"Exploitation/CLOUDFLARE" By Sneakyone12 (https://pastebin.com/u/Sneakyone12) URL: https://pastebin.com/T2tL18fJ Created on: Tuesday 12th of May 2015 06:51:04 AM CDT Retrieved on: Saturday 31 of October 2020 06:10:26 AM UTC We Are Anonymous We Are Legion We do not Forget We do not forgive Expect us.................. Rise of the Hacktivist Legion.. A mild Exploitation of @Cloudflare @55% Cloudflare Habours alot of Terrorist's from ISIS to Govt State Terrorist's " ISIS / Manufactured by C.I.A & ISRAEL . Shame on you CloudFlare _ MoNeY isnt EvErYtHiNg ???????? https://www.cloudflare.com www.cloudflare.com. CNAME www.cloudflare.com.cdn.cloudflare.net. -- IP Address : 198.41.215.163 -- scan report for www.cloudflare.com (198.41.215.163) Host is up (0.047s latency). PORT STATE SERVICE 80/tcp open http 443/tcp open https << ssl cert >> --- Server Type: cloudflare-nginx Name Servers ------------/ dns2.cloudflare.com: 173.245.58.99 -- scan report for dns2.cloudflare.com (173.245.58.99) Host is up (0.045s latency). PORT STATE SERVICE 53/tcp open domain 80/tcp open http -- dns3.cloudflare.com: 173.245.59.99 -- scan report for dns3.cloudflare.com (173.245.59.99) Host is up (0.030s latency). PORT STATE SERVICE 53/tcp open domain 80/tcp open http -- MD5 sum of host name: 4cd5827f483e692e3ee51d80e5f1df22 SHA1 sum of host name: fa814b76205f9382ff6c748b7dd89752799bc802 SHA256 sum of host name: 74130461ec0faa56970890eeab7b3bee120d904dc3360c858b30556bfaa4bc68 ---- http://cloudflare.com [302] HttpOnly[__cfduid], cloudflare, Cookies[__cfduid], HTTPServer[cloudflare-nginx], IP[198.41.215.163], RedirectLocation[https://www.cloudflare.com/], UncommonHeaders[cf-ray], Via-Proxy[1.1 BC2-ACLD] --- HTTP Headers for www.cloudflare.com ============== HTTP/1.1 301 Moved Permanently Date: Tue, 12 May 2015 08:04:11 GMT Content-Type: text/html Connection: close Set-Cookie: __cfduid=d9def7d23c09d2f328b13c2e7956df4551431417851; expires=Wed, 11-May-16 08:04:11 GMT; path=/; domain=.cloudflare.com; HttpOnly Location: https://www.cloudflare.com/ CF-Cache-Status: HIT Expires: Tue, 12 May 2015 12:04:11 GMT Cache-Control: public, max-age=14400 Server: cloudflare-nginx CF-RAY: 1e549c86ae120f2d-IAD -----------------------------/ [*] A www.cloudflare.com 198.41.215.163 [*] CNAME www.cloudflare.com www.cloudflare.com.cdn.cloudflare.net [*] AAAA www.cloudflare.com.cdn.cloudflare.net 2400:cb00:2048:1::c629:d6a3 [*] AAAA www.cloudflare.com.cdn.cloudflare.net 2400:cb00:2048:1::c629:d7a3 --------------------------------------------------------------------------------/ EXPLOITS: WWW.CLOUDFLARE.COM / 198.41.215.163 . =============================================// Testing SSL server 198.41.215.163 on port 443 ----------------www.cloudflare.com. CNAME www.cloudflare.com.cdn.cloudflare.net. -----------------------------/ Supported Server Cipher(s): - Accepted TLSv1 256 bits AES256-SHA - Accepted TLSv1 128 bits AES128-SHA - Accepted TLSv1 168 bits DES-CBC3-SHA - Prefered Server Cipher(s): TLSv1 128 bits AES128-SHA SSL Certificate: Version: 2 Serial Number: -4294967295 Signature Algorithm: sha1WithRSAEncryption Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Extended Validation Secure Server CA Not valid before: Jan 5 00:00:00 2015 GMT Not valid after: Dec 31 23:59:59 2015 GMT Subject: /serialNumber=4710875/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.5.4.15=Private Organization/C=US/postalCode=94107/ST=CA/L=San Francisco/streetAddress=665 Third Street/O=CloudFlare, Inc./OU=CloudFlare Security/OU=COMODO EV Multi-Domain SSL Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:de:b2:06:be:f9:2b:15:14:34:c6:ad:99:c2:ff: 