SSL POODLE Report

LAST UPDATED:  2021-11-12

This report identifies hosts that allow the use of SSL v3.0 with cipher-block chaining (CBC) mode ciphers, which are vulnerable to the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack.

See US-CERT alert TA14-290A at: https://www.us-cert.gov/ncas/alerts/TA14-290A for more information on this vulnerability and exploit.

For more details behind the scan methodology and a daily update of global SSL POODLE scan statistics please visit our dedicated SSL POODLE scan page.

For more information on our scanning efforts, check out our Internet scanning summary page.

Filenames: scan_ssl_poodle, scan6_ssl_poodle

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • port
    Port that the SSL response came from
  • hostname
    Reverse DNS name of the device in question
  • tag
    Report tag (SSL)
  • handshake
    The highest SSL handshake that could be negotiated (TLSv1.2, TLSv1.1, TLSv1.0, SSLv3)
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • cipher_suite
    The highest CipherSuite that was able to be negotiated
  • ssl_poodle
    If "Y", then the device completed an SSLv3 handshake that used CBC (Cipher-Block Chaining) CipherSuites, which is vulnerable to a POODLE attack
  • cert_length
    Certificate Key Length (1024 bit, 2048 bit, etc)
  • subject_common_name
    The Common Name (CN) of the SSL certificate
  • issuer_common_name
    The Common Name of the entity that signed the SSL certificate
  • cert_issue_date
    Date when the SSL certificate became valid
  • cert_expiration_date
    Date when the SSL certificate expires

Sample

"timestamp","ip","port","hostname","tag","handshake","asn","geo","region","city","cipher_suite","ssl_poodle","cert_length","subject_common_name","issuer_common_name","cert_issue_date","cert_expiration_date"
"2014-11-16 03:13:52","87.228.223.89",443,"87-223-89.netrunf.cytanet.com.cy","ssl","TLSv1.0",6866,"CY",1,"NICOSIA","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"Thomson TG585 v7","Thomson TG585 v7","Jan  1 00:00:00 2005 GMT","Dec 31 00:00:00 2024 GMT"
"2014-11-16 03:13:52","119.161.34.219",443,,"ssl","TLSv1.0",55455,"AU","NSW","NORTH RYDE","TLS_RSA_WITH_AES_128_CBC_SHA","Y",2048,"*.vmareturns.com.au","Go Daddy Secure Certification Authority","Jul  2 23:17:47 2013 GMT","Aug  1 22:28:50 2015 GMT"
"2014-11-16 03:13:52","201.212.8.219",443,"octodata2.jedy.com.ar","ssl","TLSv1.0",10481,"AR","C","BUENOS AIRES","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"iDRAC6 default certificate","iDRAC6 default certificate","Sep 17 22:47:28 2009 GMT","Sep 15 22:47:28 2019 GMT"
"2014-11-16 03:13:52","2.34.252.97",443,"net-2-34-252-97.cust.vodafonedsl.it","ssl","TLSv1.0",30722,"IT","PD","PADOVA","TLS_RSA_WITH_RC4_128_SHA","Y",2048,"*.mynet.vodafone.it","Vodafone (Secure Networks)","May 16 09:07:08 2014 GMT","May 16 09:07:08 2017 GMT"
"2014-11-16 03:13:52","86.13.183.194",443,"cpc10-colc7-2-0-cust961.7-4.cable.virginm.net","ssl","TLSv1.0",5089,"UK","ESS","COLCHESTER","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"*.device465170.wd2go.com","remotewd.com","Feb  8 22:14:03 2013 GMT","Feb  8 22:14:03 2023 GMT"
"2014-11-16 03:13:52","99.16.128.48",443,"99-16-128-48.lightspeed.crlkil.sbcglobal.net","ssl","TLSv1.0",7018,"US","IL","HINSDALE","TLS_RSA_WITH_RC4_128_SHA","Y",1024,,,"Oct 29 11:33:21 2009 GMT","Oct 29 11:33:21 2010 GMT"
"2014-11-16 03:13:52","103.11.19.76",443,"apps.moko04.com","ssl","TLSv1.2",23818,"JP",13,"TOKYO","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"apps.zlpad04.com","apps.zlpad04.com","Jun 10 11:19:19 2014 GMT","Jun 10 11:19:19 2015 GMT"
"2014-11-16 03:13:52","150.101.206.116",443,"eth885.nsw.adsl.internode.on.net","ssl","TLSv1.2",4739,"AU","NSW","SYDNEY","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"FWF40C3913009779","support","Sep 17 15:38:30 2013 GMT","Jan 19 03:14:07 2038 GMT"
"2014-11-16 03:13:52","93.200.56.232",443,"p5dc838e8.dip0.t-ipconnect.de","ssl","TLSv1.0",3320,"DE","NW","COLOGNE","TLS_RSA_WITH_RC4_128_SHA","Y",1024,"FirstCleanKoeln.homelinux.org","FirstCleanKoeln.homelinux.org","Jan  1 00:00:20 2000 GMT","Mar 18 00:00:20 2015 GMT"
"2014-11-16 03:13:52","99.66.112.150",443,"99-66-112-150.lightspeed.cicril.sbcglobal.net","ssl","TLSv1.0",7018,"US","IL","LINCOLNWOOD","TLS_RSA_WITH_RC4_128_SHA","Y",1024,,,"Oct 29 11:33:21 2009 GMT","Oct 29 11:33:21 2010 GMT"
"2014-11-16 03:13:52","188.66.80.115",443,"mail.ccsltd.co.uk","ssl","TLSv1.0",31655,"UK","BEN","WEMBLEY","TLS_RSA_WITH_AES_128_CBC_SHA","Y",2048,"remote.ccsukltd.co.uk","RapidSSL CA","Jan  6 05:14:19 2013 GMT","Feb  8 10:31:47 2015 GMT"

Our 119 Report Types