","sic","freak_vulnerable","freak_cipher_suite"
"2015-03-07 01:40:19","205.178.184.209",443,"unused.networksolutions.com","ssl","TLSv1.0",19871,"US","FLORIDA","JACKSONVILLE","TLS_RSA_WITH_RC4_128_SHA",2048,"secure.gibsonmoore.net","Network Solutions Certificate Authority","Oct 18 00:00:00 2012 GMT","Oct 18 23:59:59 2016 GMT","E4:E2:6F:19:5C:88:A1:26:A0:A4:69:E6:DE:42:B6:FD:5E:8E:09:30","C16CA8A16545B484098626F6F2541343","sha1WithRSAEncryption","rsaEncryption","Gibson Moore Appellate Services, LLC","Secure Link SSL Pro","US","VA","Richmond","421 East Franklin Street, Suite 230",23219,,,,,,"Network Solutions L.L.C.",,"US",,,,,,,,,,0,0,"Y","TLS_RSA_EXPORT_WITH_RC4_40_MD5"
"2015-03-07 01:40:19","72.246.88.167",443,"a72-246-88-167.deploy.akamaitechnologies.com","ssl","TLSv1.2",20940,"US","MASSACHUSETTS","CAMBRIDGE","TLS_RSA_WITH_AES_256_CBC_SHA",2048,"securepics.ebaystatic.com","Verizon Akamai SureServer CA G14-SHA1","Dec  5 20:40:08 2014 GMT","Dec  5 20:40:07 2015 GMT","08:18:C8:57:30:90:5A:4F:9F:0B:C4:83:7F:1C:8F:6B:7D:05:CA:8A","286BA72F9D7F29E9B8CEE44EB949247C66C18CDB","sha1WithRSAEncryption","rsaEncryption","eBay Inc.","Site Operations","US","CA","San Jose",,,,,,,,"Verizon Enterprise Solutions","Cybertrust","NL",,"Amsterdam",,,,,,,,541511,737101,"Y","TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"
"2015-03-07 01:40:19","207.35.93.117",443,,"ssl","TLSv1.0",577,"CA","BRITISH COLUMBIA","VANCOUVER","TLS_RSA_WITH_RC4_128_SHA",1024,"testeroom.eldoradogold.com","testeroom.eldoradogold.com","Mar  8 22:30:30 2010 GMT","Mar  7 22:30:30 2013 GMT","25:E5:B4:0F:1F:A9:E5:E8:4C:CE:D1:6C:0D:EC:09:23:8B:8F:98:74","6905F7C9C8278AAD4E5E19B2D5BA88D4","sha1WithRSA","rsaEncryption",,,,,,,,,,,,,,,,,,,,,,,,,0,0,"Y","TLS_RSA_EXPORT_WITH_RC4_40_MD5"
"2015-03-07 01:40:19","23.33.18.248",443,"a23-33-18-248.deploy.static.akamaitechnologies.com","ssl","TLSv1.2",2828,"US","TEXAS","DALLAS","TLS_RSA_WITH_AES_256_CBC_SHA",2048,"imgak.mmtcdn.com","GeoTrust SSL CA","Nov  6 08:07:15 2014 GMT","Nov  8 19:53:39 2015 GMT","7E:F1:C6:5C:93:88:36:5E:24:74:7E:05:55:7A:0C:E8:9C:BD:04:C6","03062E","sha1WithRSAEncryption","rsaEncryption","Makemytrip India Pvt Ltd.","E-Commerce Dept.","IN","Haryana","Gurgaon",,,,,,,"8KnsDSvZY0neMloI0rqAbya97vP-W0EA","GeoTrust, Inc.",,"US",,,,,,,,,,541511,737101,"Y","TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"
"2015-03-07 01:40:19","23.6.29.33",443,"a23-6-29-33.deploy.static.akamaitechnologies.com","ssl","TLSv1.2",20940,"US","VIRGINIA","ASHBURN","TLS_RSA_WITH_AES_256_CBC_SHA",2048,"www.bhcosmetics.com","GeoTrust SSL CA","Oct 12 03:22:15 2014 GMT","Dec 14 14:45:23 2015 GMT","3D:D6:C2:3F:A7:2A:A2:BF:26:A2:1B:63:FB:6A:DF:09:7C:B1:2C:25","0301A2","sha1WithRSAEncryption","rsaEncryption","BHCOSMETICS INC","IT","US","California","Burbank",,,,,,,"XNw15ETRVbJHUgM8knaOpgtYLOPyUzgV","GeoTrust, Inc.",,"US",,,,,,,,,,541511,737101,"Y","TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"