2a:2f:0a:dd:9d:a4:98:13:2a:e6:4f:bd:1b:67:f2: 56:2a:bb:10:1f:91:b2:df:91:60:20:c8:3b:03:9f: f4:56:f9:ab:cd:b2:30:2f:c2:2c:8b:b7:6b:d8:5d: fa:d7:c8:4d:c2:76:56:19:4b:61:15:3d:5d:93:d5: c9:9e:77:c9:50:fc:eb:b6:ef:88:db:1d:2a:d3:35: 58:ce:34:16:e2:bf:48:6f:76:30:b8:82:3c:65:83: f8:b9:29:73:1c:c3:e6:73:d9:c4:6b:8b:66:19:0f: 8c:15:e9:54:d8:b0:59:9c:97:01:20:fb:70:a4:12: 67:92:a7:81:cd:62:00:d9:2b:c5:46:0b:db:9d:f2: ab:6b:2a:23:6a:6f:0e:37:9d:a7:f0:6e:4c:5f:15: e7:35:31:46:5c:9e:51:07:ee:65:f1:19:66:c4:ba: 54:6c:87:28:ed:8a:7e:b2:6b:0c:ec:fb:5e:30:71: d1:b7:25:89:85:b7:6d:98:bf:55:cc:4f:f9:0d:64: 39:72:ce:76:d8:8b:11:93:1b:b8:bf:68:54:75:c2: 8b:b1:4a:1b:06:48:02:0b:f1:c6:ea:4b:42:e2:1d: 40:8f:7e:18:b4:a9:0a:b4:a2:40:9c:24:e1:33:aa: a8:e1 Exponent: 65537 (0x10001) X509v3 Extensions: X509v3 Authority Key Identifier: keyid:88:44:51:FF:50:2A:69:5E:2D:88:F4:21:BA:D9:0C:F2:CE:CB:EA:7C X509v3 Subject Key Identifier: C9:E0:D0:0C:51:76:F7:35:B3:15:26:ED:8D:B5:F0:BB:96:5D:AB:BA X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.6449.1.2.1.5.1 CPS: https://secure.comodo.com/CPS X509v3 CRL Distribution Points: URI:http://crl.comodoca.com/COMODOExtendedValidationSecureServerCA.crl Authority Information Access: CA Issuers - URI:http://crt.comodoca.com/COMODOExtendedValidationSecureServerCA.crt OCSP - URI:http://ocsp.comodoca.com X509v3 Subject Alternative Name: DNS:cloudflare.com, DNS:www.cloudflare.com 1.3.6.1.4.1.11129.2.4.2: ......u.h....d..:...(.L.qQ]g..D. g..OO.....J.%.......F0D. 9.Q....m.|(.k..z....?. j.v..^Oi.. WN..x?.vI~.QTQ.H7...-g:.5pQ.H.0..v.......X......gp ..3.;.5...j..B.yth.!..v........+T.zO..GL..u..28..g.... ="....c[khrf --------------------------------------------------------------------------------/ This is the information about the SSL certificate used in the target site: == Certificate information == {'notAfter': 'Dec 31 23:59:59 2015 GMT', 'subject': ((('serialNumber', u'4710875'),), (('1.3.6.1.4.1.311.60.2.1.3', u'US'),), (('1.3.6.1.4.1.311.60.2.1.2', u'Delaware'),), (('2.5.4.15', u'Private Organization'),), (('countryName', u'US'),), (('postalCode', u'94107'),), (('stateOrProvinceName', u'CA'),), (('localityName', u'San Francisco'),), (('streetAddress', u'665 Third Street'),), (('organizationName', u'CloudFlare, Inc.'),), (('organizationalUnitName', u'CloudFlare Security'),), (('organizationalUnitName', u'COMODO EV Multi-Domain SSL'),)), 'subjectAltName': (('DNS', 'cloudflare.com'), ('DNS', 'www.cloudflare.com'))} == Used cipher == ('AES128-SHA', 'TLSv1/SSLv3', 128) == Certificate dump == -----BEGIN CERTIFICATE----- MIIHFDCCBfygAwIBAgIQXu3lLLTt9p4yFCuxChTXSTANBgkqhkiG9w0BAQUFADCB jjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNDAyBgNV BAMTK0NPTU9ETyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0Ew HhcNMTUwMTA1MDAwMDAwWhcNMTUxMjMxMjM1OTU5WjCCARwxEDAOBgNVBAUTBzQ3 MTA4NzUxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs YXdhcmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMQswCQYDVQQGEwJV UzEOMAwGA1UEERMFOTQxMDcxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJh bmNpc2NvMRkwFwYDVQQJExA2NjUgVGhpcmQgU3RyZWV0MRkwFwYDVQQKExBDbG91 ZEZsYXJlLCBJbmMuMRwwGgYDVQQLExNDbG91ZEZsYXJlIFNlY3VyaXR5MSMwIQYD VQQLExpDT01PRE8gRVYgTXVsdGktRG9tYWluIFNTTDCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAN6yBr75KxUUNMatmcL/Ki8K3Z2kmBMq5k+9G2fyViq7 EB+Rst+RYCDIOwOf9Fb5q82yMC/CLIu3a9hd+tfITcJ2VhlLYRU9XZPVyZ53yVD8 67bviNsdKtM1WM40FuK/SG92MLiCPGWD+LkpcxzD5nPZxGuLZhkPjBXpVNiwWZyX ASD7cKQSZ5Kngc1iANkrxUYL253yq2sqI2pvDjedp/BuTF8V5zUxRlyeUQfuZfEZ ZsS6VGyHKO2KfrJrDOz7XjBx0bcliYW3bZi/VcxP+Q1kOXLOdtiLEZMbuL9oVHXC i7FKGwZIAgvxxupLQuIdQI9+GLSpCrSiQJwk4TOqqOECAwEAAaOCAtswggLXMB8G A1UdIwQYMBaAFIhEUf9QKmleLYj0IbrZDPLOy+p8MB0GA1UdDgQWBBTJ4NAMUXb3 NbMVJu2NtfC7ll2rujAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNV HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwRgYDVR0gBD8wPTA7BgwrBgEEAbIx AQIBBQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9D UFMwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09N T0RPRXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGEBggrBgEF BQcBAQR4MHYwTgYIKwYBBQUHMAKGQmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NP TU9ET0V4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAkBggrBgEF BQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMC0GA1UdEQQmMCSCDmNsb3Vk ZmxhcmUuY29tghJ3d3cuY2xvdWRmbGFyZS5jb20wggEDBgorBgEEAdZ5AgQCBIH0 BIHxAO8AdQBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAUq6JZ63 AAAEAwBGMEQCIDnMUQTV5uhtg3wo4WudmHrLsRGAPxgKahZ2qAheT2nJAiBXTr30 eD/Edkl+klFUUYJIN8ntqy1nOgw1cFGDSMcw+wB2AKS5CZC0GFgUh7sTosxncAo8 NZgE+RvfuON3zQ7IDdwQAAABSrolns0AAAQDAEcwRQIhAOt2rMbzsavA074rVKZ6 T+OYR0zL2HX6GjI4+ItnguYRAiA9It+jwuBjW2tocmYNAOgzBzuNNdgBtmqMwkLf eXRojzANBgkqhkiG9w0BAQUFAAOCAQEAXl5mVmhHA6WcjPhmTMoHGvPCdsGVBWe0 Fr85yjuQsVSKCsZDD3ec01MnNyxwxf6GYFMxysv4j6rC9zlo55fecljtIrPSuftZ O4Uvo2a36b5s6sGBqfKQPQbjdbdJvw8yymLHMU25Df3ZZcj0T8bQZKjIZRv5IiDL SUlwyxhiiorMrqCPTyiniCXJvfdaFBUWdw37QZWNHyvVap7vUTXQpsHGkt+KL+0w C4/mhoakAMd8n+//pBDtHBWqsnxA7/S6vM9zP0+xRR8vHUsDGj28Ito8839WP18u fQrczSznX7YbZjCk++r5GpSCFAsBBh5ZmU9bu9XnzAZ2hlkKec/8HA==-----END CERTIFICATE----- ---------------------------------------------------------------------------------------/ The whole target has no protection (X-Frame-Options header) against ClickJacking attack --- The URI: "https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/page/index.css?v=CB6-2013-08-01-1" has a parameter named: "v" with value: "CB6-2013-08-01-1" --- The URI: "https://www.cloudflare.com/static/javascripts/live/nexp=3886263/library/thirdparty.js?v=CB6-2013-08-01-1" has a parameter named: "v" with value: "CB6-2013-08-01-1" --- The URI: "https://www.cloudflare.com/static/javascripts/live/nexp=3886263/page/index.js?v=CB6-2013-08-01-1" has a parameter named: "v" with value: "CB6-2013-08-01-1 --- The URL: "http://www.cloudflare.com" sent the cookie: "__cfduid=d5fb107afe150f49d30e078cb0fa7c4281431424014; expires=Wed, 11-May-16 09:46:54 GMT; path=/; domain=.cloudflare.com; HttpOnly --- The remote web server sent the HTTP header: "CF-Cache-Status" with value: "HIT" --- The remote web server sent the HTTP header: "CF-RAY" with value: "1e5532f94df11153-SIN". --- The URL: "http://www.cloudflare.com" returned a response that may contain a "MD5" hash. The hash is: "ead2f9e10c36dedb88aafa9c803d7465" --- The URL: "http://www.cloudflare.com" returned a response that may contain a "SHA1" hash. The hash is: "e82d3debdfe39d0896cc7483f64b5047aae5b834". --- The URL: "http://www.cloudflare.com" returned a response that may contain a "MD5" hash. The hash is: "aad558c02b71b4392c9e53cd66aedec2" --- The URL "https://www.cloudflare.com/" has the following allowed methods, which include DAV methods: *, ACL, BASELINE_CONTROL, CHECKIN, CHECKOUT, CONNECT, COPY, DEBUG, GET, HEAD, INDEX, INVALID, INVOKE, LABEL, LINK, LOCK, MERGE, MKACTIVITY, MKCOL, MKDIR, MKWORKSPACE, MOVE, NOTIFY, OPTIONS, PATCH, PIN, POLL, POST, PROPFIND, PROPPATCH, REPLY, REPORT, RMDIR, SEARCH, SHOWMETHOD, SPACEJUMP, SUBSCRIBE, SUBSCRIPTIONS, TEXTSEARCH, TRACK, UNCHECKOUT, UNLINK, UNLOCK, UNSUBSCRIBE, VERSION_CONTROL. --- GET https://www.cloudflare.com/ HTTP/1.1 Host: www.cloudflare.com Cookie: __cfduid=d9470a80c870d599c69181469b38ceed91431420527 ---- https://www.cloudflare.com/robots.txt User-agent: * Disallow: /__esa PATH DISCLOSURE VULNERABILITY X 1171 times -----------------------------/ --- The URL: "https://www.cloudflare.com/videos" has a path disclosure vulnerability which discloses: "/media/images/videos/welcome-to-pro.png" GET https://www.cloudflare.com/videos HTTP/1.1 ---- The URL: "https://www.cloudflare.com/videos" has a path disclosure vulnerability which discloses: "/media/images/videos/welcome-to-free.png" GET https://www.cloudflare.com/videos HTTP/1.1 ---- The URL: "https://www.cloudflare.com/videos" has a path disclosure vulnerability which discloses: "/media/images/videos/welcome-to-business.png" GET https://www.cloudflare.com/videos HTTP/1.1 ---- The URL: "https://www.cloudflare.com/videos" has a path disclosure vulnerability which discloses: "/media/images/videos/speed-up-your-website.png GET https://www.cloudflare.com/videos HTTP/1.1 ---- The URL: "https://www.cloudflare.com/videos" has a path disclosure vulnerability which discloses: "/media/images/videos/recommended-host-settings.png GET https://www.cloudflare.com/videos HTTP/1.1 ---- The URL: "https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/thirdparty.css" has a path disclosure vulnerability which discloses: "/media/images/ui/colorpicker/colorpicker_hex.png" GET https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/thirdparty.css?v=CB6-2013-08-01-1 HTTP/1.1 ---- The URL: "https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/thirdparty.css" has a path disclosure vulnerability which discloses: "/media/images/ui/colorpicker/colorpicker_indic.gif GET https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/thirdparty.css?v=CB6-2013-08-01-1 HTTP/1.1 ---- The URL: "https://www.cloudflare.com/features-cdn" has a path disclosure vulnerability which discloses: "/media/pdf/cloudflare-whitepaper-cdn.pdf" GET https://www.cloudflare.com/features-cdn HTTP/1.1 ---- The URL: "https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/thirdparty.css" has a path disclosure vulnerability which discloses: "/media/images/ui/colorpicker/colorpicker_rgb_r.png GET https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/thirdparty.css?v=CB6-2013-08-01-1 HTTP/1.1 ---- The URL: "https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/thirdparty.css" has a path disclosure vulnerability which discloses: "/media/images/ui/colorpicker/colorpicker_rgb_g.png GET https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/thirdparty.css?v=CB6-2013-08-01-1 HTTP/1.1 ---- The URL: "https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/page/index.css" has a path disclosure vulnerability which discloses: "/home/splash.jpg" GET https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/page/index.css?v=CB6-2013-08-01-1 HTTP/1.1 ---- The URL: "https://www.cloudflare.com/resources" has a path disclosure vulnerability which discloses: "/media/pdf/sth-whitepaper.pdf" GET https://www.cloudflare.com/resources HTTP/1.1 ---- The URL: "https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/thirdparty.css" has a path disclosure vulnerability which discloses: "/media/images/ui/colorpicker/colorpicker_rgb_b.png" GET https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/thirdparty.css?v=CB6-2013-08-01-1 HTTP/1.1 ---- The URL: "https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/cloudflare.css" has a path disclosure vulnerability which discloses: "/media/images/alert-arrow.png GET https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/cloudflare.css?v=CB6-2013-08-01-1 HTTP/1.1 ---- The URL: "https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/page/index.css" has