"2015-03-07 01:40:19","23.60.88.74",443,"a23-60-88-74.deploy.static.akamaitechnologies.com","ssl","TLSv1.2",3257,"US","ILLINOIS","CHICAGO","TLS_RSA_WITH_AES_256_CBC_SHA",2048,"test-www.cingular.com","Verizon Akamai SureServer CA G14-SHA1","Jan 22 21:48:42 2015 GMT","Jan 22 21:48:40 2016 GMT","0B:C4:FF:C6:87:A3:6D:F1:1A:A6:A1:F4:42:73:43:CA:E5:F1:03:AD","3CC4B211E3060D86C8182F5ED7412B77871B7577","sha1WithRSAEncryption","rsaEncryption","AT&T Services inc","IT","US","MT","Saint Louis",,,,,,,,"Verizon Enterprise Solutions","Cybertrust","NL",,"Amsterdam",,,,,,,,541511,737101,"Y","TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"
"2015-03-07 01:40:19","50.118.93.148",443,,"ssl","TLSv1.0",32392,"US","OHIO","COLUMBUS","TLS_RSA_WITH_RC4_128_SHA",2048,"*.opentransfer.com","COMODO SSL CA","Jun  4 00:00:00 2014 GMT","Jul 20 23:59:59 2015 GMT","5F:71:20:3C:EA:7A:22:A2:07:D8:C2:70:DB:3E:F4:2A:67:FC:E1:D9","221EA22B0624E9C729331C22B1C20CFF","sha1WithRSAEncryption","rsaEncryption",,"COMODO SSL Wildcard",,,,,,,,,,,"COMODO CA Limited",,"GB","Greater Manchester","Salford",,,,,,,,0,0,"Y","TLS_RSA_EXPORT_WITH_RC4_40_MD5"
"2015-03-07 01:40:19","172.226.164.235",443,"a172-226-164-235.deploy.static.akamaitechnologies.com","ssl","TLSv1.2",1239,"US","CALIFORNIA","LOS ANGELES","TLS_RSA_WITH_AES_256_CBC_SHA",2048,"www.nutshellmail.com","GeoTrust SSL CA","Nov  1 19:17:20 2014 GMT","Nov  5 04:08:25 2015 GMT","C1:57:5C:BB:C9:37:99:DE:03:94:66:99:C5:B0:67:41:D1:BA:7A:4E",030566,"sha1WithRSAEncryption","rsaEncryption","Constant Contact, Inc.","Operations","US","Massachusetts","Waltham",,,,,,,"iH6aVeHtbz8JQKBP35UWXVbYolFoqgeL","GeoTrust, Inc.",,"US",,,,,,,,,,541511,737101,"Y","TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"
"2015-03-07 01:40:19","64.131.69.161",443,"vps.simplywebspace.ws","ssl","TLSv1.0",25847,"US","VIRGINIA","RESTON","TLS_RSA_WITH_RC4_128_SHA",2048,"plesk","plesk","Dec 19 15:53:47 2007 GMT","Dec 18 15:53:47 2008 GMT","4D:03:12:8F:9F:3B:28:7B:06:91:FD:0E:47:56:9F:43:09:D3:83:2E","47693E8A","md5WithRSAEncryption","rsaEncryption","SWsoft, Inc.","Plesk","US","Virginia","Herndon",,,,,"info@plesk.com",,,"SWsoft, Inc.","Plesk","US","Virginia","Herndon",,,,,"info@plesk.com",,,0,0,"Y","TLS_RSA_EXPORT_WITH_RC4_40_MD5"
"2015-03-07 01:40:19","76.162.108.223",443,"rev.opentransfer.com.223.108.162.76.in-addr.arpa","ssl","TLSv1.0",32392,"US","OHIO","COLUMBUS","TLS_RSA_WITH_RC4_128_SHA",2048,"*.opentransfer.com","COMODO SSL CA","Jun  4 00:00:00 2014 GMT","Jul 20 23:59:59 2015 GMT","5F:71:20:3C:EA:7A:22:A2:07:D8:C2:70:DB:3E:F4:2A:67:FC:E1:D9","221EA22B0624E9C729331C22B1C20CFF","sha1WithRSAEncryption","rsaEncryption",,"COMODO SSL Wildcard",,,,,,,,,,,"COMODO CA Limited",,"GB","Greater Manchester","Salford",,,,,,,,0,0,"Y","TLS_RSA_EXPORT_WITH_RC4_40_MD5"
"2015-03-07 01:40:19","23.3.176.215",443,"a23-3-176-215.deploy.static.akamaitechnologies.com","ssl","TLSv1.2",8151,"MX","DISTRITO FEDERAL","MEXICO CITY","TLS_RSA_WITH_AES_256_CBC_SHA",2048,"*.wbplay.com","Verizon Akamai SureServer CA G14-SHA1","Jan 21 21:56:08 2015 GMT","Jan 21 21:56:06 2016 GMT","11:A9:F9:EF:9A:76:68:34:DC:A3:26:4E:DA:9C:9D:97:AC:75:1B:44","22C76C8AE00FF4C54F1F352C814CBBFA98014DAD","sha1WithRSAEncryption","rsaEncryption","Turbine, Inc.","N/A","US","MA","Needham",,,,,,,,"Verizon Enterprise Solutions","Cybertrust","NL",,"Amsterdam",,,,,,,,541511,737101,"Y","TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"

Our 129 Report Types