a path disclosure vulnerability which discloses: "/home/play_hover.png" GET https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/page/index.css?v=CB6-2013-08-01-1 HTTP/1.1 ---- The URL: "https://www.cloudflare.com/hosting-partners" has a path disclosure vulnerability which discloses: "/media/images/hosting-partners/d2b.png GET https://www.cloudflare.com/hosting-partners HTTP/1.1 ---- The URL: "https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/cloudflare.css" has a path disclosure vulnerability which discloses: "/media/images/icon/flags/bo.png" GET https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/cloudflare.css?v=CB6-2013-08-01-1 HTTP/1.1 ---- The URL: "https://www.cloudflare.com/hosting-partners" has a path disclosure vulnerability which discloses: "/media/images/hosting-partners/xman.png" GET https://www.cloudflare.com/hosting-partners HTTP/1.1 ---- The URL: "https://www.cloudflare.com/hosting-partners" has a path disclosure vulnerability which discloses: "/media/images/hosting-partners/cirishosting.png GET https://www.cloudflare.com/hosting-partners HTTP/1.1 ---- The URL: "https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/cloudflare.css" has a path disclosure vulnerability which discloses: "/media/images/icon/useragents/safari-16x16.png" GET https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/cloudflare.css?v=CB6-2013-08-01-1 HTTP/1.1 ---- The URL: "https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/cloudflare.css" has a path disclosure vulnerability which discloses: "/media/images/icon/button/locked-white-14x15.png" GET https://www.cloudflare.com/static/stylesheets/live/nexp=3886263/library/cloudflare.css?v=CB6-2013-08-01-1 HTTP/1.1 ---- The URL: "https://www.cloudflare.com/resources-downloads" has a path disclosure vulnerability which discloses: "/media/images/resources-downloads/ispsystem-02.gif GET https://www.cloudflare.com/resources-downloads HTTP/1.1 ---- EMAILS X 32 TIMES. -----------------/ The mail account: "2B@cloudflare.com - The mail account: "noc@cloudflare.com - The mail account: "3Dnoc@cloudflare.com" - The mail account: "dkoston@cloudflare.com - The mail account: "adam@cloudflare.com - The mail account: "terin@cloudflare.com - The mail account: "sri@cloudflare.com - The mail account: "kyle@cloudflare.com ------------------------------------------------------------// XPLOITS: www.cloudflare.com (198.41.214.163) ------------------------------------------/ Server:cloudflare-nginx IP Address:198.41.214.163 Port:443 Hostname:www.cloudflare.com -- Sessions may be vulnerable to BEAST attack Attackers may be able to decrypt the encrypted SSL traffic - Server has not enabled HTTP Strict-Transport-Security Users may be exposed to man-in-the-middle attacks - Server configuration does not meet FIPS guidelines Federal standards for data handling are not being met - Strict Transport Security:Fail ----------------------------------------/ EXPLOITS: www.cloudflare.com (198.41.215.163) -------------------------------------------/ Server:cloudflare-nginx IP Address:198.41.215.163 Port:443 Hostname:www.cloudflare.com -- Sessions may be vulnerable to BEAST attack Attackers may be able to decrypt the encrypted SSL traffic - Server has not enabled HTTP Strict-Transport-Security Users may be exposed to man-in-the-middle attacks - Server configuration does not meet FIPS guidelines Federal standards for data handling are not being met - Strict Transport Security:Fail ---------------------------------/ You should fix your System ' its only a matter of time & Code b4 it Falls DoWn.... :( (: