Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day. SSL Certificate - Subject Common Name Does Not Match Server FQDN

Transcription

1 Vulnerability Scan 06 October 2014 at 16:21 URL : Summary: 34 vulnerabilities found Cookie Does Not Contain The "HTTPOnly" Attribute Cookie Does Not Contain The "secure" Attribute Cookie Does Not Contain The "secure" Attribute Cookie Does Not Contain The "HTTPOnly" Attribute SSL Server Allows Anonymous Authentication Vulnerability Web Server Stopped Responding POP3 Server Allows Plain Text Authentication Vulnerability Mail Server Accepts Plaintext Credentials Discovery of Unix Account Names Vulnerability Discovery of Unix Account Names Vulnerability Mail Server Accepts Plaintext Credentials Web Server Stopped Responding SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day SSL Certificate - Subject Common Name Does Not Match Server FQDN SSL Certificate - Signature Verification Failed Vulnerability SSL Certificate - Subject Common Name Does Not Match Server FQDN SSL Certificate - Improper Usage Vulnerability SSL Certificate - Subject Common Name Does Not Match Server FQDN 1/71

2 SSL Certificate - Subject Common Name Does Not Match Server FQDN SSL Certificate - Subject Common Name Does Not Match Server FQDN SSL Certificate - Subject Common Name Does Not Match Server FQDN SSL Certificate - Subject Common Name Does Not Match Server FQDN Global User List SSL Certificate - Self-Signed Certificate SSL Certificate - Subject Common Name Does Not Match Server FQDN SSL Certificate - Subject Common Name Does Not Match Server FQDN Database Instance Detected SSL/TLS use of weak RC4 cipher SSL/TLS use of weak RC4 cipher SSL/TLS use of weak RC4 cipher SSL/TLS use of weak RC4 cipher Apache Web Server ETag Header Information Disclosure Weakness Apache Web Server ETag Header Information Disclosure Weakness Remote Access or Management Service Detected Remote Management Service Accepting Unencrypted Credentials Detected POP3 Banner FTP Server Banner IMAP Banner Operating System Detected SMTP Banner SMTP Banner SMTP Banner IMAP Banner POP3 Banner 2/71

3 MySQL Banner SMTP Service Detected SMTP Service Detected Host Uptime Based on TCP TimeStamp Option SMTP Service Detected Web Server Version Open TCP Services List SSL Web Server Version Firewall Detected SSL Server Information Retrieval Degree of Randomness of TCP Initial Sequence Numbers SSL Certificate will expire within next six months SSL Session Caching Information TLS Secure Renegotiation Extension Supported TLS Secure Renegotiation Extension Supported SSL Server Information Retrieval ICMP Replies Received SSL Server Information Retrieval SSL Certificate - Information SSL Certificate - Information List of Web Directories Traceroute SSL Session Caching Information SSL Certificate - Information Host Scan Time SSL Certificate - Information 3/71

4 SSL/TLS invalid protocol version tolerance SSL/TLS invalid protocol version tolerance SSL Session Caching Information IP ID Values Randomness SSL Server Information Retrieval List of Web Directories SSL/TLS invalid protocol version tolerance DNS Host Name SSL Certificate - Information SSL Certificate - Information SSL Session Caching Information TLS Secure Renegotiation Extension Supported TLS Secure Renegotiation Extension Supported TLS Secure Renegotiation Extension Supported Host Names Found TLS Secure Renegotiation Extension Supported SSL Session Caching Information SSL Session Caching Information SSL Session Caching Information SSL Certificate - Information SSL Server Information Retrieval TLS Secure Renegotiation Extension Supported SSL Certificate - Information SSL Session Caching Information Target Network Information TLS Secure Renegotiation Extension Supported 4/71

5 SSL Server Information Retrieval SSL Session Caching Information SSL Certificate - Information Internet Service Provider TLS Secure Renegotiation Extension Supported SSL Server Information Retrieval SSL Server Information Retrieval SSL/TLS invalid protocol version tolerance SSL Server Information Retrieval Type: Web Application Cookie Does Not Contain The "HTTPOnly" Attribute QID: Category: Web Application Port: - The cookie does not contain the "HTTPOnly" attribute. Cookies without the "HTTPOnly" attribute are permitted to be accessed via JavaScript. Cross-site scripting attacks can steal cookies which could lead to user impersonation or compromise of the application account. If the associated risk of a compromised account is high, apply the "HTTPOnly" attribute to cookies wordpress_sec_bf07d8ddea19c831a87b2fd81497f82e=+; expires=sun Oct 6 05:45: ; path=/; domain= Cookie Does Not Contain The "secure" Attribute QID: Category: Web Application Port: - The cookie does not contain the "secure" attribute. 5/71

6 Cookies with the "secure" attribute are only permitted to be sent via HTTPS. Session cookies sent via HTTP expose an unsuspecting user to sniffing attacks that could lead to user impersonation or compromise of the application account. If the associated risk of a compromised account is high, apply the "secure" attribute to cookies and force all sensitive requests to be sent via HTTPS PHPSESSID=70fa5d181bc2138ff263f0e994e5ccb2; path=/; domain= Cookie Does Not Contain The "secure" Attribute QID: Category: Web Application Port: - The cookie does not contain the "secure" attribute. Cookies with the "secure" attribute are only permitted to be sent via HTTPS. Session cookies sent via HTTP expose an unsuspecting user to sniffing attacks that could lead to user impersonation or compromise of the application account. If the associated risk of a compromised account is high, apply the "secure" attribute to cookies and force all sensitive requests to be sent via HTTPS wordpress_bf07d8ddea19c831a87b2fd81497f82e=+; expires=sun Oct 6 05:45: ; path=/wp-content/plugins; domain= Cookie Does Not Contain The "HTTPOnly" Attribute QID: Category: Web Application Port: - The cookie does not contain the "HTTPOnly" attribute. Cookies without the "HTTPOnly" attribute are permitted to be accessed via JavaScript. Cross-site scripting attacks can steal cookies which could lead to user impersonation or compromise of the application account. If the associated risk of a compromised account is high, apply the "HTTPOnly" attribute to cookies PHPSESSID=70fa5d181bc2138ff263f0e994e5ccb2; path=/; domain= Type: Vulnerability SSL Server Allows Anonymous Authentication Vulnerability QID: /71

7 Category: General remote services Port: 21 The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server. The client usually authenticates the server using an algorithm like RSA or DSS. Some SSL ciphers allow SSL communication without authentication. Most common Web browsers like Microsoft Internet Explorer, Netscape and Mozilla do not use anonymous authentication ciphers by default. A vulnerability exists in SSL communications when clients are allowed to connect using no authentication algorithm. SSL client-server communication may use several different types of authentication: RSA, Diffie-Hellman, DSS or none. When 'none' is used, the communications are vulnerable to a man-in-the-middle attack." An attacker can exploit this vulnerability to impersonate your server to clients. Disable support for anonymous authentication. 1) Apache: Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines: SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM For Apache/apache_ssl include the following line in the configuration file (httpsd.conf): SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM 2) IIS: For IIS please see: How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services, How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll, How to Determine the Cipher Suite for the Server and Client,, and How to restrict the use of certain ciphers in Internet Information Services 5.0 3) Wu-FTP: For Wu-FTP which supports TLS, the ciphers parameter in TLS configuration file should be set to -ALL +SSLv3 +TLSv1 For more details please consult the docs/howto/ssl_and_tls_ftpd.howto file provided by wu-ftpd distribution. 4) Lighttpd: For lighttpd: Locate the lighttpd config file and modify the following ssl.ciperlist line to include!anull. A restart of the lightttpd application is necessary. Example: ssl.cipher-list = "TLSv1+HIGH!SSLv2 Additional reading: #table cols="6" CIPHER KEY-EXCHANGE AUTHENTICATION MAC ENCRYPTION(KEY- STRENGTH) GRADE SSLv3_SUPPORTS_CIPHERS_WITH_NO_AUTHENTICATION _ ADH-RC4-MD5 DH None MD5 RC4(128)_ MEDIUM_ ADH-DES-CBC3-SHA DH None SHA1 3DES(168)_ HIGH_ ADH-AES128-SHA DH None SHA1 AES(128)_ MEDIUM_ ADH-AES256- SHA DH None SHA1 AES(256)_ HIGH_ ADH-CAMELLIA128-SHA DH None SHA1 Camellia(128)_ MEDIUM_ ADH-CAMELLIA256-SHA DH None SHA1 Camellia(256)_ HIGH_ ADH-SEED-SHA DH None SHA1 SEED(128)_ MEDIUM_ TLSv1_SUPPORTS_CIPHERS_WITH_NO_AUTHENTICATION _ ADH-RC4-MD5 DH None MD5 RC4(128) _MEDIUM_ ADH-DES-CBC3-SHA DH None SHA1 3DES(168) _HIGH_ ADH-AES128-SHA DH None SHA1 AES(128) _MEDIUM_ ADH-AES256-SHA DH None SHA1 AES(256) _HIGH_ ADH-CAMELLIA128-SHA DH None SHA1 Camellia(128) _MEDIUM_ ADH-CAMELLIA256-SHA DH None SHA1 Camellia(256) _HIGH_ ADH-SEED-SHA DH None SHA1 SEED(128) _MEDIUM_ Web Server Stopped Responding QID: Category: Web server Port: 443 7/71

8 The Web server stopped responding to 3 consecutive connection attempts and/or more than 3 consecutive HTTP requests. Consequently, the service aborted testing for HTTP vulnerabilities. The vulnerabilities already detected are still posted. The service was unable to complete testing for HTTP vulnerabilities since the Web server stopped responding. Check the Web server status. If the Web server was crashed during the scan, please restart the server, report the incident to Customer Support and stop scanning the Web server until the issue is resolved. If the Web server is unable to process multiple concurrent HTTP requests, please lower the scan harshness level and launch another scan. If this vulnerability continues to be reported, please contact Customer Support. The web server did not respond for 4 consecutive HTTP requests. After these, the service was still unable to connect to the web server 2 minutes later. POP3 Server Allows Plain Text Authentication Vulnerability QID: Category: Mail services Port: 110 Post Office Protocol version 3 (POP3) is an application layer internet standard protocol to retrieve from a remote server. Use of the PASS command sends passwords in the clear over the network. Also, servers that answer -ERR to the User command are giving potential attackers clues about which names are valid. Malicious users could obtain mail server credentials by sniffing the traffic. This can allow unauthorized users to use the mail server as an open mail relay. POP3 supports several authentication methods to provide varying levels of protection. Contact your vendor for further configuration information. Mail Server Accepts Plaintext Credentials QID: Category: Mail services Port: 25 Your Mail Server responds to the EHLO command which implies that it uses the ESMTP protocol. ESMTP uses the AUTH command which indicates an authentication mechanism to the server. If the server supports the requested authentication mechanism, it performs an authentication protocol exchange to authenticate and identify the user. Optionally, it also negotiates a security layer for subsequent protocol interactions. Your server accepts PLAIN or LOGIN as one of the AUTH parameters. The authentication credentials are transmitted in plaintext over the network and no encryption is performed. Malicious users could obtain mail server credentials by sniffing the traffic. This can allow unauthorized users to use the mail server as an open mail relay. It may also lead to compromise of account credentials that can be used to access other mail services like POP3 and IMAP. 8/71

9 Disable the plaintext authentication methods on your SMTP server for unencrypted (non- SSL/TLS) sessions. You may consider using more advanced challenge-based authentication methods like CRAM-MD5 or DIGEST-MD5. Please contact your vendor for configuration information. Also check RFC 2554 and RFC 2487 for more details. EHLO 250-p3plcpnl0246.prod.phx3.secureserver.net Hello [ ] 250-SIZE BITMIME250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP AUTH LOGIN 334VXNlcm5hbWU6 EHLO 250- p3plcpnl0246.prod.phx3.secureserver.net Hello [ ] 250-SIZE BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP AUTH PLAIN 334 Discovery of Unix Account Names Vulnerability QID: Category: Brute Force Attack Port: 80 CVEID: CVE When a request for a user is made ( certain servers (such as Apache Versions and 1.3.9) return a different reply depending on whether the account user exists on the host or not. If a request is made for an account that exists on the host, a 403 error is returned. If a request is made for a non-existent account, then a 404 error is returned. Unauthorized remote users can implement brute force attacks on the Web server to guess a valid account name on the server. Even though they may be successful in obtaining a valid account, they will still have to guess the password. However, if user passwords are weak, some services may also be brute forced. Disable the default-enabled "UserDir" directive. To do so, add the following line to the httpd.conf file: UserDir Disabled Apache Versions and are vulnerable. Other Web servers may also be vulnerable. There are currently no patches available. We strongly advise you to upgrade to a later version of Apache. #table cols="2" N._Server Account root operator Discovery of Unix Account Names Vulnerability QID: Category: Brute Force Attack Port: 443 CVEID: CVE When a request for a user is made ( certain servers (such as Apache Versions and 1.3.9) return a different reply depending on whether the account user exists on the host or not. If a request is made for an account that exists on the host, a 403 error is returned. If a request is made for a non-existent account, then a 404 error is returned. Unauthorized remote users can implement brute force attacks on the Web server to guess a valid account name on the server. Even though they may be successful in obtaining a valid account, they will still have to guess the password. However, if user passwords are weak, some services may also be brute forced. 9/71

10 Disable the default-enabled "UserDir" directive. To do so, add the following line to the httpd.conf file: UserDir Disabled Apache Versions and are vulnerable. Other Web servers may also be vulnerable. There are currently no patches available. We strongly advise you to upgrade to a later version of Apache. #table cols="2" N._Server Account root Mail Server Accepts Plaintext Credentials QID: Category: Mail services Port: 587 Your Mail Server responds to the EHLO command which implies that it uses the ESMTP protocol. ESMTP uses the AUTH command which indicates an authentication mechanism to the server. If the server supports the requested authentication mechanism, it performs an authentication protocol exchange to authenticate and identify the user. Optionally, it also negotiates a security layer for subsequent protocol interactions. Your server accepts PLAIN or LOGIN as one of the AUTH parameters. The authentication credentials are transmitted in plaintext over the network and no encryption is performed. Malicious users could obtain mail server credentials by sniffing the traffic. This can allow unauthorized users to use the mail server as an open mail relay. It may also lead to compromise of account credentials that can be used to access other mail services like POP3 and IMAP. Disable the plaintext authentication methods on your SMTP server for unencrypted (non- SSL/TLS) sessions. You may consider using more advanced challenge-based authentication methods like CRAM-MD5 or DIGEST-MD5. Please contact your vendor for configuration information. Also check RFC 2554 and RFC 2487 for more details. EHLO qualysguard.com 250-p3plcpnl0246.prod.phx3.secureserver.net Hello sn094.s01.sjc01.qualys.com [ ] 250-SIZE BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP AUTH LOGIN 334 VXNlcm5hbWU6 EHLO qualysguard.com 250- p3plcpnl0246.prod.phx3.secureserver.net Hello sn094.s01.sjc01.qualys.com [ ] 250-SIZE BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP AUTH PLAIN 334 Web Server Stopped Responding QID: Category: Web server Port: 80 The Web server stopped responding to 3 consecutive connection attempts and/or more than 3 consecutive HTTP requests. Consequently, the service aborted testing for HTTP vulnerabilities. The vulnerabilities already detected are still posted. The service was unable to complete testing for HTTP vulnerabilities since the Web server stopped responding. Check the Web server status. 10/71

11 If the Web server was crashed during the scan, please restart the server, report the incident to Customer Support and stop scanning the Web server until the issue is resolved. If the Web server is unable to process multiple concurrent HTTP requests, please lower the scan harshness level and launch another scan. If this vulnerability continues to be reported, please contact Customer Support. The web server did not respond for 4 consecutive HTTP requests. After these, the service was still unable to connect to the web server 2 minutes later. SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability QID: Category: General remote services Port: 443 CVEID: CVE SSLv 3.0 and TLS v1.0 protocols are used to provide integrity, authenticity and privacy to other protocols such as HTTP and LDAP. They provide these services by using encryption for privacy, x509 certificates for authenticity and one-way hash functions for integrity. To encrypt data SSL and TLS can use block ciphers, which are encryption algorithms that can encrypt only a fixed block of original data to an encrypted block of the same size. Note that these ciphers will always obtain the same resulting block for the same original block of data. To achieve difference in the output the output of encryption is XORed with yet another block of the same size referred to as initialization vectors (IV). A special mode of operation for block ciphers known as CBC (cipher block chaining) uses one IV for the initial block and the result of the previous block for each subsequent block to obtain difference in the output of block cipher encryption. In SSLv3.0 and TLSv1.0 implementation the choice CBC mode usage was poor because the entire traffic shares one CBC session with single set of initial IVs. The rest of the IV are as mentioned above results of the encryption of the previous blocks. The subsequent IV are available to the eavesdroppers. This allows an attacker with the capability to inject arbitrary traffic into the plain-text stream (to be encrypted by the client) to verify their guess of the plain-text preceding the injected block. If the attackers guess is correct then the output of the encryption will be the same for two blocks. For low entropy data it is possible to guess the plain-text block with relatively few number of attempts. For example for data that has 1000 possibilities the number of attempts can be 500. For more information please see a paper by Gregory V. Bard. Recently attacks against the web authentication cookies have been described which used this vulnerability. If the authentication cookie is guessed by the attacker then the attacker can impersonate the legitimate user on the Web site which accepts the authentication cookie. This attack was identified in 2004 and later revisions of TLS protocol which contain a fix for this. If possible, upgrade to TLSv1.1 or TLSv1.2. If upgrading to TLSv1.1 or TLSv1.2 is not possible, then disabling CBC mode ciphers will remove the vulnerability. Setting your SSL server to prioritize RC4 ciphers mitigates this vulnerability. Microsoft has posted information including workarounds for IIS at KB Using the following SSL configuration in Apache mitigates this vulnerability: SSLHonorCipherOrder On SSLCipherSuite RC4-SHA:HIGH:!ADH Qualys SSL/TLS Deployment Best Practices can be found here. Note: RC4 recommendation is only in situations where upgrade to TLSv1.2 is not possible. RC4 in TLS v1.0 has output bias problem as described in QID Therefore it is recommended to upgrade to TLS v1.2 or later. #table cols="3" Available_non_CBC_cipher Server's_choice SSL_version RC4- SHA ECDHE-RSA-DES-CBC3-SHA TLSv1 11/71

12 Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day QID: Category: Web server Port: 0 CVEID: CVE The Apache HTTP Server, commonly referred to as Apache is a freely available Web server. Apache is vulnerable to a denial of service due to holding a connection open for partial HTTP requests. Apache Versions 1.x and 2.x are vulnerable. A remote attacker can cause a denial of service against the Web server which would prevent legitimate users from accessing the site. Denial of service tools and scripts such as Slowloris takes advantage of this vulnerability. Patch - There are no vendor-supplied patches available at this time. Workaround: - Server-specific recommendations can be found here. - Countermeasures for Apache are described here. - Reverse proxies, load balancers and iptables can help to prevent this attack from occurring. - Adjusting the TimeOut Directive can also prevent this attack from occurring. - A new module mod_reqtimeout has been introduced since Apache to provide tools for mitigation against these forms of attack. Also refer to Cert Blog and Slowloris and Mitigations for Apache document for further information. QID: detected on port 80 over TCP - Apache 2.0QID: detected on port 443 over TCP - Apache 2.0 Type: Vulnerability SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 143 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server FQDN offers only encryption without authentication. Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. 12/71

13 Certificate #0 CN=*.prod.phx3.secureserver.net,O=Special_Domain_Services\,_LLC,ST=Arizona,C=US (*.prod.phx3.secureserver.net) doesn't resolve (prod.phx3.secureserver.net) doesn't resolve (*.prod.phx3.secureserver.net) doesn't resolve SSL Certificate - Signature Verification Failed Vulnerability QID: Category: General remote services Port: 21 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. The authentication is done by verifying that the public key in the certificate is signed by a trusted third-party Certificate Authority. If a client is unable to verify the certificate, it can abort communication or prompt the user to continue the communication without authentication. By exploiting this vulnerability, man-in-the-middle attacks in tandem with DNS cache poisoning can occur. Exception: If the server communicates only with a restricted set of clients who have the server certificate or the trusted CA certificate, then the server or CA certificate may not be available publicly, and the scan will be unable to verify the signature. Please install a server certificate signed by a trusted third-party Certificate Authority. Certificate #0 [email protected],cn=p3plcpnl0246.p rod.phx3.secureserver.net self signed certificate SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 587 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server FQDN offers only encryption without authentication. Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. 13/71

14 Certificate #0 CN=*.prod.phx3.secureserver.net,O=Special_Domain_Services\,_LLC,ST=Arizona,C=US (*.prod.phx3.secureserver.net) doesn't resolve (prod.phx3.secureserver.net) doesn't resolve (*.prod.phx3.secureserver.net) doesn't resolve Type: Vulnerability SSL Certificate - Improper Usage Vulnerability QID: Category: General remote services Port: 21 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. The basicconstraints section of the certificate may specify if it is a Certificate Authority (CA) certificate. Also, the keyusage field in the X509v3 extensions section of the certificate, if present, may restrict the usage of the certificate. In general, a server public key should not be used for Certificate or CRL signing and a client or CA certificate should be not used as a server certificate. If the keyusage or the basicconstraint field is designated as a critical parameter in the certificate, the client may abort the communication if the usage validation fails. Please install a server certificate with correct usage. Certificate #0 [email protected],cn=p3plcpnl0246.p rod.phx3.secureserver.net is not suitable for CRL signing. Type: Vulnerability SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 110 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server FQDN offers only encryption without authentication. Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption 14/71

15 communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. Certificate #0 CN=*.prod.phx3.secureserver.net,O=Special_Domain_Services\,_LLC,ST=Arizona,C=US (*.prod.phx3.secureserver.net) doesn't resolve (prod.phx3.secureserver.net) doesn't resolve (*.prod.phx3.secureserver.net) doesn't resolve SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 995 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server FQDN offers only encryption without authentication. Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. Certificate #0 CN=*.prod.phx3.secureserver.net,O=Special_Domain_Services\,_LLC,ST=Arizona,C=US (*.prod.phx3.secureserver.net) doesn't resolve (prod.phx3.secureserver.net) doesn't resolve (*.prod.phx3.secureserver.net) doesn't resolve SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 465 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server FQDN offers only encryption without authentication. Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup 15/71

16 entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. Certificate #0 CN=*.prod.phx3.secureserver.net,O=Special_Domain_Services\,_LLC,ST=Arizona,C=US (*.prod.phx3.secureserver.net) doesn't resolve (prod.phx3.secureserver.net) doesn't resolve (*.prod.phx3.secureserver.net) doesn't resolve SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 25 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server FQDN offers only encryption without authentication. Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. Certificate #0 CN=*.prod.phx3.secureserver.net,O=Special_Domain_Services\,_LLC,ST=Arizona,C=US (*.prod.phx3.secureserver.net) doesn't resolve (prod.phx3.secureserver.net) doesn't resolve (*.prod.phx3.secureserver.net) doesn't resolve SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 21 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server FQDN offers only encryption without authentication. 16/71

17 Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. Certificate #0 [email protected],cn=p3plcpnl0246.p rod.phx3.secureserver.net (p3plcpnl0246.prod.phx3.secureserver.net) and IP ( ) don't match Type: Vulnerability Global User List QID: Category: Information gathering Port: 0 This is the global system user list, which was retrieved during the scan by exploiting one or more vulnerabilities. The Qualys IDs for the vulnerabilities leading to the disclosure of these users are also given in the Result section. Each user will be displayed only once, even though it may be obtained by using different methods. These common account(s) can be used by a malicious user to break-in the system via password bruteforcing. To prevent your host from being attacked, do one or more of the following: Remove (or rename) unnecessary accounts Shutdown unnecessary network services Ensure the passwords to these accounts are kept secret Use a firewall to restrict access to your hosts from unauthorized domains #table cols="2" User_Name Source_Vulnerability_(QualysID) root 5001 operator 5001 Type: Vulnerability SSL Certificate - Self-Signed Certificate QID: Category: General remote services Port: 21 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. 17/71

18 The client can trust that the Server Certificate belongs the server only if it is signed by a mutually trusted third-party Certificate Authority (CA). Self-signed certificates are created generally for testing purposes or to avoid paying third-party CAs. These should not be used on any production or critical servers. By exploiting this vulnerability, an attacker can impersonate the server by presenting a fake self-signed certificate. If the client knows that the server does not have a trusted certificate, it will accept this spoofed certificate and communicate with the remote server. By exploiting this vulnerability, an attacker can launch a man-in-the-middle attack. Please install a server certificate signed by a trusted third-party Certificate Authority. Certificate #0 [email protected],cn=p3plcpnl0246.p rod.phx3.secureserver.net is a self signed certificate. SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 443 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server FQDN offers only encryption without authentication. Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. Certificate #0 CN=*.prod.phx3.secureserver.net,O=Special_Domain_Services\,_LLC,ST=Arizona,C=US (*.prod.phx3.secureserver.net) doesn't resolve (prod.phx3.secureserver.net) doesn't resolve (*.prod.phx3.secureserver.net) doesn't resolve SSL Certificate - Subject Common Name Does Not Match Server FQDN QID: Category: General remote services Port: 993 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. A certificate whose Subject commonname or subjectaltname does not match the server 18/71

19 FQDN offers only encryption without authentication. Please note that a false positive reporting of this vulnerability is possible in the following case: If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem. A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication. Please install a server certificate whose Subject commonname or subjectaltname matches the server FQDN. Certificate #0 CN=*.prod.phx3.secureserver.net,O=Special_Domain_Services\,_LLC,ST=Arizona,C=US (*.prod.phx3.secureserver.net) doesn't resolve (prod.phx3.secureserver.net) doesn't resolve (*.prod.phx3.secureserver.net) doesn't resolve Type: Vulnerability Database Instance Detected QID: Category: Database Port: 3306 The service detected a database installation on the target. Databases like Oracle, MS-SQL, MySQL, IBM DB2, PostGgresql, Firebird and other are detected. The database instance is listed in the result section below. MYSQL instance detected on TCP port SSL/TLS use of weak RC4 cipher QID: Category: General remote services Port: 465 CVEID: CVE Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS ) protocols provide integrity, confidentiality and authenticity services to other protocols that lack these features. SSL/TLS protocols use ciphers such as AES,DES, 3DES and RC4 to encrypt the content of the higher layer protocols and thus provide the confidentiality service. Normally the output of an encryption process is a sequence of random looking bytes. It was known that RC4 output has some bias in the output. Recently a group of researches has discovered that the there is a stronger bias in RC4, which make statistical analysis of ciphertext more practical. The described attack is to inject a malicious javascript into the victim's browser that would ensure that there are multiple connections being established with a target website and the same HTTP cookie is sent multiple times to the website in encrypted form. This provides the attacker a large set of ciphertext samples, that can be used for statistical analysis. 19/71

20 If this attack is carried out and an HTTP cookie is recovered, then the attacker can then use the cookie to impersonate the user whose cookie was recovered. This attack is not very practical as it requires the attacker to have access to millions of samples of ciphertext, but there are certain assumptions that an attacker can make to improve the chances of recovering the cleartext from cihpertext. For examples HTTP cookies are either base64 encoded or hex digits. This information can help the attacker in their efforts to recover the cookie. RC4 should not be used where possible. One reason that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode ciphers in SSL and TLS. However, TLSv 1.2 or later address these issues. TLSv1.0 with RC4 ciphers is supported SSL/TLS use of weak RC4 cipher QID: Category: General remote services Port: 995 CVEID: CVE Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS ) protocols provide integrity, confidentiality and authenticity services to other protocols that lack these features. SSL/TLS protocols use ciphers such as AES,DES, 3DES and RC4 to encrypt the content of the higher layer protocols and thus provide the confidentiality service. Normally the output of an encryption process is a sequence of random looking bytes. It was known that RC4 output has some bias in the output. Recently a group of researches has discovered that the there is a stronger bias in RC4, which make statistical analysis of ciphertext more practical. The described attack is to inject a malicious javascript into the victim's browser that would ensure that there are multiple connections being established with a target website and the same HTTP cookie is sent multiple times to the website in encrypted form. This provides the attacker a large set of ciphertext samples, that can be used for statistical analysis. If this attack is carried out and an HTTP cookie is recovered, then the attacker can then use the cookie to impersonate the user whose cookie was recovered. This attack is not very practical as it requires the attacker to have access to millions of samples of ciphertext, but there are certain assumptions that an attacker can make to improve the chances of recovering the cleartext from cihpertext. For examples HTTP cookies are either base64 encoded or hex digits. This information can help the attacker in their efforts to recover the cookie. RC4 should not be used where possible. One reason that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode ciphers in SSL and TLS. However, TLSv 1.2 or later address these issues. TLSv1.0 with RC4 ciphers is supported SSL/TLS use of weak RC4 cipher QID: Category: General remote services Port: 443 CVEID: CVE Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS ) protocols provide integrity, confidentiality and authenticity services to other protocols that lack these features. SSL/TLS protocols use ciphers such as AES,DES, 3DES and RC4 to encrypt the content of the higher layer protocols and thus provide the confidentiality service. Normally the output of an encryption process is a sequence of random looking bytes. It was known that RC4 output 20/71

21 has some bias in the output. Recently a group of researches has discovered that the there is a stronger bias in RC4, which make statistical analysis of ciphertext more practical. The described attack is to inject a malicious javascript into the victim's browser that would ensure that there are multiple connections being established with a target website and the same HTTP cookie is sent multiple times to the website in encrypted form. This provides the attacker a large set of ciphertext samples, that can be used for statistical analysis. If this attack is carried out and an HTTP cookie is recovered, then the attacker can then use the cookie to impersonate the user whose cookie was recovered. This attack is not very practical as it requires the attacker to have access to millions of samples of ciphertext, but there are certain assumptions that an attacker can make to improve the chances of recovering the cleartext from cihpertext. For examples HTTP cookies are either base64 encoded or hex digits. This information can help the attacker in their efforts to recover the cookie. RC4 should not be used where possible. One reason that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode ciphers in SSL and TLS. However, TLSv 1.2 or later address these issues. TLSv1.0 with RC4 ciphers is supported SSL/TLS use of weak RC4 cipher QID: Category: General remote services Port: 993 CVEID: CVE Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS ) protocols provide integrity, confidentiality and authenticity services to other protocols that lack these features. SSL/TLS protocols use ciphers such as AES,DES, 3DES and RC4 to encrypt the content of the higher layer protocols and thus provide the confidentiality service. Normally the output of an encryption process is a sequence of random looking bytes. It was known that RC4 output has some bias in the output. Recently a group of researches has discovered that the there is a stronger bias in RC4, which make statistical analysis of ciphertext more practical. The described attack is to inject a malicious javascript into the victim's browser that would ensure that there are multiple connections being established with a target website and the same HTTP cookie is sent multiple times to the website in encrypted form. This provides the attacker a large set of ciphertext samples, that can be used for statistical analysis. If this attack is carried out and an HTTP cookie is recovered, then the attacker can then use the cookie to impersonate the user whose cookie was recovered. This attack is not very practical as it requires the attacker to have access to millions of samples of ciphertext, but there are certain assumptions that an attacker can make to improve the chances of recovering the cleartext from cihpertext. For examples HTTP cookies are either base64 encoded or hex digits. This information can help the attacker in their efforts to recover the cookie. RC4 should not be used where possible. One reason that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode ciphers in SSL and TLS. However, TLSv 1.2 or later address these issues. TLSv1.0 with RC4 ciphers is supported Apache Web Server ETag Header Information Disclosure Weakness QID: Category: Web server Port: 80 CVEID: CVE /71

22 The Apache HTTP Server is a popular, open-source HTTP server for multiple platforms, including Windows, Unix, and Linux. A cache management feature for Apache makes use of an entity tag (ETag) header. When this option is enabled and a request is made for a document relating to a file, an ETag response header is returned containing various file attributes for caching purposes. ETag information allows subsequent file requests to contain specific information, such as the file's inode number. A weakness has been found in the generation of ETag headers under certain configurations implementing the FileETag directive. Among the file attributes included in the header is the file inode number that is returned to a client. Affected Versions: By default, all Versions of Apache are vulnerable. In Apache Versions and earlier, it's not possible to disable inodes in in ETag headers to mitigate this vulnerability, so Apache Version and earlier are vulnerable at all times. Apache Version and later have a setting that can be modified to remove the inode info from the ETag Headers to mitigate this vulnerability. Apache Versions >= allow the user to configure what goes into ETag. However, if the user does not configure Apache to not include inode in ETag, the Web server can still be vulnerable even if Apache >= is being used. This vulnerability poses a security risk, as the disclosure of inode information may aid in launching attacks against other network-based services. For instance, NFS uses inode numbers to generate file handles. Workaround: For Apache and earlier: There is no patch or remediation available for Apache Versions and earlier since it's not possible to disable inodes in in ETag headers. Customers running versions of Apache <= will need to upgrade to a later version and then apply the settings listed below (see Apache Version and later), as versions of Apache and earlier do not have the ability to configure these setting. For Apache and later: In Apache Version and later, it's possible to configure the FileETag directive to generate ETag headers without inode information, which mitigates this vulnerability. To do so, include "FileETag -INode" in the Apache server configuration file for a specific subdirectory. In order to fix this vulnerability globally, for the Web server, use the option "FileETag None". Use the option "FileETag MTime Size" if you just want to remove the Inode information. OpenBSD: OpenBSD has released a patch that fixes this vulnerability. After installing the patch, inode numbers returned from the server are encoded using a private hash to avoid the release of sensitive information. "646fa-7ab-500e0b4e5a84c" Apache Web Server ETag Header Information Disclosure Weakness QID: Category: Web server Port: 443 CVEID: CVE The Apache HTTP Server is a popular, open-source HTTP server for multiple platforms, including Windows, Unix, and Linux. A cache management feature for Apache makes use of an entity tag (ETag) header. When this option is enabled and a request is made for a document relating to a file, an ETag response header is returned containing various file attributes for caching purposes. ETag information allows subsequent file requests to contain specific information, such as the file's inode number. A weakness has been found in the generation of ETag headers under certain configurations implementing the FileETag directive. Among the file attributes included in the header is the file inode number that is returned to a client. 22/71

23 Affected Versions: By default, all Versions of Apache are vulnerable. In Apache Versions and earlier, it's not possible to disable inodes in in ETag headers to mitigate this vulnerability, so Apache Version and earlier are vulnerable at all times. Apache Version and later have a setting that can be modified to remove the inode info from the ETag Headers to mitigate this vulnerability. Apache Versions >= allow the user to configure what goes into ETag. However, if the user does not configure Apache to not include inode in ETag, the Web server can still be vulnerable even if Apache >= is being used. This vulnerability poses a security risk, as the disclosure of inode information may aid in launching attacks against other network-based services. For instance, NFS uses inode numbers to generate file handles. Workaround: For Apache and earlier: There is no patch or remediation available for Apache Versions and earlier since it's not possible to disable inodes in in ETag headers. Customers running versions of Apache <= will need to upgrade to a later version and then apply the settings listed below (see Apache Version and later), as versions of Apache and earlier do not have the ability to configure these setting. For Apache and later: In Apache Version and later, it's possible to configure the FileETag directive to generate ETag headers without inode information, which mitigates this vulnerability. To do so, include "FileETag -INode" in the Apache server configuration file for a specific subdirectory. In order to fix this vulnerability globally, for the Web server, use the option "FileETag None". Use the option "FileETag MTime Size" if you just want to remove the Inode information. OpenBSD: OpenBSD has released a patch that fixes this vulnerability. After installing the patch, inode numbers returned from the server are encoded using a private hash to avoid the release of sensitive information. "646fa-7ab-500e0b4e5a84c" Remote Access or Management Service Detected QID: Category: General remote services Port: 0 A remote access or remote management service was detected. If such a service is accessible to malicious users it can be used to carry different type of attacks. Malicious users could try to brute force credentials or collect additional information on the service which could enable them in crafting further attacks. The Results section includes information on the remote access service that was found on the target. Services like Telnet, Rlogin, SSH, windows remote desktop, pcanywhere, Citrix Management Console, Remote Admin (RAdmin), VNC, OPENVPN and ISAKMP are checked. Consequences vary by the type of attack. Expose the remote access or remote management services only to the system administrators or intended users of the system. Service name: FTP on TCP port /71

24 Remote Management Service Accepting Unencrypted Credentials Detected QID: Category: Information gathering CVSS Port: 0Base: A remote management service that accepts unencrypted credentials was detected on target host. Services like Telnet, FTP, HTTP with basic auth are checked. If an attacker is able to intercept network traffic, he will gain access to the service credentials. Use alternate services that provide encryption if possible. Service name: FTP on TCP port 21. POP3 Banner QID: Category: Mail services Port: 110 +OK Dovecot ready. FTP Server Banner QID: Category: File Transfer Protocol Port: 21 CVEID: CVE The following message is shown to all users logging on to your FTP server, including anonymous logins if they are allowed on your server. Unauthorized users can obtain sensitive information about your server, such as the version or type of server you are running, and use this information to implement specific attacks against the server. If possible, edit the configuration files or recompile the server to restrict the type of information disclosed Welcome to Pure-FTPd [privsep] [TLS] You are user number 2 of 500 allowed. 220-Local time is now 05:42. Server port: This is a private system - No anonymous login 220 You will be disconnected after 15 minutes of inactivity. IMAP Banner 24/71

25 QID: Category: Mail services Port: 993 * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. Operating System Detected QID: Category: Information gathering Port: 0 Several different techniques can be used to identify the operating system (OS) running on a host. A short description of these techniques is provided below. The specific technique used to identify the OS on this host is included in the RESULTS section of your report. 1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique, the OS version is among those listed below. Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating system detected may be that for the firewall instead of for the host being scanned. 2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. NetBIOS relies on a message format called Server Message Block (SMB). 3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTMLembedded scripting language used to create dynamic Web pages. Under some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information. 4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating system. Not applicable. Not applicable. #table cols="3" Operating_System Technique ID Ubuntu_/_Linux_2.6.x TCP/IP_Fingerprint U4856:21 SMTP Banner QID: Category: Mail services Port: /71

26 220-p3plcpnl0246.prod.phx3.secureserver.net ESMTP Exim 4.82 #2 Mon, 06 Oct :45: We do not authorize the use of this system to transport unsolicited, 220 and/or bulk . SMTP Banner QID: Category: Mail services Port: p3plcpnl0246.prod.phx3.secureserver.net ESMTP Exim 4.82 #2 Mon, 06 Oct :45: We do not authorize the use of this system to transport unsolicited, 220 and/or bulk . SMTP Banner QID: Category: Mail services Port: p3plcpnl0246.prod.phx3.secureserver.net ESMTP Exim 4.82 #2 Mon, 06 Oct :42: We do not authorize the use of this system to transport unsolicited, 220 and/or bulk . IMAP Banner QID: Category: Mail services Port: 143 * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. 26/71

27 POP3 Banner QID: Category: Mail services Port: 995 +OK Dovecot ready. MySQL Banner QID: Category: Database Port: cl SMTP Service Detected QID: Category: Mail services Port: 465 The Mail Service on this host can be identified from a remote system using SMTP fingerprinting. According to the results of this fingerprinting technique, the Mail Service name and version are listed below. Name: Exim, Version: 4.24 or earlier SMTP Service Detected QID: Category: Mail services Port: 25 The Mail Service on this host can be identified from a remote system using SMTP fingerprinting. According to the results of this fingerprinting technique, the Mail Service name and version are listed below. 27/71

28 Name: Exim, Version: 4.24 or earlier Host Uptime Based on TCP TimeStamp Option QID: Category: TCP/IP Port: 0 The TCP/IP stack on the host supports the TCP TimeStamp (kind 8) option. Typically the timestamp used is the host's uptime (since last reboot) in various units (e.g., one hundredth of second, one tenth of a second, etc.). Based on this, we can obtain the host's uptime. The result is given in the Result section below. Some operating systems (e.g., MacOS, OpenBSD) use a non-zero, probably random, initial value for the timestamp. For these operating systems, the uptime obtained does not reflect the actual uptime of the host; the former is always larger than the latter. Based on TCP timestamps obtained via port 21, the host's uptime is 31 days, 11 hours, and 22 minutes. The TCP timestamps from the host are in units of 1 milliseconds. SMTP Service Detected QID: Category: Mail services Port: 587 The Mail Service on this host can be identified from a remote system using SMTP fingerprinting. According to the results of this fingerprinting technique, the Mail Service name and version are listed below. Name: Exim, Version: 4.24 or earlier Web Server Version QID: Category: Web server Port: 80 28/71

29 #table cols="2" Server_Version Server_Banner Apache_2.0 Apache_mod fcgid/ dev Open TCP Services List QID: Category: TCP/IP Port: 0 The port scanner enables unauthorized users with the appropriate tools to draw a map of all services on this host that can be accessed from the Internet. The test was carried out with a "stealth" port scanner so that the server does not log real connections. The Results section displays the port number (Port), the default service listening on the port (IANA Assigned Ports/Services), the description of the service (Description) and the service that the scanner detected using service discovery (Service Detected). Unauthorized users can exploit this information to test vulnerabilities in each of the open services. Shut down any unknown or unused service on the list. If you have difficulty figuring out which service is provided by which process or program, contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting port scanners of this kind, visit the CERT Web site. #table cols="5" Port IANA_Assigned_Ports/Services Description Service_Detected OS_On_Redirected_Port 21 ftp File_Transfer_[Control] ftp 25 smtp Simple_Mail_Transfer smtp 80 www World_Wide_Web_HTTP http 110 pop3 Post_Office_Protocol_-_Version_3 pop3 143 imap Internet_Message_Access_Protocol imap 443 https http_protocol_over_tls/ssl http_over_ssl _ 465 smtps smtp_protocol_over_tls/ssl_(was_ssmtp) smtp_over_ssl _ 587 submission Submission smtp 993 imaps imap4_protocol_over_tls/ssl imap_over_ssl _ 995 pop3s pop3_protocol_over_tls/ssl_(was_spop3) pop3_over_ssl _ 3306 mysql MySQL mysql SSL Web Server Version QID: Category: Web server Port: 443 #table cols="2" Server_Version Server_Banner Apache_2.0 Apache_mod fcgid/ dev Firewall Detected QID: Category: Firewall Port: 0 29/71

30 A packet filtering device protecting this IP was detected. This is likely to be a firewall or a router using access control lists (ACLs). Some of the ports filtered by the firewall are: 20, 22, 23, 53, 111, 135, 445, 1, 7, 11. Listed below are the ports filtered by the firewall. No response has been received when any of these ports is probed. 1-3,5,7,9,11,13,15,17-20,22-24,27,29,31,33,35,37-39,41-79,81-109, , , , , ,309,311,318, , ,363, , , , ,598,600, ,624,627,631, , ,700, ,707, , , ,744, , ,767, , , 786, ,860,873, , ,911,950, , , , 1008, ,1015, , ,1114,1123,1155,1167,1170,1207, 1212,1214, , ,1241,1243,1245,1248,1269, ,1337, , , , , , , , 1973,1981, ,2030, ,2038, ,2053,2065,2067,2080, 2097, and more. We have omitted from this list 708 higher ports to keep the report size manageable. SSL Server Information Retrieval QID: Category: General remote services Port: 587 The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-low grade cipher. In this case even though LOW grade cipher will be listed here QID will not be reported. SSLv2_PROTOCOL_IS_DISABLED _ SSLv3_PROTOCOL_IS_ENABLED _ SSLv3 COMPRESSION_METHOD None _ RC4-MD5 RSA RSA MD5 RC4(128)_ MEDIUM_ RC4-SHA RSA RSA SHA1 RC4(128)_ MEDIUM_ IDEA-CBC-SHA RSA RSA SHA1 IDEA(128)_ MEDIUM_ DES-CBC3-SHA RSA RSA SHA1 3DES(168)_ HIGH_ EDH-RSA-DES- CBC3-SHA DH RSA SHA1 3DES(168)_ HIGH_ AES128-SHA RSA RSA SHA1 AES(128)_ MEDIUM_ DHE-RSA-AES128-SHA DH RSA SHA1 AES(128)_ MEDIUM_ AES256-SHA RSA RSA SHA1 AES(256)_ HIGH_ DHE-RSA-AES256-SHA DH RSA SHA1 AES(256)_ HIGH_ CAMELLIA128-SHA RSA RSA SHA1 Camellia(128)_ MEDIUM_ DHE-RSA-CAMELLIA128- SHA DH RSA SHA1 Camellia(128)_ MEDIUM_ CAMELLIA256-SHA RSA RSA SHA1 Camellia(256)_ HIGH_ DHE-RSA-CAMELLIA256-SHA DH RSA SHA1 Camellia(256)_ HIGH_ SEED-SHA RSA RSA SHA1 SEED(128)_ MEDIUM_ DHE-RSA-SEED-SHA DH RSA SHA1 SEED(128)_ MEDIUM_ TLSv1_PROTOCOL_IS_ENABLED _ TLSv1 COMPRESSION_METHOD None _ RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_ RC4- SHA RSA RSA SHA1 RC4(128) _MEDIUM_ IDEA-CBC-SHA RSA RSA SHA1 IDEA(128) _MEDIUM_ DES-CBC3-SHA RSA RSA SHA1 3DES(168) _HIGH_ EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168) _HIGH_ AES128-SHA RSA RSA SHA1 AES(128) _MEDIUM_ DHE-RSA-AES128-SHA DH RSA SHA1 AES(128) _MEDIUM_ AES256-SHA RSA RSA SHA1 AES(256) _HIGH_ DHE-RSA-AES256-SHA DH RSA SHA1 AES(256) _HIGH_ CAMELLIA128-SHA RSA RSA SHA1 Camellia(128) _MEDIUM_ DHE-RSA-CAMELLIA128- SHA DH RSA SHA1 Camellia(128) _MEDIUM_ CAMELLIA256-SHA RSA RSA SHA1 Camellia(256) _HIGH_ DHE-RSA-CAMELLIA256-SHA DH RSA SHA1 Camellia(256) _HIGH_ SEED-SHA RSA RSA SHA1 SEED(128) _MEDIUM_ DHE-RSA-SEED-SHA DH RSA SHA1 SEED(128) _MEDIUM_ 30/71

31 Degree of Randomness of TCP Initial Sequence Numbers QID: Category: TCP/IP Port: 0 TCP Initial Sequence Numbers (ISNs) obtained in the SYNACK replies from the host are analyzed to determine how random they are. The average change between subsequent ISNs and the standard deviation from the average are displayed in the RESULT section. Also included is the degree of difficulty for exploitation of the TCP ISN generation scheme used by the host. Average change between subsequent TCP initial sequence numbers is with a standard deviation of These TCP initial sequence numbers were triggered by TCP SYN probes sent to the host at an average rate of 1/(11397 microseconds). The degree of difficulty to exploit the TCP initial sequence number generation scheme is: hard. SSL Certificate will expire within next six months QID: Category: General remote services Port: 21 Certificate are used for authentication purposes in different protocols such as SSL/TLS. Each certificate has a validity period outside of which it is supposed to be considered invalid. This QID is reported to inform that a certificate will expire within next six months. The advance notice can be helpful since obtaining a certificate can take some time. Expired certificates can cause connection disruptions or compromise the integrity and privacy of the connections being protected by certificates. Contact the certificate authority that signed your certificate to arrange for a renewal. Certificate #0 [email protected],cn=p3plcpnl0246.p rod.phx3.secureserver.net The certificate will expire within six months: Feb 20 18:37: GMT SSL Session Caching Information QID: Category: General remote services Port: 25 SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier 31/71

32 connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters. This test determines if SSL session caching is enabled on the host. SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only. SSLv3 session caching is disabled on the target.tlsv1 session caching is disabled on the target. TLS Secure Renegotiation Extension Supported QID: Category: General remote services Port: 465 Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not. TLS Secure Renegotiation Extension Status: supported. TLS Secure Renegotiation Extension Supported QID: Category: General remote services Port: 443 Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not. 32/71

33 TLS Secure Renegotiation Extension Status: not supported. SSL Server Information Retrieval QID: Category: General remote services Port: 993 The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-low grade cipher. In this case even though LOW grade cipher will be listed here QID will not be reported. SSLv2_PROTOCOL_IS_DISABLED _ SSLv3_PROTOCOL_IS_ENABLED _ SSLv3 COMPRESSION_METHOD None _ RC4-MD5 RSA RSA MD5 RC4(128)_ MEDIUM_ RC4-SHA RSA RSA SHA1 RC4(128)_ MEDIUM_ IDEA-CBC-SHA RSA RSA SHA1 IDEA(128)_ MEDIUM_ DES-CBC3-SHA RSA RSA SHA1 3DES(168)_ HIGH_ EDH-RSA-DES- CBC3-SHA DH RSA SHA1 3DES(168)_ HIGH_ AES128-SHA RSA RSA SHA1 AES(128)_ MEDIUM_ DHE-RSA-AES128-SHA DH RSA SHA1 AES(128)_ MEDIUM_ AES256-SHA RSA RSA SHA1 AES(256)_ HIGH_ DHE-RSA-AES256-SHA DH RSA SHA1 AES(256)_ HIGH_ CAMELLIA128-SHA RSA RSA SHA1 Camellia(128)_ MEDIUM_ DHE-RSA-CAMELLIA128- SHA DH RSA SHA1 Camellia(128)_ MEDIUM_ CAMELLIA256-SHA RSA RSA SHA1 Camellia(256)_ HIGH_ DHE-RSA-CAMELLIA256-SHA DH RSA SHA1 Camellia(256)_ HIGH_ SEED-SHA RSA RSA SHA1 SEED(128)_ MEDIUM_ DHE-RSA-SEED-SHA DH RSA SHA1 SEED(128)_ MEDIUM_ TLSv1_PROTOCOL_IS_ENABLED _ TLSv1 COMPRESSION_METHOD None _ RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_ RC4- SHA RSA RSA SHA1 RC4(128) _MEDIUM_ IDEA-CBC-SHA RSA RSA SHA1 IDEA(128) _MEDIUM_ DES-CBC3-SHA RSA RSA SHA1 3DES(168) _HIGH_ EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168) _HIGH_ AES128-SHA RSA RSA SHA1 AES(128) _MEDIUM_ DHE-RSA-AES128-SHA DH RSA SHA1 AES(128) _MEDIUM_ AES256-SHA RSA RSA SHA1 AES(256) _HIGH_ DHE-RSA-AES256-SHA DH RSA SHA1 AES(256) _HIGH_ CAMELLIA128-SHA RSA RSA SHA1 Camellia(128) _MEDIUM_ DHE-RSA-CAMELLIA128- SHA DH RSA SHA1 Camellia(128) _MEDIUM_ CAMELLIA256-SHA RSA RSA SHA1 Camellia(256) _HIGH_ DHE-RSA-CAMELLIA256-SHA DH RSA SHA1 Camellia(256) _HIGH_ SEED-SHA RSA RSA SHA1 SEED(128) _MEDIUM_ DHE-RSA-SEED-SHA DH RSA SHA1 SEED(128) _MEDIUM_ ICMP Replies Received QID: Category: TCP/IP Port: 0 ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. ICMP's principal purpose is to provide a protocol layer that informs gateways of the inter-connectivity and accessibility of other gateways or hosts. We have sent the following types of packets to trigger the host to send us ICMP replies: Echo Request (to trigger Echo Reply) Timestamp Request (to trigger Timestamp Reply) Address Mask Request (to trigger Address Mask Reply) UDP Packet (to trigger Port Unreachable Reply) IP Packet with Protocol >= 250 (to trigger Protocol Unreachable Reply) 33/71

34 Listed in the "Result" section are the ICMP replies that we have received. #table cols="3" ICMP_Reply_Type Triggered_By Additional_Information Echo_(type=0_code=0) Echo_Request Echo_Reply SSL Server Information Retrieval QID: Category: General remote services Port: 21 The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-low grade cipher. In this case even though LOW grade cipher will be listed here QID will not be reported. SSLv2_PROTOCOL_IS_DISABLED _ SSLv3_PROTOCOL_IS_ENABLED _ SSLv3 COMPRESSION_METHOD None _ RC4-MD5 RSA RSA MD5 RC4(128)_ MEDIUM_ RC4-SHA RSA RSA SHA1 RC4(128)_ MEDIUM_ IDEA-CBC-SHA RSA RSA SHA1 IDEA(128)_ MEDIUM_ DES-CBC3-SHA RSA RSA SHA1 3DES(168)_ HIGH_ EDH-RSA-DES- CBC3-SHA DH RSA SHA1 3DES(168)_ HIGH_ ADH-RC4-MD5 DH None MD5 RC4(128)_ MEDIUM_ ADH-DES-CBC3-SHA DH None SHA1 3DES(168)_ HIGH_ AES128-SHA RSA RSA SHA1 AES(128)_ MEDIUM_ DHE-RSA-AES128-SHA DH RSA SHA1 AES(128)_ MEDIUM_ ADH-AES128-SHA DH None SHA1 AES(128)_ MEDIUM_ AES256-SHA RSA RSA SHA1 AES(256)_ HIGH_ DHE-RSA-AES256-SHA DH RSA SHA1 AES(256)_ HIGH_ ADH-AES256- SHA DH None SHA1 AES(256)_ HIGH_ CAMELLIA128-SHA RSA RSA SHA1 Camellia(128)_ MEDIUM_ DHE-RSA-CAMELLIA128-SHA DH RSA SHA1 Camellia(128)_ MEDIUM_ ADH-CAMELLIA128-SHA DH None SHA1 Camellia(128)_ MEDIUM_ CAMELLIA256-SHA RSA RSA SHA1 Camellia(256)_ HIGH_ DHE-RSA-CAMELLIA256-SHA DH RSA SHA1 Camellia(256)_ HIGH_ ADH-CAMELLIA256-SHA DH None SHA1 Camellia(256)_ HIGH_ SEED-SHA RSA RSA SHA1 SEED(128)_ MEDIUM_ DHE-RSA- SEED-SHA DH RSA SHA1 SEED(128)_ MEDIUM_ ADH-SEED-SHA DH None SHA1 SEED(128)_ MEDIUM_ TLSv1_PROTOCOL_IS_ENABLED _ TLSv1 COMPRESSION_METHOD None _ RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_ RC4- SHA RSA RSA SHA1 RC4(128) _MEDIUM_ IDEA-CBC-SHA RSA RSA SHA1 IDEA(128) _MEDIUM_ DES-CBC3-SHA RSA RSA SHA1 3DES(168) _HIGH_ EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168) _HIGH_ ADH-RC4-MD5 DH None MD5 RC4(128) _MEDIUM_ ADH-DES-CBC3-SHA DH None SHA1 3DES(168) _HIGH_ AES128-SHA RSA RSA SHA1 AES(128) _MEDIUM_ DHE-RSA-AES128-SHA DH RSA SHA1 AES(128) _MEDIUM_ ADH- AES128-SHA DH None SHA1 AES(128) _MEDIUM_ AES256-SHA RSA RSA SHA1 AES(256) _HIGH_ DHE-RSA-AES256-SHA DH RSA SHA1 AES(256) _HIGH_ ADH-AES256-SHA DH None SHA1 AES(256) _HIGH_ CAMELLIA128-SHA RSA RSA SHA1 Camellia(128) _MEDIUM_ DHE-RSA-CAMELLIA128-SHA DH RSA SHA1 Camellia(128) _MEDIUM_ ADH- CAMELLIA128-SHA DH None SHA1 Camellia(128) _MEDIUM_ CAMELLIA256-SHA RSA RSA SHA1 Camellia(256) _HIGH_ DHE-RSA-CAMELLIA256-SHA DH RSA SHA1 Camellia(256) _HIGH_ ADH-CAMELLIA256-SHA DH None SHA1 Camellia(256) _HIGH_ SEED-SHA RSA RSA SHA1 SEED(128) _MEDIUM_ DHE-RSA-SEED-SHA DH RSA SHA1 SEED(128) _MEDIUM_ ADH-SEED-SHA DH None SHA1 SEED(128) _MEDIUM_ SSL Certificate - Information 34/71

35 QID: Category: Web server Port: 587 #table cols="2" NAME VALUE (0)CERTIFICATE_0 _ (0)Version 3_(0x2) (0)Serial_Number _04:21:c8:2b:ce:f1:ab_ (0)Signature_Algorithm sha1withrsaencryption (0)ISSUER_NAME _ countryname US _stateorprovincename Arizona _localityname Scottsdale _organizationname "Starfield_Technologies,_Inc." _organizationalunitname _commonname Starfield_Secure_Certification_Authority _serialnumber (0)SUBJECT_NAME _ countryname US _stateorprovincename Arizona _organizationname "Special_Domain_Services,_LLC" _commonname *.prod.phx3.secureserver.net (0)Valid_From Apr_10_21:06:10_2014_GMT (0)Valid_Till Oct_14_17:08:31_2016_GMT (0)Public_Key_Algorithm rsaencryption (0)RSA_Public_Key (2048_bit) (0) Public-Key:_(2048_bit)_ (0) Modulus:_ (0) 00:ba:cc:2a:8b:6c:db:a4:40:66:48:af:89:d4:72:_ (0) 14:5d:c3:f6:8b:fd:b9:20:ca:b5:ef:1c:b6:77:23:_ (0) 80:bf:3e:60:c1:de:0a:d9:82:ed:86:a9:5e:70:20:_ (0) f7:a9:a6:f9:ad:e0:33:78:a7:26:63:e8:87:61:cf:_ (0) 2d:8f:a1:67:36:5d:4c:c0:06:ad:2f:57:79:56:60:_ (0) d6:f9:ff:05:db:8a:e1:88:c6:50:e6:a3:b5:4e:7b:_ (0) 2e:f7:d1:ba:78:4c:6d:d7:97:c6:a2:3e:ae:a7:cb:_ (0) 09:ec:a5:0c:2c:47:a4:3a:e6:4f:cc:3a:01:aa:1a:_ (0) 50:bd:39:07:89:7a:ea:d3:29:21:bf:53:fd:0d:7d:_ (0) 2c:6d:79:16:e2:4f:d5:8c:aa:2b:d1:d4:5d:a5:66:_ (0) 99:8b:aa:fb:38:1a:cd:01:fd:04:3f:ad:bb:c1:35:_ (0) 91:49:0b:6e:a2:e6:3f:1e:5f:f2:6a:39:86:15:c8:_ (0) 98:a1:02:cb:f7:07:8d:85:06:3c:ab:6b:c1:31:15:_ (0) a2:54:c2:0a:bc:ec:e2:be:72:b9:08:d1:ce:1e:d6:_ (0) d3:c2:dc:09:3d:1b:19:58:c0:eb:7e:b2:e4:44:e3:_ (0) 88:b4:b7:b7:5f:69:2e:88:15:15:52:55:d2:79:df:_ (0) 99:29:df:ce:2d:93:a9:ed:28:24:84:f1:7c:fe:01:_ (0) 5d:f9_ (0) Exponent:_65537_(0x10001)_ (0)X509v3_EXTENSIONS _ (0)X509v3_Basic_Constraints critical (0) CA:FALSE (0)X509v3_Extended_Key_Usage _TLS_Web_Server_Authentication,_TLS_Web_Client_Authentication (0)X509v3_Key_Usage critical (0) Digital_Signature,_Key_Encipherment (0)X509v3_CRL_Distribution_Points _ (0) Full_Name:_ (0) URI: (0)X509v3_Certificate_Policies _Policy:_ _ (0) CPS:_http://certificates.starfieldtech.com/repository/_ (0)Authority_Information_Access _OCSP_- _URI: (0) CA_Issuers_- _URI: intermediate.crt _ (0)X509v3_Authority_Key_Identifier _keyid:49:4b:52:27:d1:1b:bc:f2:a1:21:6a:62:7b:51:42:7a:8a:d7:d5:56_ (0)X509v3_Subject_Alternative_Name _DNS:*.prod.phx3.secureserver.net,_DNS:prod.phx3.secureserver.net (0)X509v3_Subject_Key_Identifier _FC:08:18:6D:14:3A:A7:AA:5D:BF:D1:9A:1B:DE:43:A7:CB:15:65:F0 (0)Signature (256_octets)_ (0)_ bb:49:1d:0c:ab:69:95:ba:fb:f3:90:bb:03:4a:c2:c9 (0)_ b6:c0:b9:11:2f:78:43:b1:07:b9:27:f8:8d:12:d2:fb (0)_ 98:38:ab:c7:4a:88:47:70:64:f6:d6:3c:95:2a:37:1a (0)_ e4:e6:44:ee:5e:a7:0f:9a:31:80:8f:0c:14:0e:c3:f1 (0)_ ec:8f:e1:57:51:05:ee:cc:2f:77:36:e3:67:64:e1:a7 (0)_ 47:f2:2a:1f:17:c8:a6:9a:7f:ac:30:2e:35:a8:84:84 (0)_ 5c:8c:78:75:df:2d:1d:45:52:5d:e5:e4:fd:a6:eb:33 (0)_ 76:35:3f:50:b1:ec:9e:d4:24:f4:87:71:1e:21:81:95 (0)_ 55:22:da:06:35:12:b2:bb:0c:1a:7b:d9:a6:dc:e4:d5 (0)_ 99:67:0a:58:4c:59:c5:a3:d8:b3:54:b6:a9:d2:6a:91 (0)_ 2a:fd:dc:0d:31:6e:d9:28:67:73:46:7c:b2:9a:ed:67 (0)_ 8a:27:af:16:aa:3c:b7:d4:c4:5d:2a:68:0a:c9:19:71 (0)_ 35/71

36 85:dc:11:e6:b3:ff:6a:a3:4b:b6:d8:1d:21:14:7f:48 (0)_ 18:c4:40:28:d0:5d:f9:4d:09:1a:f4:e5:6f:17:11:81 (0)_ 9d:dc:d9:5e:3c:b7:a5:55:1f:57:5d:b4:7e:e7:01:60 (0)_ 61:60:e2:11:96:77:a0:a2:9a:ac:8e:6c:bc:37:eb:be (1)CERTIFICATE_1 _ (1)Version 3_(0x2) (1)Serial_Number 0_(0x0)_ (1)Signature_Algorithm sha1withrsaencryption (1)ISSUER_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (1)SUBJECT_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (1)Valid_From Jun_29_17:39:16_2004_GMT (1)Valid_Till Jun_29_17:39:16_2034_GMT (1)Public_Key_Algorithm rsaencryption (1)RSA_Public_Key (2048_bit) (1) Public-Key:_(2048_bit)_ (1) Modulus:_ (1) 00:b7:32:c8:fe:e9:71:a6:04:85:ad:0c:11:64:df:_ (1) ce:4d:ef:c8:03:18:87:3f:a1:ab:fb:3c:a6:9f:f0:_ (1) c3:a1:da:d4:d8:6e:2b:53:90:fb:24:a4:3e:84:f0:_ (1) 9e:e8:5f:ec:e5:27:44:f5:28:a6:3f:7b:de:e0:2a:_ (1) f0:c8:af:53:2f:9e:ca:05:01:93:1e:8f:66:1c:39:_ (1) a7:4d:fa:5a:b6:73:04:25:66:eb:77:7f:e7:59:c6:_ (1) 4a:99:25:14:54:eb:26:c7:f3:7f:19:d5:30:70:8f:_ (1) af:b0:46:2a:ff:ad:eb:29:ed:d7:9f:aa:04:87:a3:_ (1) d4:f9:89:a5:34:5f:db:43:91:82:36:d9:66:3c:b1:_ (1) b8:b9:82:fd:9c:3a:3e:10:c8:3b:ef:06:65:66:7a:_ (1) 9b:19:18:3d:ff:71:51:3c:30:2e:5f:be:3d:77:73:_ (1) b2:5d:06:6c:c3:23:56:9a:2b:85:26:92:1c:a7:02:_ (1) b3:e4:3f:0d:af:08:79:82:b8:36:3d:ea:9c:d3:35:_ (1) b3:bc:69:ca:f5:cc:9d:e8:fd:64:8d:17:80:33:6e:_ (1) 5e:4a:5d:99:c9:1e:87:b4:9d:1a:c0:d5:6e:13:35:_ (1) 23:5e:df:9b:5f:3d:ef:d6:f7:76:c2:ea:3e:bb:78:_ (1) 0d:1c:42:67:6b:04:d8:f8:d6:da:6f:8b:f2:44:a0:_ (1) 01:ab_ (1) Exponent:_3_(0x3)_ (1)X509v3_EXTENSIONS _ (1)X509v3_Subject_Key_Identifier _BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 (1)X509v3_Authority_Key_Identifier _keyid:bf:5f:b7:d1:ce:dd:1f:86:f4:5b:55:ac:dc:d7:10:c2:0e:a9:88:e7_ (1) DirName:/C=US/O=Starfield_Technologies,_Inc./OU=Starfield_Class_2_Certifi cation_authority_ (1) serial:00_ (1)X509v3_Basic_Constraints _CA:TRUE (1)Signature (256_octets)_ (1)_ 05:9d:3f:88:9d:d1:c9:1a:55:a1:ac:69:f3:f3:59:da (1)_ 9b:01:87:1a:4f:57:a9:a1:79:09:2a:db:f7:2f:b2:1e (1)_ cc:c7:5e:6a:d8:83:87:a1:97:ef:49:35:3e:77:06:41 (1)_ 58:62:bf:8e:58:b8:0a:67:3f:ec:b3:dd:21:66:1f:c9 (1)_ 54:fa:72:cc:3d:4c:40:d8:81:af:77:9e:83:7a:bb:a2 (1)_ c7:f5:34:17:8e:d9:11:40:f4:fc:2c:2a:4d:15:7f:a7 (1)_ 62:5d:2e:25:d3:00:0b:20:1a:1d:68:f9:17:b8:f4:bd (1)_ 8b:ed:28:59:dd:4d:16:8b:17:83:c8:b2:65:c7:2d:7a (1)_ a5:aa:bc:53:86:6d:dd:57:a4:ca:f8:20:41:0b:68:f0 (1)_ f4:fb:74:be:56:5d:7a:79:f5:f9:1d:85:e3:2d:95:be (1)_ f5:71:90:43:cc:8d:1f:9a:00:0a:87:29:e9:55:22:58 (1)_ 00:23:ea:e3:12:43:29:5b:47:08:dd:8c:41:6a:65:06 (1)_ a8:e5:21:aa:41:b4:95:21:95:b9:7d:d1:34:ab:13:d6 (1)_ ad:bc:dc:e2:3d:39:cd:bd:3e:75:70:a1:18:59:03:c9 (1)_ 22:b4:8f:9c:d5:5e:2a:d7:a5:b6:d4:0a:6d:f8:b7:40 (1)_ 11:46:9a:1f:79:0e:62:bf:0f:97:ec:e0:2f:1f:17:94 (2)CERTIFICATE_2 _ (2)Version 3_(0x2) (2)Serial_Number 513_(0x201)_ (2)Signature_Algorithm sha1withrsaencryption (2)ISSUER_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (2)SUBJECT_NAME _ countryname US _stateorprovincename Arizona _localityname Scottsdale _organizationname "Starfield_Technologies,_Inc." _organizationalunitname _commonname Starfield_Secure_Certification_Authority _serialnumber (2)Valid_From Nov_16_01:15:40_2006_GMT (2)Valid_Till Nov_16_01:15:40_2026_GMT (2)Public_Key_Algorithm rsaencryption (2)RSA_Public_Key (2048_bit) (2) Public-Key:_(2048_bit)_ (2) Modulus:_ (2) 00:e2:a7:5d:a3:ed:66:ef:6a:2f:2b:36:1f:dd:8d:_ (2) d3:05:02:a0:ca:0f:5e:19:ae:38:72:cf:16:da:54:_ (2) 4a:cb:48:0a:f4:a1:73:11:65:85:43:c9:5b:17:0c:_ (2) 9a:2b:be:0f:98:51:7a:60:29:0d:6c:de:e2:e8:e5:_ (2) 15:4d:56:ff:90:d1:a7:a6:04:3f:60:07:4a:ca:6f:_ (2)_ 36/71

37 _a5:10:e7:b3:f8:5c:b1:bc:2b:2a:dc:01:79:f5:1d:_ (2) 35:f5:7a:28:83:f2:93:73:82:89:ac:60:6d:cb:c2:_ (2) 48:c2:1d:d4:06:44:17:3c:ac:01:47:ab:3e:70:84:_ (2) 09:0b:b8:20:08:40:20:87:a1:63:1a:ca:3e:83:d2:_ (2) 37:b3:98:8d:32:3f:37:bf:a1:b7:5b:5f:de:5c:33:_ (2) 92:cf:3e:07:ce:b9:48:4b:e2:f0:55:50:2f:f8:70:_ (2) 42:89:d1:93:96:8a:63:d9:66:0d:e6:58:6e:b9:6d:_ (2) 90:bd:ca:dc:84:66:f2:39:8e:5b:a6:58:55:73:cb:_ (2) 62:6c:1b:d7:20:16:3b:2c:59:f5:cb:c8:56:32:4a:_ (2) 50:27:ba:55:d3:a8:01:cb:72:a9:74:8b:0c:ad:3a:_ (2) e5:15:b6:2a:df:65:f8:de:8a:f5:ef:84:3b:f9:e7:_ (2) 54:65:0b:80:bd:47:45:a5:f0:44:d8:53:3b:be:80:_ (2) f1:2f_ (2) Exponent:_65537_(0x10001)_ (2)X509v3_EXTENSIONS _ (2)X509v3_Subject_Key_Identifier _49:4B:52:27:D1:1B:BC:F2:A1:21:6A:62:7B:51:42:7A:8A:D7:D5:56 (2)X509v3_Authority_Key_Identifier _keyid:bf:5f:b7:d1:ce:dd:1f:86:f4:5b:55:ac:dc:d7:10:c2:0e:a9:88:e7_ (2)X509v3_Basic_Constraints critical (2) CA:TRUE,_pathlen:0 (2)Authority_Information_Access _OCSP_-_URI: (2)X509v3_CRL_Distribution_Points _ (2) Full_Name:_ (2) URI: (2)X509v3_Certificate_Policies _Policy:_X509v3_Any_Policy_ (2) CPS:_http://certificates.starfieldtech.com/repository_ (2)X509v3_Key_Usage critical (2) Certificate_Sign,_CRL_Sign (2)Signature (256_octets)_ (2)_ 86:52:ba:b3:1f:a6:5e:6b:90:a6:64:2a:fc:45:b2:ae (2)_ 9f:3e:b3:62:af:db:1f:67:c4:bd:ca:a1:2f:c7:9c:0d (2)_ 21:57:d0:f8:36:21:ce:3a:25:3e:78:76:b3:d9:dd:bc (2)_ de:fb:6c:84:5f:0c:a3:0d:12:eb:11:3b:71:5f:80:1e (2)_ f1:1f:6d:0e:5f:c1:ec:d4:a5:f7:65:bb:1f:4c:95:01 (2)_ 13:b2:6a:9c:0b:eb:1f:9d:b1:e7:ed:19:0d:bc:85:7c (2)_ f3:17:bd:59:63:ae:a7:1a:05:cd:47:e3:2d:96:62:51 (2)_ 32:0a:08:68:4b:22:77:5f:f7:45:dc:61:de:f4:cb:2b (2)_ 22:29:44:25:d2:9f:0b:77:7a:a1:26:7c:4a:d7:0f:c2 (2)_ d1:3c:ba:0e:a7:95:9a:5b:05:0a:10:f9:55:5f:c1:97 (2)_ 8b:74:cc:5e:28:69:13:7e:d0:0a:8d:9d:0f:60:54:7a (2)_ c4:8c:1b:35:0f:74:7a:70:b2:82:cf:1d:b5:e2:8a:db (2)_ 2a:c6:b2:51:69:bf:12:17:92:60:17:aa:3d:5b:09:f8 (2)_ 87:65:1d:a7:a4:28:e5:22:02:03:82:44:9a:34:63:9e (2)_ fb:28:cf:e8:cd:2e:0e:52:20:ed:4a:cb:38:7c:9d:ae (2)_ 6e:79:d7:95:2c:a8:91:f3:86:01:21:91:4b:b5:40:a4 SSL Certificate - Information QID: Category: Web server Port: 995 #table cols="2" NAME VALUE (0)CERTIFICATE_0 _ (0)Version 3_(0x2) (0)Serial_Number _04:21:c8:2b:ce:f1:ab_ (0)Signature_Algorithm sha1withrsaencryption (0)ISSUER_NAME _ countryname US _stateorprovincename Arizona _localityname Scottsdale _organizationname "Starfield_Technologies,_Inc." _organizationalunitname _commonname Starfield_Secure_Certification_Authority _serialnumber (0)SUBJECT_NAME _ countryname US _stateorprovincename Arizona _organizationname "Special_Domain_Services,_LLC" _commonname *.prod.phx3.secureserver.net (0)Valid_From Apr_10_21:06:10_2014_GMT (0)Valid_Till Oct_14_17:08:31_2016_GMT (0)Public_Key_Algorithm rsaencryption (0)RSA_Public_Key (2048_bit) (0) Public-Key:_(2048_bit)_ (0) Modulus:_ (0) 00:ba:cc:2a:8b:6c:db:a4:40:66:48:af:89:d4:72:_ (0)_ 37/71

38 _14:5d:c3:f6:8b:fd:b9:20:ca:b5:ef:1c:b6:77:23:_ (0) 80:bf:3e:60:c1:de:0a:d9:82:ed:86:a9:5e:70:20:_ (0) f7:a9:a6:f9:ad:e0:33:78:a7:26:63:e8:87:61:cf:_ (0) 2d:8f:a1:67:36:5d:4c:c0:06:ad:2f:57:79:56:60:_ (0) d6:f9:ff:05:db:8a:e1:88:c6:50:e6:a3:b5:4e:7b:_ (0) 2e:f7:d1:ba:78:4c:6d:d7:97:c6:a2:3e:ae:a7:cb:_ (0) 09:ec:a5:0c:2c:47:a4:3a:e6:4f:cc:3a:01:aa:1a:_ (0) 50:bd:39:07:89:7a:ea:d3:29:21:bf:53:fd:0d:7d:_ (0) 2c:6d:79:16:e2:4f:d5:8c:aa:2b:d1:d4:5d:a5:66:_ (0) 99:8b:aa:fb:38:1a:cd:01:fd:04:3f:ad:bb:c1:35:_ (0) 91:49:0b:6e:a2:e6:3f:1e:5f:f2:6a:39:86:15:c8:_ (0) 98:a1:02:cb:f7:07:8d:85:06:3c:ab:6b:c1:31:15:_ (0) a2:54:c2:0a:bc:ec:e2:be:72:b9:08:d1:ce:1e:d6:_ (0) d3:c2:dc:09:3d:1b:19:58:c0:eb:7e:b2:e4:44:e3:_ (0) 88:b4:b7:b7:5f:69:2e:88:15:15:52:55:d2:79:df:_ (0) 99:29:df:ce:2d:93:a9:ed:28:24:84:f1:7c:fe:01:_ (0) 5d:f9_ (0) Exponent:_65537_(0x10001)_ (0)X509v3_EXTENSIONS _ (0)X509v3_Basic_Constraints critical (0) CA:FALSE (0)X509v3_Extended_Key_Usage _TLS_Web_Server_Authentication,_TLS_Web_Client_Authentication (0)X509v3_Key_Usage critical (0) Digital_Signature,_Key_Encipherment (0)X509v3_CRL_Distribution_Points _ (0) Full_Name:_ (0) URI: (0)X509v3_Certificate_Policies _Policy:_ _ (0) CPS:_http://certificates.starfieldtech.com/repository/_ (0)Authority_Information_Access _OCSP_- _URI: (0) CA_Issuers_- _URI: intermediate.crt _ (0)X509v3_Authority_Key_Identifier _keyid:49:4b:52:27:d1:1b:bc:f2:a1:21:6a:62:7b:51:42:7a:8a:d7:d5:56_ (0)X509v3_Subject_Alternative_Name _DNS:*.prod.phx3.secureserver.net,_DNS:prod.phx3.secureserver.net (0)X509v3_Subject_Key_Identifier _FC:08:18:6D:14:3A:A7:AA:5D:BF:D1:9A:1B:DE:43:A7:CB:15:65:F0 (0)Signature (256_octets)_ (0)_ bb:49:1d:0c:ab:69:95:ba:fb:f3:90:bb:03:4a:c2:c9 (0)_ b6:c0:b9:11:2f:78:43:b1:07:b9:27:f8:8d:12:d2:fb (0)_ 98:38:ab:c7:4a:88:47:70:64:f6:d6:3c:95:2a:37:1a (0)_ e4:e6:44:ee:5e:a7:0f:9a:31:80:8f:0c:14:0e:c3:f1 (0)_ ec:8f:e1:57:51:05:ee:cc:2f:77:36:e3:67:64:e1:a7 (0)_ 47:f2:2a:1f:17:c8:a6:9a:7f:ac:30:2e:35:a8:84:84 (0)_ 5c:8c:78:75:df:2d:1d:45:52:5d:e5:e4:fd:a6:eb:33 (0)_ 76:35:3f:50:b1:ec:9e:d4:24:f4:87:71:1e:21:81:95 (0)_ 55:22:da:06:35:12:b2:bb:0c:1a:7b:d9:a6:dc:e4:d5 (0)_ 99:67:0a:58:4c:59:c5:a3:d8:b3:54:b6:a9:d2:6a:91 (0)_ 2a:fd:dc:0d:31:6e:d9:28:67:73:46:7c:b2:9a:ed:67 (0)_ 8a:27:af:16:aa:3c:b7:d4:c4:5d:2a:68:0a:c9:19:71 (0)_ 85:dc:11:e6:b3:ff:6a:a3:4b:b6:d8:1d:21:14:7f:48 (0)_ 18:c4:40:28:d0:5d:f9:4d:09:1a:f4:e5:6f:17:11:81 (0)_ 9d:dc:d9:5e:3c:b7:a5:55:1f:57:5d:b4:7e:e7:01:60 (0)_ 61:60:e2:11:96:77:a0:a2:9a:ac:8e:6c:bc:37:eb:be (1)CERTIFICATE_1 _ (1)Version 3_(0x2) (1)Serial_Number 0_(0x0)_ (1)Signature_Algorithm sha1withrsaencryption (1)ISSUER_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (1)SUBJECT_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (1)Valid_From Jun_29_17:39:16_2004_GMT (1)Valid_Till Jun_29_17:39:16_2034_GMT (1)Public_Key_Algorithm rsaencryption (1)RSA_Public_Key (2048_bit) (1) Public-Key:_(2048_bit)_ (1) Modulus:_ (1) 00:b7:32:c8:fe:e9:71:a6:04:85:ad:0c:11:64:df:_ (1) ce:4d:ef:c8:03:18:87:3f:a1:ab:fb:3c:a6:9f:f0:_ (1) c3:a1:da:d4:d8:6e:2b:53:90:fb:24:a4:3e:84:f0:_ (1) 9e:e8:5f:ec:e5:27:44:f5:28:a6:3f:7b:de:e0:2a:_ (1) f0:c8:af:53:2f:9e:ca:05:01:93:1e:8f:66:1c:39:_ (1) a7:4d:fa:5a:b6:73:04:25:66:eb:77:7f:e7:59:c6:_ (1) 4a:99:25:14:54:eb:26:c7:f3:7f:19:d5:30:70:8f:_ (1) af:b0:46:2a:ff:ad:eb:29:ed:d7:9f:aa:04:87:a3:_ (1) d4:f9:89:a5:34:5f:db:43:91:82:36:d9:66:3c:b1:_ (1) b8:b9:82:fd:9c:3a:3e:10:c8:3b:ef:06:65:66:7a:_ (1) 9b:19:18:3d:ff:71:51:3c:30:2e:5f:be:3d:77:73:_ (1)_ 38/71

39 _b2:5d:06:6c:c3:23:56:9a:2b:85:26:92:1c:a7:02:_ (1) b3:e4:3f:0d:af:08:79:82:b8:36:3d:ea:9c:d3:35:_ (1) b3:bc:69:ca:f5:cc:9d:e8:fd:64:8d:17:80:33:6e:_ (1) 5e:4a:5d:99:c9:1e:87:b4:9d:1a:c0:d5:6e:13:35:_ (1) 23:5e:df:9b:5f:3d:ef:d6:f7:76:c2:ea:3e:bb:78:_ (1) 0d:1c:42:67:6b:04:d8:f8:d6:da:6f:8b:f2:44:a0:_ (1) 01:ab_ (1) Exponent:_3_(0x3)_ (1)X509v3_EXTENSIONS _ (1)X509v3_Subject_Key_Identifier _BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 (1)X509v3_Authority_Key_Identifier _keyid:bf:5f:b7:d1:ce:dd:1f:86:f4:5b:55:ac:dc:d7:10:c2:0e:a9:88:e7_ (1) DirName:/C=US/O=Starfield_Technologies,_Inc./OU=Starfield_Class_2_Certifi cation_authority_ (1) serial:00_ (1)X509v3_Basic_Constraints _CA:TRUE (1)Signature (256_octets)_ (1)_ 05:9d:3f:88:9d:d1:c9:1a:55:a1:ac:69:f3:f3:59:da (1)_ 9b:01:87:1a:4f:57:a9:a1:79:09:2a:db:f7:2f:b2:1e (1)_ cc:c7:5e:6a:d8:83:87:a1:97:ef:49:35:3e:77:06:41 (1)_ 58:62:bf:8e:58:b8:0a:67:3f:ec:b3:dd:21:66:1f:c9 (1)_ 54:fa:72:cc:3d:4c:40:d8:81:af:77:9e:83:7a:bb:a2 (1)_ c7:f5:34:17:8e:d9:11:40:f4:fc:2c:2a:4d:15:7f:a7 (1)_ 62:5d:2e:25:d3:00:0b:20:1a:1d:68:f9:17:b8:f4:bd (1)_ 8b:ed:28:59:dd:4d:16:8b:17:83:c8:b2:65:c7:2d:7a (1)_ a5:aa:bc:53:86:6d:dd:57:a4:ca:f8:20:41:0b:68:f0 (1)_ f4:fb:74:be:56:5d:7a:79:f5:f9:1d:85:e3:2d:95:be (1)_ f5:71:90:43:cc:8d:1f:9a:00:0a:87:29:e9:55:22:58 (1)_ 00:23:ea:e3:12:43:29:5b:47:08:dd:8c:41:6a:65:06 (1)_ a8:e5:21:aa:41:b4:95:21:95:b9:7d:d1:34:ab:13:d6 (1)_ ad:bc:dc:e2:3d:39:cd:bd:3e:75:70:a1:18:59:03:c9 (1)_ 22:b4:8f:9c:d5:5e:2a:d7:a5:b6:d4:0a:6d:f8:b7:40 (1)_ 11:46:9a:1f:79:0e:62:bf:0f:97:ec:e0:2f:1f:17:94 (2)CERTIFICATE_2 _ (2)Version 3_(0x2) (2)Serial_Number 513_(0x201)_ (2)Signature_Algorithm sha1withrsaencryption (2)ISSUER_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (2)SUBJECT_NAME _ countryname US _stateorprovincename Arizona _localityname Scottsdale _organizationname "Starfield_Technologies,_Inc." _organizationalunitname _commonname Starfield_Secure_Certification_Authority _serialnumber (2)Valid_From Nov_16_01:15:40_2006_GMT (2)Valid_Till Nov_16_01:15:40_2026_GMT (2)Public_Key_Algorithm rsaencryption (2)RSA_Public_Key (2048_bit) (2) Public-Key:_(2048_bit)_ (2) Modulus:_ (2) 00:e2:a7:5d:a3:ed:66:ef:6a:2f:2b:36:1f:dd:8d:_ (2) d3:05:02:a0:ca:0f:5e:19:ae:38:72:cf:16:da:54:_ (2) 4a:cb:48:0a:f4:a1:73:11:65:85:43:c9:5b:17:0c:_ (2) 9a:2b:be:0f:98:51:7a:60:29:0d:6c:de:e2:e8:e5:_ (2) 15:4d:56:ff:90:d1:a7:a6:04:3f:60:07:4a:ca:6f:_ (2) a5:10:e7:b3:f8:5c:b1:bc:2b:2a:dc:01:79:f5:1d:_ (2) 35:f5:7a:28:83:f2:93:73:82:89:ac:60:6d:cb:c2:_ (2) 48:c2:1d:d4:06:44:17:3c:ac:01:47:ab:3e:70:84:_ (2) 09:0b:b8:20:08:40:20:87:a1:63:1a:ca:3e:83:d2:_ (2) 37:b3:98:8d:32:3f:37:bf:a1:b7:5b:5f:de:5c:33:_ (2) 92:cf:3e:07:ce:b9:48:4b:e2:f0:55:50:2f:f8:70:_ (2) 42:89:d1:93:96:8a:63:d9:66:0d:e6:58:6e:b9:6d:_ (2) 90:bd:ca:dc:84:66:f2:39:8e:5b:a6:58:55:73:cb:_ (2) 62:6c:1b:d7:20:16:3b:2c:59:f5:cb:c8:56:32:4a:_ (2) 50:27:ba:55:d3:a8:01:cb:72:a9:74:8b:0c:ad:3a:_ (2) e5:15:b6:2a:df:65:f8:de:8a:f5:ef:84:3b:f9:e7:_ (2) 54:65:0b:80:bd:47:45:a5:f0:44:d8:53:3b:be:80:_ (2) f1:2f_ (2) Exponent:_65537_(0x10001)_ (2)X509v3_EXTENSIONS _ (2)X509v3_Subject_Key_Identifier _49:4B:52:27:D1:1B:BC:F2:A1:21:6A:62:7B:51:42:7A:8A:D7:D5:56 (2)X509v3_Authority_Key_Identifier _keyid:bf:5f:b7:d1:ce:dd:1f:86:f4:5b:55:ac:dc:d7:10:c2:0e:a9:88:e7_ (2)X509v3_Basic_Constraints critical (2) CA:TRUE,_pathlen:0 (2)Authority_Information_Access _OCSP_-_URI: (2)X509v3_CRL_Distribution_Points _ (2) Full_Name:_ (2) URI: (2)X509v3_Certificate_Policies _Policy:_X509v3_Any_Policy_ (2) CPS:_http://certificates.starfieldtech.com/repository_ (2)X509v3_Key_Usage critical (2) Certificate_Sign,_CRL_Sign (2)Signature 39/71

40 (256_octets)_ (2)_ 86:52:ba:b3:1f:a6:5e:6b:90:a6:64:2a:fc:45:b2:ae (2)_ 9f:3e:b3:62:af:db:1f:67:c4:bd:ca:a1:2f:c7:9c:0d (2)_ 21:57:d0:f8:36:21:ce:3a:25:3e:78:76:b3:d9:dd:bc (2)_ de:fb:6c:84:5f:0c:a3:0d:12:eb:11:3b:71:5f:80:1e (2)_ f1:1f:6d:0e:5f:c1:ec:d4:a5:f7:65:bb:1f:4c:95:01 (2)_ 13:b2:6a:9c:0b:eb:1f:9d:b1:e7:ed:19:0d:bc:85:7c (2)_ f3:17:bd:59:63:ae:a7:1a:05:cd:47:e3:2d:96:62:51 (2)_ 32:0a:08:68:4b:22:77:5f:f7:45:dc:61:de:f4:cb:2b (2)_ 22:29:44:25:d2:9f:0b:77:7a:a1:26:7c:4a:d7:0f:c2 (2)_ d1:3c:ba:0e:a7:95:9a:5b:05:0a:10:f9:55:5f:c1:97 (2)_ 8b:74:cc:5e:28:69:13:7e:d0:0a:8d:9d:0f:60:54:7a (2)_ c4:8c:1b:35:0f:74:7a:70:b2:82:cf:1d:b5:e2:8a:db (2)_ 2a:c6:b2:51:69:bf:12:17:92:60:17:aa:3d:5b:09:f8 (2)_ 87:65:1d:a7:a4:28:e5:22:02:03:82:44:9a:34:63:9e (2)_ fb:28:cf:e8:cd:2e:0e:52:20:ed:4a:cb:38:7c:9d:ae (2)_ 6e:79:d7:95:2c:a8:91:f3:86:01:21:91:4b:b5:40:a4 List of Web Directories QID: Category: Web server Port: 80 Based largely on the HTTP reply code, the following directories are most likely present on the host. #table cols="2" Directory Source /cgi-bin/ brute_force /webmail/ brute_force Traceroute QID: Category: Information gathering Port: 0 Traceroute describes the path in realtime from the scanner to the remote host being contacted. It reports the IP addresses of all the routers in between. #table cols="4" Hops IP Round_Trip_Time Probe ms ICMP ms ICMP ms ICMP ms ICMP ms ICMP ms ICMP ms ICMP ms ICMP ms ICMP ms ICMP ms ICMP ms ICMP SSL Session Caching Information QID: Category: General remote services Port: /71

41 SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters. This test determines if SSL session caching is enabled on the host. SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only. TLSv1 session caching is enabled on the target. SSL Certificate - Information QID: Category: Web server Port: 143 #table cols="2" NAME VALUE (0)CERTIFICATE_0 _ (0)Version 3_(0x2) (0)Serial_Number _04:21:c8:2b:ce:f1:ab_ (0)Signature_Algorithm sha1withrsaencryption (0)ISSUER_NAME _ countryname US _stateorprovincename Arizona _localityname Scottsdale _organizationname "Starfield_Technologies,_Inc." _organizationalunitname _commonname Starfield_Secure_Certification_Authority _serialnumber (0)SUBJECT_NAME _ countryname US _stateorprovincename Arizona _organizationname "Special_Domain_Services,_LLC" _commonname *.prod.phx3.secureserver.net (0)Valid_From Apr_10_21:06:10_2014_GMT (0)Valid_Till Oct_14_17:08:31_2016_GMT (0)Public_Key_Algorithm rsaencryption (0)RSA_Public_Key (2048_bit) (0) Public-Key:_(2048_bit)_ (0) Modulus:_ (0) 00:ba:cc:2a:8b:6c:db:a4:40:66:48:af:89:d4:72:_ (0) 14:5d:c3:f6:8b:fd:b9:20:ca:b5:ef:1c:b6:77:23:_ (0) 80:bf:3e:60:c1:de:0a:d9:82:ed:86:a9:5e:70:20:_ (0) f7:a9:a6:f9:ad:e0:33:78:a7:26:63:e8:87:61:cf:_ (0) 2d:8f:a1:67:36:5d:4c:c0:06:ad:2f:57:79:56:60:_ (0) d6:f9:ff:05:db:8a:e1:88:c6:50:e6:a3:b5:4e:7b:_ (0) 2e:f7:d1:ba:78:4c:6d:d7:97:c6:a2:3e:ae:a7:cb:_ (0) 09:ec:a5:0c:2c:47:a4:3a:e6:4f:cc:3a:01:aa:1a:_ (0) 50:bd:39:07:89:7a:ea:d3:29:21:bf:53:fd:0d:7d:_ (0) 2c:6d:79:16:e2:4f:d5:8c:aa:2b:d1:d4:5d:a5:66:_ (0) 99:8b:aa:fb:38:1a:cd:01:fd:04:3f:ad:bb:c1:35:_ (0) 91:49:0b:6e:a2:e6:3f:1e:5f:f2:6a:39:86:15:c8:_ (0) 98:a1:02:cb:f7:07:8d:85:06:3c:ab:6b:c1:31:15:_ (0) a2:54:c2:0a:bc:ec:e2:be:72:b9:08:d1:ce:1e:d6:_ (0) d3:c2:dc:09:3d:1b:19:58:c0:eb:7e:b2:e4:44:e3:_ (0) 88:b4:b7:b7:5f:69:2e:88:15:15:52:55:d2:79:df:_ (0) 99:29:df:ce:2d:93:a9:ed:28:24:84:f1:7c:fe:01:_ (0) 5d:f9_ (0) Exponent:_65537_(0x10001)_ (0)X509v3_EXTENSIONS _ (0)X509v3_Basic_Constraints critical (0) CA:FALSE (0)X509v3_Extended_Key_Usage _TLS_Web_Server_Authentication,_TLS_Web_Client_Authentication (0)X509v3_Key_Usage critical (0) Digital_Signature,_Key_Encipherment (0)X509v3_CRL_Distribution_Points _ (0) Full_Name:_ (0) URI: 41/71

42 (0)X509v3_Certificate_Policies _Policy:_ _ (0) CPS:_http://certificates.starfieldtech.com/repository/_ (0)Authority_Information_Access _OCSP_- _URI: (0) CA_Issuers_- _URI: intermediate.crt _ (0)X509v3_Authority_Key_Identifier _keyid:49:4b:52:27:d1:1b:bc:f2:a1:21:6a:62:7b:51:42:7a:8a:d7:d5:56_ (0)X509v3_Subject_Alternative_Name _DNS:*.prod.phx3.secureserver.net,_DNS:prod.phx3.secureserver.net (0)X509v3_Subject_Key_Identifier _FC:08:18:6D:14:3A:A7:AA:5D:BF:D1:9A:1B:DE:43:A7:CB:15:65:F0 (0)Signature (256_octets)_ (0)_ bb:49:1d:0c:ab:69:95:ba:fb:f3:90:bb:03:4a:c2:c9 (0)_ b6:c0:b9:11:2f:78:43:b1:07:b9:27:f8:8d:12:d2:fb (0)_ 98:38:ab:c7:4a:88:47:70:64:f6:d6:3c:95:2a:37:1a (0)_ e4:e6:44:ee:5e:a7:0f:9a:31:80:8f:0c:14:0e:c3:f1 (0)_ ec:8f:e1:57:51:05:ee:cc:2f:77:36:e3:67:64:e1:a7 (0)_ 47:f2:2a:1f:17:c8:a6:9a:7f:ac:30:2e:35:a8:84:84 (0)_ 5c:8c:78:75:df:2d:1d:45:52:5d:e5:e4:fd:a6:eb:33 (0)_ 76:35:3f:50:b1:ec:9e:d4:24:f4:87:71:1e:21:81:95 (0)_ 55:22:da:06:35:12:b2:bb:0c:1a:7b:d9:a6:dc:e4:d5 (0)_ 99:67:0a:58:4c:59:c5:a3:d8:b3:54:b6:a9:d2:6a:91 (0)_ 2a:fd:dc:0d:31:6e:d9:28:67:73:46:7c:b2:9a:ed:67 (0)_ 8a:27:af:16:aa:3c:b7:d4:c4:5d:2a:68:0a:c9:19:71 (0)_ 85:dc:11:e6:b3:ff:6a:a3:4b:b6:d8:1d:21:14:7f:48 (0)_ 18:c4:40:28:d0:5d:f9:4d:09:1a:f4:e5:6f:17:11:81 (0)_ 9d:dc:d9:5e:3c:b7:a5:55:1f:57:5d:b4:7e:e7:01:60 (0)_ 61:60:e2:11:96:77:a0:a2:9a:ac:8e:6c:bc:37:eb:be (1)CERTIFICATE_1 _ (1)Version 3_(0x2) (1)Serial_Number 0_(0x0)_ (1)Signature_Algorithm sha1withrsaencryption (1)ISSUER_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (1)SUBJECT_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (1)Valid_From Jun_29_17:39:16_2004_GMT (1)Valid_Till Jun_29_17:39:16_2034_GMT (1)Public_Key_Algorithm rsaencryption (1)RSA_Public_Key (2048_bit) (1) Public-Key:_(2048_bit)_ (1) Modulus:_ (1) 00:b7:32:c8:fe:e9:71:a6:04:85:ad:0c:11:64:df:_ (1) ce:4d:ef:c8:03:18:87:3f:a1:ab:fb:3c:a6:9f:f0:_ (1) c3:a1:da:d4:d8:6e:2b:53:90:fb:24:a4:3e:84:f0:_ (1) 9e:e8:5f:ec:e5:27:44:f5:28:a6:3f:7b:de:e0:2a:_ (1) f0:c8:af:53:2f:9e:ca:05:01:93:1e:8f:66:1c:39:_ (1) a7:4d:fa:5a:b6:73:04:25:66:eb:77:7f:e7:59:c6:_ (1) 4a:99:25:14:54:eb:26:c7:f3:7f:19:d5:30:70:8f:_ (1) af:b0:46:2a:ff:ad:eb:29:ed:d7:9f:aa:04:87:a3:_ (1) d4:f9:89:a5:34:5f:db:43:91:82:36:d9:66:3c:b1:_ (1) b8:b9:82:fd:9c:3a:3e:10:c8:3b:ef:06:65:66:7a:_ (1) 9b:19:18:3d:ff:71:51:3c:30:2e:5f:be:3d:77:73:_ (1) b2:5d:06:6c:c3:23:56:9a:2b:85:26:92:1c:a7:02:_ (1) b3:e4:3f:0d:af:08:79:82:b8:36:3d:ea:9c:d3:35:_ (1) b3:bc:69:ca:f5:cc:9d:e8:fd:64:8d:17:80:33:6e:_ (1) 5e:4a:5d:99:c9:1e:87:b4:9d:1a:c0:d5:6e:13:35:_ (1) 23:5e:df:9b:5f:3d:ef:d6:f7:76:c2:ea:3e:bb:78:_ (1) 0d:1c:42:67:6b:04:d8:f8:d6:da:6f:8b:f2:44:a0:_ (1) 01:ab_ (1) Exponent:_3_(0x3)_ (1)X509v3_EXTENSIONS _ (1)X509v3_Subject_Key_Identifier _BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 (1)X509v3_Authority_Key_Identifier _keyid:bf:5f:b7:d1:ce:dd:1f:86:f4:5b:55:ac:dc:d7:10:c2:0e:a9:88:e7_ (1) DirName:/C=US/O=Starfield_Technologies,_Inc./OU=Starfield_Class_2_Certifi cation_authority_ (1) serial:00_ (1)X509v3_Basic_Constraints _CA:TRUE (1)Signature (256_octets)_ (1)_ 05:9d:3f:88:9d:d1:c9:1a:55:a1:ac:69:f3:f3:59:da (1)_ 9b:01:87:1a:4f:57:a9:a1:79:09:2a:db:f7:2f:b2:1e (1)_ cc:c7:5e:6a:d8:83:87:a1:97:ef:49:35:3e:77:06:41 (1)_ 58:62:bf:8e:58:b8:0a:67:3f:ec:b3:dd:21:66:1f:c9 (1)_ 54:fa:72:cc:3d:4c:40:d8:81:af:77:9e:83:7a:bb:a2 (1)_ c7:f5:34:17:8e:d9:11:40:f4:fc:2c:2a:4d:15:7f:a7 (1)_ 62:5d:2e:25:d3:00:0b:20:1a:1d:68:f9:17:b8:f4:bd (1)_ 8b:ed:28:59:dd:4d:16:8b:17:83:c8:b2:65:c7:2d:7a (1)_ a5:aa:bc:53:86:6d:dd:57:a4:ca:f8:20:41:0b:68:f0 (1)_ 42/71

43 f4:fb:74:be:56:5d:7a:79:f5:f9:1d:85:e3:2d:95:be (1)_ f5:71:90:43:cc:8d:1f:9a:00:0a:87:29:e9:55:22:58 (1)_ 00:23:ea:e3:12:43:29:5b:47:08:dd:8c:41:6a:65:06 (1)_ a8:e5:21:aa:41:b4:95:21:95:b9:7d:d1:34:ab:13:d6 (1)_ ad:bc:dc:e2:3d:39:cd:bd:3e:75:70:a1:18:59:03:c9 (1)_ 22:b4:8f:9c:d5:5e:2a:d7:a5:b6:d4:0a:6d:f8:b7:40 (1)_ 11:46:9a:1f:79:0e:62:bf:0f:97:ec:e0:2f:1f:17:94 (2)CERTIFICATE_2 _ (2)Version 3_(0x2) (2)Serial_Number 513_(0x201)_ (2)Signature_Algorithm sha1withrsaencryption (2)ISSUER_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (2)SUBJECT_NAME _ countryname US _stateorprovincename Arizona _localityname Scottsdale _organizationname "Starfield_Technologies,_Inc." _organizationalunitname _commonname Starfield_Secure_Certification_Authority _serialnumber (2)Valid_From Nov_16_01:15:40_2006_GMT (2)Valid_Till Nov_16_01:15:40_2026_GMT (2)Public_Key_Algorithm rsaencryption (2)RSA_Public_Key (2048_bit) (2) Public-Key:_(2048_bit)_ (2) Modulus:_ (2) 00:e2:a7:5d:a3:ed:66:ef:6a:2f:2b:36:1f:dd:8d:_ (2) d3:05:02:a0:ca:0f:5e:19:ae:38:72:cf:16:da:54:_ (2) 4a:cb:48:0a:f4:a1:73:11:65:85:43:c9:5b:17:0c:_ (2) 9a:2b:be:0f:98:51:7a:60:29:0d:6c:de:e2:e8:e5:_ (2) 15:4d:56:ff:90:d1:a7:a6:04:3f:60:07:4a:ca:6f:_ (2) a5:10:e7:b3:f8:5c:b1:bc:2b:2a:dc:01:79:f5:1d:_ (2) 35:f5:7a:28:83:f2:93:73:82:89:ac:60:6d:cb:c2:_ (2) 48:c2:1d:d4:06:44:17:3c:ac:01:47:ab:3e:70:84:_ (2) 09:0b:b8:20:08:40:20:87:a1:63:1a:ca:3e:83:d2:_ (2) 37:b3:98:8d:32:3f:37:bf:a1:b7:5b:5f:de:5c:33:_ (2) 92:cf:3e:07:ce:b9:48:4b:e2:f0:55:50:2f:f8:70:_ (2) 42:89:d1:93:96:8a:63:d9:66:0d:e6:58:6e:b9:6d:_ (2) 90:bd:ca:dc:84:66:f2:39:8e:5b:a6:58:55:73:cb:_ (2) 62:6c:1b:d7:20:16:3b:2c:59:f5:cb:c8:56:32:4a:_ (2) 50:27:ba:55:d3:a8:01:cb:72:a9:74:8b:0c:ad:3a:_ (2) e5:15:b6:2a:df:65:f8:de:8a:f5:ef:84:3b:f9:e7:_ (2) 54:65:0b:80:bd:47:45:a5:f0:44:d8:53:3b:be:80:_ (2) f1:2f_ (2) Exponent:_65537_(0x10001)_ (2)X509v3_EXTENSIONS _ (2)X509v3_Subject_Key_Identifier _49:4B:52:27:D1:1B:BC:F2:A1:21:6A:62:7B:51:42:7A:8A:D7:D5:56 (2)X509v3_Authority_Key_Identifier _keyid:bf:5f:b7:d1:ce:dd:1f:86:f4:5b:55:ac:dc:d7:10:c2:0e:a9:88:e7_ (2)X509v3_Basic_Constraints critical (2) CA:TRUE,_pathlen:0 (2)Authority_Information_Access _OCSP_-_URI: (2)X509v3_CRL_Distribution_Points _ (2) Full_Name:_ (2) URI: (2)X509v3_Certificate_Policies _Policy:_X509v3_Any_Policy_ (2) CPS:_http://certificates.starfieldtech.com/repository_ (2)X509v3_Key_Usage critical (2) Certificate_Sign,_CRL_Sign (2)Signature (256_octets)_ (2)_ 86:52:ba:b3:1f:a6:5e:6b:90:a6:64:2a:fc:45:b2:ae (2)_ 9f:3e:b3:62:af:db:1f:67:c4:bd:ca:a1:2f:c7:9c:0d (2)_ 21:57:d0:f8:36:21:ce:3a:25:3e:78:76:b3:d9:dd:bc (2)_ de:fb:6c:84:5f:0c:a3:0d:12:eb:11:3b:71:5f:80:1e (2)_ f1:1f:6d:0e:5f:c1:ec:d4:a5:f7:65:bb:1f:4c:95:01 (2)_ 13:b2:6a:9c:0b:eb:1f:9d:b1:e7:ed:19:0d:bc:85:7c (2)_ f3:17:bd:59:63:ae:a7:1a:05:cd:47:e3:2d:96:62:51 (2)_ 32:0a:08:68:4b:22:77:5f:f7:45:dc:61:de:f4:cb:2b (2)_ 22:29:44:25:d2:9f:0b:77:7a:a1:26:7c:4a:d7:0f:c2 (2)_ d1:3c:ba:0e:a7:95:9a:5b:05:0a:10:f9:55:5f:c1:97 (2)_ 8b:74:cc:5e:28:69:13:7e:d0:0a:8d:9d:0f:60:54:7a (2)_ c4:8c:1b:35:0f:74:7a:70:b2:82:cf:1d:b5:e2:8a:db (2)_ 2a:c6:b2:51:69:bf:12:17:92:60:17:aa:3d:5b:09:f8 (2)_ 87:65:1d:a7:a4:28:e5:22:02:03:82:44:9a:34:63:9e (2)_ fb:28:cf:e8:cd:2e:0e:52:20:ed:4a:cb:38:7c:9d:ae (2)_ 6e:79:d7:95:2c:a8:91:f3:86:01:21:91:4b:b5:40:a4 Host Scan Time QID: /71

44 Category: Information gathering Port: 0 The Host Scan Time is the period of time it takes the scanning engine to perform the vulnerability assessment of a single target host. The Host Scan Time for this host is reported in the Result section below. The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center. Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners. Scan duration: 1203 seconds Start time: Mon, Oct , 12:41:19 GMT End time: Mon, Oct , 13:01:22 GMT SSL Certificate - Information QID: Category: Web server Port: 465 #table cols="2" NAME VALUE (0)CERTIFICATE_0 _ (0)Version 3_(0x2) (0)Serial_Number _04:21:c8:2b:ce:f1:ab_ (0)Signature_Algorithm sha1withrsaencryption (0)ISSUER_NAME _ countryname US _stateorprovincename Arizona _localityname Scottsdale _organizationname "Starfield_Technologies,_Inc." _organizationalunitname _commonname Starfield_Secure_Certification_Authority _serialnumber (0)SUBJECT_NAME _ countryname US _stateorprovincename Arizona _organizationname "Special_Domain_Services,_LLC" _commonname *.prod.phx3.secureserver.net (0)Valid_From Apr_10_21:06:10_2014_GMT (0)Valid_Till Oct_14_17:08:31_2016_GMT (0)Public_Key_Algorithm rsaencryption (0)RSA_Public_Key (2048_bit) (0) Public-Key:_(2048_bit)_ (0) Modulus:_ (0) 00:ba:cc:2a:8b:6c:db:a4:40:66:48:af:89:d4:72:_ (0) 14:5d:c3:f6:8b:fd:b9:20:ca:b5:ef:1c:b6:77:23:_ (0) 80:bf:3e:60:c1:de:0a:d9:82:ed:86:a9:5e:70:20:_ (0) f7:a9:a6:f9:ad:e0:33:78:a7:26:63:e8:87:61:cf:_ (0) 2d:8f:a1:67:36:5d:4c:c0:06:ad:2f:57:79:56:60:_ (0) d6:f9:ff:05:db:8a:e1:88:c6:50:e6:a3:b5:4e:7b:_ (0) 2e:f7:d1:ba:78:4c:6d:d7:97:c6:a2:3e:ae:a7:cb:_ (0) 09:ec:a5:0c:2c:47:a4:3a:e6:4f:cc:3a:01:aa:1a:_ (0) 50:bd:39:07:89:7a:ea:d3:29:21:bf:53:fd:0d:7d:_ (0) 2c:6d:79:16:e2:4f:d5:8c:aa:2b:d1:d4:5d:a5:66:_ (0) 99:8b:aa:fb:38:1a:cd:01:fd:04:3f:ad:bb:c1:35:_ (0) 91:49:0b:6e:a2:e6:3f:1e:5f:f2:6a:39:86:15:c8:_ (0) 98:a1:02:cb:f7:07:8d:85:06:3c:ab:6b:c1:31:15:_ (0) a2:54:c2:0a:bc:ec:e2:be:72:b9:08:d1:ce:1e:d6:_ (0) d3:c2:dc:09:3d:1b:19:58:c0:eb:7e:b2:e4:44:e3:_ (0) 88:b4:b7:b7:5f:69:2e:88:15:15:52:55:d2:79:df:_ (0) 99:29:df:ce:2d:93:a9:ed:28:24:84:f1:7c:fe:01:_ (0) 5d:f9_ (0)_ 44/71

45 _Exponent:_65537_(0x10001)_ (0)X509v3_EXTENSIONS _ (0)X509v3_Basic_Constraints critical (0) CA:FALSE (0)X509v3_Extended_Key_Usage _TLS_Web_Server_Authentication,_TLS_Web_Client_Authentication (0)X509v3_Key_Usage critical (0) Digital_Signature,_Key_Encipherment (0)X509v3_CRL_Distribution_Points _ (0) Full_Name:_ (0) URI: (0)X509v3_Certificate_Policies _Policy:_ _ (0) CPS:_http://certificates.starfieldtech.com/repository/_ (0)Authority_Information_Access _OCSP_- _URI: (0) CA_Issuers_- _URI: intermediate.crt _ (0)X509v3_Authority_Key_Identifier _keyid:49:4b:52:27:d1:1b:bc:f2:a1:21:6a:62:7b:51:42:7a:8a:d7:d5:56_ (0)X509v3_Subject_Alternative_Name _DNS:*.prod.phx3.secureserver.net,_DNS:prod.phx3.secureserver.net (0)X509v3_Subject_Key_Identifier _FC:08:18:6D:14:3A:A7:AA:5D:BF:D1:9A:1B:DE:43:A7:CB:15:65:F0 (0)Signature (256_octets)_ (0)_ bb:49:1d:0c:ab:69:95:ba:fb:f3:90:bb:03:4a:c2:c9 (0)_ b6:c0:b9:11:2f:78:43:b1:07:b9:27:f8:8d:12:d2:fb (0)_ 98:38:ab:c7:4a:88:47:70:64:f6:d6:3c:95:2a:37:1a (0)_ e4:e6:44:ee:5e:a7:0f:9a:31:80:8f:0c:14:0e:c3:f1 (0)_ ec:8f:e1:57:51:05:ee:cc:2f:77:36:e3:67:64:e1:a7 (0)_ 47:f2:2a:1f:17:c8:a6:9a:7f:ac:30:2e:35:a8:84:84 (0)_ 5c:8c:78:75:df:2d:1d:45:52:5d:e5:e4:fd:a6:eb:33 (0)_ 76:35:3f:50:b1:ec:9e:d4:24:f4:87:71:1e:21:81:95 (0)_ 55:22:da:06:35:12:b2:bb:0c:1a:7b:d9:a6:dc:e4:d5 (0)_ 99:67:0a:58:4c:59:c5:a3:d8:b3:54:b6:a9:d2:6a:91 (0)_ 2a:fd:dc:0d:31:6e:d9:28:67:73:46:7c:b2:9a:ed:67 (0)_ 8a:27:af:16:aa:3c:b7:d4:c4:5d:2a:68:0a:c9:19:71 (0)_ 85:dc:11:e6:b3:ff:6a:a3:4b:b6:d8:1d:21:14:7f:48 (0)_ 18:c4:40:28:d0:5d:f9:4d:09:1a:f4:e5:6f:17:11:81 (0)_ 9d:dc:d9:5e:3c:b7:a5:55:1f:57:5d:b4:7e:e7:01:60 (0)_ 61:60:e2:11:96:77:a0:a2:9a:ac:8e:6c:bc:37:eb:be (1)CERTIFICATE_1 _ (1)Version 3_(0x2) (1)Serial_Number 0_(0x0)_ (1)Signature_Algorithm sha1withrsaencryption (1)ISSUER_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (1)SUBJECT_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (1)Valid_From Jun_29_17:39:16_2004_GMT (1)Valid_Till Jun_29_17:39:16_2034_GMT (1)Public_Key_Algorithm rsaencryption (1)RSA_Public_Key (2048_bit) (1) Public-Key:_(2048_bit)_ (1) Modulus:_ (1) 00:b7:32:c8:fe:e9:71:a6:04:85:ad:0c:11:64:df:_ (1) ce:4d:ef:c8:03:18:87:3f:a1:ab:fb:3c:a6:9f:f0:_ (1) c3:a1:da:d4:d8:6e:2b:53:90:fb:24:a4:3e:84:f0:_ (1) 9e:e8:5f:ec:e5:27:44:f5:28:a6:3f:7b:de:e0:2a:_ (1) f0:c8:af:53:2f:9e:ca:05:01:93:1e:8f:66:1c:39:_ (1) a7:4d:fa:5a:b6:73:04:25:66:eb:77:7f:e7:59:c6:_ (1) 4a:99:25:14:54:eb:26:c7:f3:7f:19:d5:30:70:8f:_ (1) af:b0:46:2a:ff:ad:eb:29:ed:d7:9f:aa:04:87:a3:_ (1) d4:f9:89:a5:34:5f:db:43:91:82:36:d9:66:3c:b1:_ (1) b8:b9:82:fd:9c:3a:3e:10:c8:3b:ef:06:65:66:7a:_ (1) 9b:19:18:3d:ff:71:51:3c:30:2e:5f:be:3d:77:73:_ (1) b2:5d:06:6c:c3:23:56:9a:2b:85:26:92:1c:a7:02:_ (1) b3:e4:3f:0d:af:08:79:82:b8:36:3d:ea:9c:d3:35:_ (1) b3:bc:69:ca:f5:cc:9d:e8:fd:64:8d:17:80:33:6e:_ (1) 5e:4a:5d:99:c9:1e:87:b4:9d:1a:c0:d5:6e:13:35:_ (1) 23:5e:df:9b:5f:3d:ef:d6:f7:76:c2:ea:3e:bb:78:_ (1) 0d:1c:42:67:6b:04:d8:f8:d6:da:6f:8b:f2:44:a0:_ (1) 01:ab_ (1) Exponent:_3_(0x3)_ (1)X509v3_EXTENSIONS _ (1)X509v3_Subject_Key_Identifier _BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 (1)X509v3_Authority_Key_Identifier _keyid:bf:5f:b7:d1:ce:dd:1f:86:f4:5b:55:ac:dc:d7:10:c2:0e:a9:88:e7_ (1) DirName:/C=US/O=Starfield_Technologies,_Inc./OU=Starfield_Class_2_Certifi cation_authority_ (1) serial:00_ (1)X509v3_Basic_Constraints _CA:TRUE (1)Signature (256_octets)_ (1)_ 05:9d:3f:88:9d:d1:c9:1a:55:a1:ac:69:f3:f3:59:da (1)_ 9b:01:87:1a:4f:57:a9:a1:79:09:2a:db:f7:2f:b2:1e (1)_ 45/71

46 cc:c7:5e:6a:d8:83:87:a1:97:ef:49:35:3e:77:06:41 (1)_ 58:62:bf:8e:58:b8:0a:67:3f:ec:b3:dd:21:66:1f:c9 (1)_ 54:fa:72:cc:3d:4c:40:d8:81:af:77:9e:83:7a:bb:a2 (1)_ c7:f5:34:17:8e:d9:11:40:f4:fc:2c:2a:4d:15:7f:a7 (1)_ 62:5d:2e:25:d3:00:0b:20:1a:1d:68:f9:17:b8:f4:bd (1)_ 8b:ed:28:59:dd:4d:16:8b:17:83:c8:b2:65:c7:2d:7a (1)_ a5:aa:bc:53:86:6d:dd:57:a4:ca:f8:20:41:0b:68:f0 (1)_ f4:fb:74:be:56:5d:7a:79:f5:f9:1d:85:e3:2d:95:be (1)_ f5:71:90:43:cc:8d:1f:9a:00:0a:87:29:e9:55:22:58 (1)_ 00:23:ea:e3:12:43:29:5b:47:08:dd:8c:41:6a:65:06 (1)_ a8:e5:21:aa:41:b4:95:21:95:b9:7d:d1:34:ab:13:d6 (1)_ ad:bc:dc:e2:3d:39:cd:bd:3e:75:70:a1:18:59:03:c9 (1)_ 22:b4:8f:9c:d5:5e:2a:d7:a5:b6:d4:0a:6d:f8:b7:40 (1)_ 11:46:9a:1f:79:0e:62:bf:0f:97:ec:e0:2f:1f:17:94 (2)CERTIFICATE_2 _ (2)Version 3_(0x2) (2)Serial_Number 513_(0x201)_ (2)Signature_Algorithm sha1withrsaencryption (2)ISSUER_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (2)SUBJECT_NAME _ countryname US _stateorprovincename Arizona _localityname Scottsdale _organizationname "Starfield_Technologies,_Inc." _organizationalunitname _commonname Starfield_Secure_Certification_Authority _serialnumber (2)Valid_From Nov_16_01:15:40_2006_GMT (2)Valid_Till Nov_16_01:15:40_2026_GMT (2)Public_Key_Algorithm rsaencryption (2)RSA_Public_Key (2048_bit) (2) Public-Key:_(2048_bit)_ (2) Modulus:_ (2) 00:e2:a7:5d:a3:ed:66:ef:6a:2f:2b:36:1f:dd:8d:_ (2) d3:05:02:a0:ca:0f:5e:19:ae:38:72:cf:16:da:54:_ (2) 4a:cb:48:0a:f4:a1:73:11:65:85:43:c9:5b:17:0c:_ (2) 9a:2b:be:0f:98:51:7a:60:29:0d:6c:de:e2:e8:e5:_ (2) 15:4d:56:ff:90:d1:a7:a6:04:3f:60:07:4a:ca:6f:_ (2) a5:10:e7:b3:f8:5c:b1:bc:2b:2a:dc:01:79:f5:1d:_ (2) 35:f5:7a:28:83:f2:93:73:82:89:ac:60:6d:cb:c2:_ (2) 48:c2:1d:d4:06:44:17:3c:ac:01:47:ab:3e:70:84:_ (2) 09:0b:b8:20:08:40:20:87:a1:63:1a:ca:3e:83:d2:_ (2) 37:b3:98:8d:32:3f:37:bf:a1:b7:5b:5f:de:5c:33:_ (2) 92:cf:3e:07:ce:b9:48:4b:e2:f0:55:50:2f:f8:70:_ (2) 42:89:d1:93:96:8a:63:d9:66:0d:e6:58:6e:b9:6d:_ (2) 90:bd:ca:dc:84:66:f2:39:8e:5b:a6:58:55:73:cb:_ (2) 62:6c:1b:d7:20:16:3b:2c:59:f5:cb:c8:56:32:4a:_ (2) 50:27:ba:55:d3:a8:01:cb:72:a9:74:8b:0c:ad:3a:_ (2) e5:15:b6:2a:df:65:f8:de:8a:f5:ef:84:3b:f9:e7:_ (2) 54:65:0b:80:bd:47:45:a5:f0:44:d8:53:3b:be:80:_ (2) f1:2f_ (2) Exponent:_65537_(0x10001)_ (2)X509v3_EXTENSIONS _ (2)X509v3_Subject_Key_Identifier _49:4B:52:27:D1:1B:BC:F2:A1:21:6A:62:7B:51:42:7A:8A:D7:D5:56 (2)X509v3_Authority_Key_Identifier _keyid:bf:5f:b7:d1:ce:dd:1f:86:f4:5b:55:ac:dc:d7:10:c2:0e:a9:88:e7_ (2)X509v3_Basic_Constraints critical (2) CA:TRUE,_pathlen:0 (2)Authority_Information_Access _OCSP_-_URI: (2)X509v3_CRL_Distribution_Points _ (2) Full_Name:_ (2) URI: (2)X509v3_Certificate_Policies _Policy:_X509v3_Any_Policy_ (2) CPS:_http://certificates.starfieldtech.com/repository_ (2)X509v3_Key_Usage critical (2) Certificate_Sign,_CRL_Sign (2)Signature (256_octets)_ (2)_ 86:52:ba:b3:1f:a6:5e:6b:90:a6:64:2a:fc:45:b2:ae (2)_ 9f:3e:b3:62:af:db:1f:67:c4:bd:ca:a1:2f:c7:9c:0d (2)_ 21:57:d0:f8:36:21:ce:3a:25:3e:78:76:b3:d9:dd:bc (2)_ de:fb:6c:84:5f:0c:a3:0d:12:eb:11:3b:71:5f:80:1e (2)_ f1:1f:6d:0e:5f:c1:ec:d4:a5:f7:65:bb:1f:4c:95:01 (2)_ 13:b2:6a:9c:0b:eb:1f:9d:b1:e7:ed:19:0d:bc:85:7c (2)_ f3:17:bd:59:63:ae:a7:1a:05:cd:47:e3:2d:96:62:51 (2)_ 32:0a:08:68:4b:22:77:5f:f7:45:dc:61:de:f4:cb:2b (2)_ 22:29:44:25:d2:9f:0b:77:7a:a1:26:7c:4a:d7:0f:c2 (2)_ d1:3c:ba:0e:a7:95:9a:5b:05:0a:10:f9:55:5f:c1:97 (2)_ 8b:74:cc:5e:28:69:13:7e:d0:0a:8d:9d:0f:60:54:7a (2)_ c4:8c:1b:35:0f:74:7a:70:b2:82:cf:1d:b5:e2:8a:db (2)_ 2a:c6:b2:51:69:bf:12:17:92:60:17:aa:3d:5b:09:f8 (2)_ 87:65:1d:a7:a4:28:e5:22:02:03:82:44:9a:34:63:9e (2)_ fb:28:cf:e8:cd:2e:0e:52:20:ed:4a:cb:38:7c:9d:ae (2)_ 6e:79:d7:95:2c:a8:91:f3:86:01:21:91:4b:b5:40:a4 46/71

47 SSL/TLS invalid protocol version tolerance QID: Category: General remote services Port: 993 SSL/TLS protocols have different version that can be supported by both the client and the server. This test attempts to send invalid protocol versions to the target in order to find out what is the targets behavior. The results section contains a table that indicates what was the target's response to each of our tests. #table cols=2 my_version target_version rejected 0499 rejected SSL/TLS invalid protocol version tolerance QID: Category: General remote services Port: 465 SSL/TLS protocols have different version that can be supported by both the client and the server. This test attempts to send invalid protocol versions to the target in order to find out what is the targets behavior. The results section contains a table that indicates what was the target's response to each of our tests. #table cols=2 my_version target_version rejected 0499 rejected SSL Session Caching Information QID: Category: General remote services Port: 21 SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters. This test determines if SSL session caching is enabled on the host. 47/71

48 SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only. SSLv3 session caching is disabled on the target.tlsv1 session caching is enabled on the target. IP ID Values Randomness QID: Category: TCP/IP Port: 0 The values for the identification (ID) field in IP headers in IP packets from the host are analyzed to determine how random they are. The changes between subsequent ID values for either the network byte ordering or the host byte ordering, whichever is smaller, are displayed in the RESULT section along with the duration taken to send the probes. When incremental values are used, as is the case for TCP/IP implementation in many operating systems, these changes reflect the network load of the host at the time this test was conducted. Please note that for reliability reasons only the network traffic from open TCP ports is analyzed. IP ID changes observed (network order) for port 21: Duration: 309 milli seconds SSL Server Information Retrieval QID: Category: General remote services Port: 443 The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-low grade cipher. In this case even though LOW grade cipher will be listed here QID will not be reported. #table cols="6" CIPHER KEY-EXCHANGE AUTHENTICATION MAC ENCRYPTION(KEY- STRENGTH) GRADE TLSv1_PROTOCOL_IS_ENABLED _ TLSv1 COMPRESSION_METHOD None _ RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_ RC4- SHA RSA RSA SHA1 RC4(128) _MEDIUM_ IDEA-CBC-SHA RSA RSA SHA1 IDEA(128) _MEDIUM_ DES-CBC3-SHA RSA RSA SHA1 3DES(168) _HIGH_ EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168) _HIGH_ AES128-SHA RSA RSA SHA1 AES(128) _MEDIUM_ DHE-RSA-AES128-SHA DH RSA SHA1 AES(128) _MEDIUM_ AES256-SHA RSA RSA SHA1 AES(256) _HIGH_ DHE-RSA-AES256-SHA DH RSA SHA1 AES(256) _HIGH_ 48/71

49 CAMELLIA128-SHA RSA RSA SHA1 Camellia(128) _MEDIUM_ DHE-RSA-CAMELLIA128- SHA DH RSA SHA1 Camellia(128) _MEDIUM_ CAMELLIA256-SHA RSA RSA SHA1 Camellia(256) _HIGH_ DHE-RSA-CAMELLIA256-SHA DH RSA SHA1 Camellia(256) _HIGH_ SEED-SHA RSA RSA SHA1 SEED(128) _MEDIUM_ DHE-RSA-SEED-SHA DH RSA SHA1 SEED(128) _MEDIUM_ ECDHE-RSA-RC4-SHA ECDH RSA SHA1 RC4(128) _MEDIUM_ ECDHE-RSA-DES-CBC3-SHA ECDH RSA SHA1 3DES(168) _HIGH_ ECDHE-RSA-AES128-SHA ECDH RSA SHA1 AES(128) _MEDIUM_ ECDHE-RSA-AES256-SHA ECDH RSA SHA1 AES(256) _HIGH_ List of Web Directories QID: Category: Web server Port: 443 Based largely on the HTTP reply code, the following directories are most likely present on the host. #table cols="2" Directory Source /cgi-bin/ brute_force /webmail/ brute_force /mailman/ brute_force SSL/TLS invalid protocol version tolerance QID: Category: General remote services Port: 995 SSL/TLS protocols have different version that can be supported by both the client and the server. This test attempts to send invalid protocol versions to the target in order to find out what is the targets behavior. The results section contains a table that indicates what was the target's response to each of our tests. #table cols=2 my_version target_version rejected 0499 rejected DNS Host Name QID: 6 0 Category: Information gathering Port: 0 The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section. 49/71

50 #table IP_address Host_name ip ip.secureserver.net SSL Certificate - Information QID: Category: Web server Port: 443 #table cols="2" NAME VALUE (0)CERTIFICATE_0 _ (0)Version 3_(0x2) (0)Serial_Number _04:21:c8:2b:ce:f1:ab_ (0)Signature_Algorithm sha1withrsaencryption (0)ISSUER_NAME _ countryname US _stateorprovincename Arizona _localityname Scottsdale _organizationname "Starfield_Technologies,_Inc." _organizationalunitname _commonname Starfield_Secure_Certification_Authority _serialnumber (0)SUBJECT_NAME _ countryname US _stateorprovincename Arizona _organizationname "Special_Domain_Services,_LLC" _commonname *.prod.phx3.secureserver.net (0)Valid_From Apr_10_21:06:10_2014_GMT (0)Valid_Till Oct_14_17:08:31_2016_GMT (0)Public_Key_Algorithm rsaencryption (0)RSA_Public_Key (2048_bit) (0) Public-Key:_(2048_bit)_ (0) Modulus:_ (0) 00:ba:cc:2a:8b:6c:db:a4:40:66:48:af:89:d4:72:_ (0) 14:5d:c3:f6:8b:fd:b9:20:ca:b5:ef:1c:b6:77:23:_ (0) 80:bf:3e:60:c1:de:0a:d9:82:ed:86:a9:5e:70:20:_ (0) f7:a9:a6:f9:ad:e0:33:78:a7:26:63:e8:87:61:cf:_ (0) 2d:8f:a1:67:36:5d:4c:c0:06:ad:2f:57:79:56:60:_ (0) d6:f9:ff:05:db:8a:e1:88:c6:50:e6:a3:b5:4e:7b:_ (0) 2e:f7:d1:ba:78:4c:6d:d7:97:c6:a2:3e:ae:a7:cb:_ (0) 09:ec:a5:0c:2c:47:a4:3a:e6:4f:cc:3a:01:aa:1a:_ (0) 50:bd:39:07:89:7a:ea:d3:29:21:bf:53:fd:0d:7d:_ (0) 2c:6d:79:16:e2:4f:d5:8c:aa:2b:d1:d4:5d:a5:66:_ (0) 99:8b:aa:fb:38:1a:cd:01:fd:04:3f:ad:bb:c1:35:_ (0) 91:49:0b:6e:a2:e6:3f:1e:5f:f2:6a:39:86:15:c8:_ (0) 98:a1:02:cb:f7:07:8d:85:06:3c:ab:6b:c1:31:15:_ (0) a2:54:c2:0a:bc:ec:e2:be:72:b9:08:d1:ce:1e:d6:_ (0) d3:c2:dc:09:3d:1b:19:58:c0:eb:7e:b2:e4:44:e3:_ (0) 88:b4:b7:b7:5f:69:2e:88:15:15:52:55:d2:79:df:_ (0) 99:29:df:ce:2d:93:a9:ed:28:24:84:f1:7c:fe:01:_ (0) 5d:f9_ (0) Exponent:_65537_(0x10001)_ (0)X509v3_EXTENSIONS _ (0)X509v3_Basic_Constraints critical (0) CA:FALSE (0)X509v3_Extended_Key_Usage _TLS_Web_Server_Authentication,_TLS_Web_Client_Authentication (0)X509v3_Key_Usage critical (0) Digital_Signature,_Key_Encipherment (0)X509v3_CRL_Distribution_Points _ (0) Full_Name:_ (0) URI: (0)X509v3_Certificate_Policies _Policy:_ _ (0) CPS:_http://certificates.starfieldtech.com/repository/_ (0)Authority_Information_Access _OCSP_- _URI: (0) CA_Issuers_- _URI: intermediate.crt _ (0)X509v3_Authority_Key_Identifier _keyid:49:4b:52:27:d1:1b:bc:f2:a1:21:6a:62:7b:51:42:7a:8a:d7:d5:56_ (0)X509v3_Subject_Alternative_Name _DNS:*.prod.phx3.secureserver.net,_DNS:prod.phx3.secureserver.net (0)X509v3_Subject_Key_Identifier _FC:08:18:6D:14:3A:A7:AA:5D:BF:D1:9A:1B:DE:43:A7:CB:15:65:F0 (0)Signature (256_octets)_ (0)_ bb:49:1d:0c:ab:69:95:ba:fb:f3:90:bb:03:4a:c2:c9 (0)_ b6:c0:b9:11:2f:78:43:b1:07:b9:27:f8:8d:12:d2:fb (0)_ 98:38:ab:c7:4a:88:47:70:64:f6:d6:3c:95:2a:37:1a (0)_ 50/71

51 e4:e6:44:ee:5e:a7:0f:9a:31:80:8f:0c:14:0e:c3:f1 (0)_ ec:8f:e1:57:51:05:ee:cc:2f:77:36:e3:67:64:e1:a7 (0)_ 47:f2:2a:1f:17:c8:a6:9a:7f:ac:30:2e:35:a8:84:84 (0)_ 5c:8c:78:75:df:2d:1d:45:52:5d:e5:e4:fd:a6:eb:33 (0)_ 76:35:3f:50:b1:ec:9e:d4:24:f4:87:71:1e:21:81:95 (0)_ 55:22:da:06:35:12:b2:bb:0c:1a:7b:d9:a6:dc:e4:d5 (0)_ 99:67:0a:58:4c:59:c5:a3:d8:b3:54:b6:a9:d2:6a:91 (0)_ 2a:fd:dc:0d:31:6e:d9:28:67:73:46:7c:b2:9a:ed:67 (0)_ 8a:27:af:16:aa:3c:b7:d4:c4:5d:2a:68:0a:c9:19:71 (0)_ 85:dc:11:e6:b3:ff:6a:a3:4b:b6:d8:1d:21:14:7f:48 (0)_ 18:c4:40:28:d0:5d:f9:4d:09:1a:f4:e5:6f:17:11:81 (0)_ 9d:dc:d9:5e:3c:b7:a5:55:1f:57:5d:b4:7e:e7:01:60 (0)_ 61:60:e2:11:96:77:a0:a2:9a:ac:8e:6c:bc:37:eb:be (1)CERTIFICATE_1 _ (1)Version 3_(0x2) (1)Serial_Number 0_(0x0)_ (1)Signature_Algorithm sha1withrsaencryption (1)ISSUER_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (1)SUBJECT_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (1)Valid_From Jun_29_17:39:16_2004_GMT (1)Valid_Till Jun_29_17:39:16_2034_GMT (1)Public_Key_Algorithm rsaencryption (1)RSA_Public_Key (2048_bit) (1) Public-Key:_(2048_bit)_ (1) Modulus:_ (1) 00:b7:32:c8:fe:e9:71:a6:04:85:ad:0c:11:64:df:_ (1) ce:4d:ef:c8:03:18:87:3f:a1:ab:fb:3c:a6:9f:f0:_ (1) c3:a1:da:d4:d8:6e:2b:53:90:fb:24:a4:3e:84:f0:_ (1) 9e:e8:5f:ec:e5:27:44:f5:28:a6:3f:7b:de:e0:2a:_ (1) f0:c8:af:53:2f:9e:ca:05:01:93:1e:8f:66:1c:39:_ (1) a7:4d:fa:5a:b6:73:04:25:66:eb:77:7f:e7:59:c6:_ (1) 4a:99:25:14:54:eb:26:c7:f3:7f:19:d5:30:70:8f:_ (1) af:b0:46:2a:ff:ad:eb:29:ed:d7:9f:aa:04:87:a3:_ (1) d4:f9:89:a5:34:5f:db:43:91:82:36:d9:66:3c:b1:_ (1) b8:b9:82:fd:9c:3a:3e:10:c8:3b:ef:06:65:66:7a:_ (1) 9b:19:18:3d:ff:71:51:3c:30:2e:5f:be:3d:77:73:_ (1) b2:5d:06:6c:c3:23:56:9a:2b:85:26:92:1c:a7:02:_ (1) b3:e4:3f:0d:af:08:79:82:b8:36:3d:ea:9c:d3:35:_ (1) b3:bc:69:ca:f5:cc:9d:e8:fd:64:8d:17:80:33:6e:_ (1) 5e:4a:5d:99:c9:1e:87:b4:9d:1a:c0:d5:6e:13:35:_ (1) 23:5e:df:9b:5f:3d:ef:d6:f7:76:c2:ea:3e:bb:78:_ (1) 0d:1c:42:67:6b:04:d8:f8:d6:da:6f:8b:f2:44:a0:_ (1) 01:ab_ (1) Exponent:_3_(0x3)_ (1)X509v3_EXTENSIONS _ (1)X509v3_Subject_Key_Identifier _BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 (1)X509v3_Authority_Key_Identifier _keyid:bf:5f:b7:d1:ce:dd:1f:86:f4:5b:55:ac:dc:d7:10:c2:0e:a9:88:e7_ (1) DirName:/C=US/O=Starfield_Technologies,_Inc./OU=Starfield_Class_2_Certifi cation_authority_ (1) serial:00_ (1)X509v3_Basic_Constraints _CA:TRUE (1)Signature (256_octets)_ (1)_ 05:9d:3f:88:9d:d1:c9:1a:55:a1:ac:69:f3:f3:59:da (1)_ 9b:01:87:1a:4f:57:a9:a1:79:09:2a:db:f7:2f:b2:1e (1)_ cc:c7:5e:6a:d8:83:87:a1:97:ef:49:35:3e:77:06:41 (1)_ 58:62:bf:8e:58:b8:0a:67:3f:ec:b3:dd:21:66:1f:c9 (1)_ 54:fa:72:cc:3d:4c:40:d8:81:af:77:9e:83:7a:bb:a2 (1)_ c7:f5:34:17:8e:d9:11:40:f4:fc:2c:2a:4d:15:7f:a7 (1)_ 62:5d:2e:25:d3:00:0b:20:1a:1d:68:f9:17:b8:f4:bd (1)_ 8b:ed:28:59:dd:4d:16:8b:17:83:c8:b2:65:c7:2d:7a (1)_ a5:aa:bc:53:86:6d:dd:57:a4:ca:f8:20:41:0b:68:f0 (1)_ f4:fb:74:be:56:5d:7a:79:f5:f9:1d:85:e3:2d:95:be (1)_ f5:71:90:43:cc:8d:1f:9a:00:0a:87:29:e9:55:22:58 (1)_ 00:23:ea:e3:12:43:29:5b:47:08:dd:8c:41:6a:65:06 (1)_ a8:e5:21:aa:41:b4:95:21:95:b9:7d:d1:34:ab:13:d6 (1)_ ad:bc:dc:e2:3d:39:cd:bd:3e:75:70:a1:18:59:03:c9 (1)_ 22:b4:8f:9c:d5:5e:2a:d7:a5:b6:d4:0a:6d:f8:b7:40 (1)_ 11:46:9a:1f:79:0e:62:bf:0f:97:ec:e0:2f:1f:17:94 (2)CERTIFICATE_2 _ (2)Version 3_(0x2) (2)Serial_Number 513_(0x201)_ (2)Signature_Algorithm sha1withrsaencryption (2)ISSUER_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (2)SUBJECT_NAME _ countryname US _stateorprovincename Arizona _localityname Scottsdale _organizationname "Starfield_Technologies,_Inc." _organizationalunitname _commonname 51/71

52 Starfield_Secure_Certification_Authority _serialnumber (2)Valid_From Nov_16_01:15:40_2006_GMT (2)Valid_Till Nov_16_01:15:40_2026_GMT (2)Public_Key_Algorithm rsaencryption (2)RSA_Public_Key (2048_bit) (2) Public-Key:_(2048_bit)_ (2) Modulus:_ (2) 00:e2:a7:5d:a3:ed:66:ef:6a:2f:2b:36:1f:dd:8d:_ (2) d3:05:02:a0:ca:0f:5e:19:ae:38:72:cf:16:da:54:_ (2) 4a:cb:48:0a:f4:a1:73:11:65:85:43:c9:5b:17:0c:_ (2) 9a:2b:be:0f:98:51:7a:60:29:0d:6c:de:e2:e8:e5:_ (2) 15:4d:56:ff:90:d1:a7:a6:04:3f:60:07:4a:ca:6f:_ (2) a5:10:e7:b3:f8:5c:b1:bc:2b:2a:dc:01:79:f5:1d:_ (2) 35:f5:7a:28:83:f2:93:73:82:89:ac:60:6d:cb:c2:_ (2) 48:c2:1d:d4:06:44:17:3c:ac:01:47:ab:3e:70:84:_ (2) 09:0b:b8:20:08:40:20:87:a1:63:1a:ca:3e:83:d2:_ (2) 37:b3:98:8d:32:3f:37:bf:a1:b7:5b:5f:de:5c:33:_ (2) 92:cf:3e:07:ce:b9:48:4b:e2:f0:55:50:2f:f8:70:_ (2) 42:89:d1:93:96:8a:63:d9:66:0d:e6:58:6e:b9:6d:_ (2) 90:bd:ca:dc:84:66:f2:39:8e:5b:a6:58:55:73:cb:_ (2) 62:6c:1b:d7:20:16:3b:2c:59:f5:cb:c8:56:32:4a:_ (2) 50:27:ba:55:d3:a8:01:cb:72:a9:74:8b:0c:ad:3a:_ (2) e5:15:b6:2a:df:65:f8:de:8a:f5:ef:84:3b:f9:e7:_ (2) 54:65:0b:80:bd:47:45:a5:f0:44:d8:53:3b:be:80:_ (2) f1:2f_ (2) Exponent:_65537_(0x10001)_ (2)X509v3_EXTENSIONS _ (2)X509v3_Subject_Key_Identifier _49:4B:52:27:D1:1B:BC:F2:A1:21:6A:62:7B:51:42:7A:8A:D7:D5:56 (2)X509v3_Authority_Key_Identifier _keyid:bf:5f:b7:d1:ce:dd:1f:86:f4:5b:55:ac:dc:d7:10:c2:0e:a9:88:e7_ (2)X509v3_Basic_Constraints critical (2) CA:TRUE,_pathlen:0 (2)Authority_Information_Access _OCSP_-_URI: (2)X509v3_CRL_Distribution_Points _ (2) Full_Name:_ (2) URI: (2)X509v3_Certificate_Policies _Policy:_X509v3_Any_Policy_ (2) CPS:_http://certificates.starfieldtech.com/repository_ (2)X509v3_Key_Usage critical (2) Certificate_Sign,_CRL_Sign (2)Signature (256_octets)_ (2)_ 86:52:ba:b3:1f:a6:5e:6b:90:a6:64:2a:fc:45:b2:ae (2)_ 9f:3e:b3:62:af:db:1f:67:c4:bd:ca:a1:2f:c7:9c:0d (2)_ 21:57:d0:f8:36:21:ce:3a:25:3e:78:76:b3:d9:dd:bc (2)_ de:fb:6c:84:5f:0c:a3:0d:12:eb:11:3b:71:5f:80:1e (2)_ f1:1f:6d:0e:5f:c1:ec:d4:a5:f7:65:bb:1f:4c:95:01 (2)_ 13:b2:6a:9c:0b:eb:1f:9d:b1:e7:ed:19:0d:bc:85:7c (2)_ f3:17:bd:59:63:ae:a7:1a:05:cd:47:e3:2d:96:62:51 (2)_ 32:0a:08:68:4b:22:77:5f:f7:45:dc:61:de:f4:cb:2b (2)_ 22:29:44:25:d2:9f:0b:77:7a:a1:26:7c:4a:d7:0f:c2 (2)_ d1:3c:ba:0e:a7:95:9a:5b:05:0a:10:f9:55:5f:c1:97 (2)_ 8b:74:cc:5e:28:69:13:7e:d0:0a:8d:9d:0f:60:54:7a (2)_ c4:8c:1b:35:0f:74:7a:70:b2:82:cf:1d:b5:e2:8a:db (2)_ 2a:c6:b2:51:69:bf:12:17:92:60:17:aa:3d:5b:09:f8 (2)_ 87:65:1d:a7:a4:28:e5:22:02:03:82:44:9a:34:63:9e (2)_ fb:28:cf:e8:cd:2e:0e:52:20:ed:4a:cb:38:7c:9d:ae (2)_ 6e:79:d7:95:2c:a8:91:f3:86:01:21:91:4b:b5:40:a4 SSL Certificate - Information QID: Category: Web server Port: 25 #table cols="2" NAME VALUE (0)CERTIFICATE_0 _ (0)Version 3_(0x2) (0)Serial_Number _04:21:c8:2b:ce:f1:ab_ (0)Signature_Algorithm sha1withrsaencryption (0)ISSUER_NAME _ countryname US _stateorprovincename Arizona _localityname Scottsdale _organizationname 52/71

53 "Starfield_Technologies,_Inc." _organizationalunitname _commonname Starfield_Secure_Certification_Authority _serialnumber (0)SUBJECT_NAME _ countryname US _stateorprovincename Arizona _organizationname "Special_Domain_Services,_LLC" _commonname *.prod.phx3.secureserver.net (0)Valid_From Apr_10_21:06:10_2014_GMT (0)Valid_Till Oct_14_17:08:31_2016_GMT (0)Public_Key_Algorithm rsaencryption (0)RSA_Public_Key (2048_bit) (0) Public-Key:_(2048_bit)_ (0) Modulus:_ (0) 00:ba:cc:2a:8b:6c:db:a4:40:66:48:af:89:d4:72:_ (0) 14:5d:c3:f6:8b:fd:b9:20:ca:b5:ef:1c:b6:77:23:_ (0) 80:bf:3e:60:c1:de:0a:d9:82:ed:86:a9:5e:70:20:_ (0) f7:a9:a6:f9:ad:e0:33:78:a7:26:63:e8:87:61:cf:_ (0) 2d:8f:a1:67:36:5d:4c:c0:06:ad:2f:57:79:56:60:_ (0) d6:f9:ff:05:db:8a:e1:88:c6:50:e6:a3:b5:4e:7b:_ (0) 2e:f7:d1:ba:78:4c:6d:d7:97:c6:a2:3e:ae:a7:cb:_ (0) 09:ec:a5:0c:2c:47:a4:3a:e6:4f:cc:3a:01:aa:1a:_ (0) 50:bd:39:07:89:7a:ea:d3:29:21:bf:53:fd:0d:7d:_ (0) 2c:6d:79:16:e2:4f:d5:8c:aa:2b:d1:d4:5d:a5:66:_ (0) 99:8b:aa:fb:38:1a:cd:01:fd:04:3f:ad:bb:c1:35:_ (0) 91:49:0b:6e:a2:e6:3f:1e:5f:f2:6a:39:86:15:c8:_ (0) 98:a1:02:cb:f7:07:8d:85:06:3c:ab:6b:c1:31:15:_ (0) a2:54:c2:0a:bc:ec:e2:be:72:b9:08:d1:ce:1e:d6:_ (0) d3:c2:dc:09:3d:1b:19:58:c0:eb:7e:b2:e4:44:e3:_ (0) 88:b4:b7:b7:5f:69:2e:88:15:15:52:55:d2:79:df:_ (0) 99:29:df:ce:2d:93:a9:ed:28:24:84:f1:7c:fe:01:_ (0) 5d:f9_ (0) Exponent:_65537_(0x10001)_ (0)X509v3_EXTENSIONS _ (0)X509v3_Basic_Constraints critical (0) CA:FALSE (0)X509v3_Extended_Key_Usage _TLS_Web_Server_Authentication,_TLS_Web_Client_Authentication (0)X509v3_Key_Usage critical (0) Digital_Signature,_Key_Encipherment (0)X509v3_CRL_Distribution_Points _ (0) Full_Name:_ (0) URI: (0)X509v3_Certificate_Policies _Policy:_ _ (0) CPS:_http://certificates.starfieldtech.com/repository/_ (0)Authority_Information_Access _OCSP_- _URI: (0) CA_Issuers_- _URI: intermediate.crt _ (0)X509v3_Authority_Key_Identifier _keyid:49:4b:52:27:d1:1b:bc:f2:a1:21:6a:62:7b:51:42:7a:8a:d7:d5:56_ (0)X509v3_Subject_Alternative_Name _DNS:*.prod.phx3.secureserver.net,_DNS:prod.phx3.secureserver.net (0)X509v3_Subject_Key_Identifier _FC:08:18:6D:14:3A:A7:AA:5D:BF:D1:9A:1B:DE:43:A7:CB:15:65:F0 (0)Signature (256_octets)_ (0)_ bb:49:1d:0c:ab:69:95:ba:fb:f3:90:bb:03:4a:c2:c9 (0)_ b6:c0:b9:11:2f:78:43:b1:07:b9:27:f8:8d:12:d2:fb (0)_ 98:38:ab:c7:4a:88:47:70:64:f6:d6:3c:95:2a:37:1a (0)_ e4:e6:44:ee:5e:a7:0f:9a:31:80:8f:0c:14:0e:c3:f1 (0)_ ec:8f:e1:57:51:05:ee:cc:2f:77:36:e3:67:64:e1:a7 (0)_ 47:f2:2a:1f:17:c8:a6:9a:7f:ac:30:2e:35:a8:84:84 (0)_ 5c:8c:78:75:df:2d:1d:45:52:5d:e5:e4:fd:a6:eb:33 (0)_ 76:35:3f:50:b1:ec:9e:d4:24:f4:87:71:1e:21:81:95 (0)_ 55:22:da:06:35:12:b2:bb:0c:1a:7b:d9:a6:dc:e4:d5 (0)_ 99:67:0a:58:4c:59:c5:a3:d8:b3:54:b6:a9:d2:6a:91 (0)_ 2a:fd:dc:0d:31:6e:d9:28:67:73:46:7c:b2:9a:ed:67 (0)_ 8a:27:af:16:aa:3c:b7:d4:c4:5d:2a:68:0a:c9:19:71 (0)_ 85:dc:11:e6:b3:ff:6a:a3:4b:b6:d8:1d:21:14:7f:48 (0)_ 18:c4:40:28:d0:5d:f9:4d:09:1a:f4:e5:6f:17:11:81 (0)_ 9d:dc:d9:5e:3c:b7:a5:55:1f:57:5d:b4:7e:e7:01:60 (0)_ 61:60:e2:11:96:77:a0:a2:9a:ac:8e:6c:bc:37:eb:be (1)CERTIFICATE_1 _ (1)Version 3_(0x2) (1)Serial_Number 0_(0x0)_ (1)Signature_Algorithm sha1withrsaencryption (1)ISSUER_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (1)SUBJECT_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (1)Valid_From Jun_29_17:39:16_2004_GMT (1)Valid_Till Jun_29_17:39:16_2034_GMT (1)Public_Key_Algorithm rsaencryption (1)RSA_Public_Key (2048_bit) (1) Public-Key:_(2048_bit)_ (1) Modulus:_ (1) 00:b7:32:c8:fe:e9:71:a6:04:85:ad:0c:11:64:df:_ (1) ce:4d:ef:c8:03:18:87:3f:a1:ab:fb:3c:a6:9f:f0:_ (1)_ 53/71

54 _c3:a1:da:d4:d8:6e:2b:53:90:fb:24:a4:3e:84:f0:_ (1) 9e:e8:5f:ec:e5:27:44:f5:28:a6:3f:7b:de:e0:2a:_ (1) f0:c8:af:53:2f:9e:ca:05:01:93:1e:8f:66:1c:39:_ (1) a7:4d:fa:5a:b6:73:04:25:66:eb:77:7f:e7:59:c6:_ (1) 4a:99:25:14:54:eb:26:c7:f3:7f:19:d5:30:70:8f:_ (1) af:b0:46:2a:ff:ad:eb:29:ed:d7:9f:aa:04:87:a3:_ (1) d4:f9:89:a5:34:5f:db:43:91:82:36:d9:66:3c:b1:_ (1) b8:b9:82:fd:9c:3a:3e:10:c8:3b:ef:06:65:66:7a:_ (1) 9b:19:18:3d:ff:71:51:3c:30:2e:5f:be:3d:77:73:_ (1) b2:5d:06:6c:c3:23:56:9a:2b:85:26:92:1c:a7:02:_ (1) b3:e4:3f:0d:af:08:79:82:b8:36:3d:ea:9c:d3:35:_ (1) b3:bc:69:ca:f5:cc:9d:e8:fd:64:8d:17:80:33:6e:_ (1) 5e:4a:5d:99:c9:1e:87:b4:9d:1a:c0:d5:6e:13:35:_ (1) 23:5e:df:9b:5f:3d:ef:d6:f7:76:c2:ea:3e:bb:78:_ (1) 0d:1c:42:67:6b:04:d8:f8:d6:da:6f:8b:f2:44:a0:_ (1) 01:ab_ (1) Exponent:_3_(0x3)_ (1)X509v3_EXTENSIONS _ (1)X509v3_Subject_Key_Identifier _BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 (1)X509v3_Authority_Key_Identifier _keyid:bf:5f:b7:d1:ce:dd:1f:86:f4:5b:55:ac:dc:d7:10:c2:0e:a9:88:e7_ (1) DirName:/C=US/O=Starfield_Technologies,_Inc./OU=Starfield_Class_2_Certifi cation_authority_ (1) serial:00_ (1)X509v3_Basic_Constraints _CA:TRUE (1)Signature (256_octets)_ (1)_ 05:9d:3f:88:9d:d1:c9:1a:55:a1:ac:69:f3:f3:59:da (1)_ 9b:01:87:1a:4f:57:a9:a1:79:09:2a:db:f7:2f:b2:1e (1)_ cc:c7:5e:6a:d8:83:87:a1:97:ef:49:35:3e:77:06:41 (1)_ 58:62:bf:8e:58:b8:0a:67:3f:ec:b3:dd:21:66:1f:c9 (1)_ 54:fa:72:cc:3d:4c:40:d8:81:af:77:9e:83:7a:bb:a2 (1)_ c7:f5:34:17:8e:d9:11:40:f4:fc:2c:2a:4d:15:7f:a7 (1)_ 62:5d:2e:25:d3:00:0b:20:1a:1d:68:f9:17:b8:f4:bd (1)_ 8b:ed:28:59:dd:4d:16:8b:17:83:c8:b2:65:c7:2d:7a (1)_ a5:aa:bc:53:86:6d:dd:57:a4:ca:f8:20:41:0b:68:f0 (1)_ f4:fb:74:be:56:5d:7a:79:f5:f9:1d:85:e3:2d:95:be (1)_ f5:71:90:43:cc:8d:1f:9a:00:0a:87:29:e9:55:22:58 (1)_ 00:23:ea:e3:12:43:29:5b:47:08:dd:8c:41:6a:65:06 (1)_ a8:e5:21:aa:41:b4:95:21:95:b9:7d:d1:34:ab:13:d6 (1)_ ad:bc:dc:e2:3d:39:cd:bd:3e:75:70:a1:18:59:03:c9 (1)_ 22:b4:8f:9c:d5:5e:2a:d7:a5:b6:d4:0a:6d:f8:b7:40 (1)_ 11:46:9a:1f:79:0e:62:bf:0f:97:ec:e0:2f:1f:17:94 (2)CERTIFICATE_2 _ (2)Version 3_(0x2) (2)Serial_Number 513_(0x201)_ (2)Signature_Algorithm sha1withrsaencryption (2)ISSUER_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (2)SUBJECT_NAME _ countryname US _stateorprovincename Arizona _localityname Scottsdale _organizationname "Starfield_Technologies,_Inc." _organizationalunitname _commonname Starfield_Secure_Certification_Authority _serialnumber (2)Valid_From Nov_16_01:15:40_2006_GMT (2)Valid_Till Nov_16_01:15:40_2026_GMT (2)Public_Key_Algorithm rsaencryption (2)RSA_Public_Key (2048_bit) (2) Public-Key:_(2048_bit)_ (2) Modulus:_ (2) 00:e2:a7:5d:a3:ed:66:ef:6a:2f:2b:36:1f:dd:8d:_ (2) d3:05:02:a0:ca:0f:5e:19:ae:38:72:cf:16:da:54:_ (2) 4a:cb:48:0a:f4:a1:73:11:65:85:43:c9:5b:17:0c:_ (2) 9a:2b:be:0f:98:51:7a:60:29:0d:6c:de:e2:e8:e5:_ (2) 15:4d:56:ff:90:d1:a7:a6:04:3f:60:07:4a:ca:6f:_ (2) a5:10:e7:b3:f8:5c:b1:bc:2b:2a:dc:01:79:f5:1d:_ (2) 35:f5:7a:28:83:f2:93:73:82:89:ac:60:6d:cb:c2:_ (2) 48:c2:1d:d4:06:44:17:3c:ac:01:47:ab:3e:70:84:_ (2) 09:0b:b8:20:08:40:20:87:a1:63:1a:ca:3e:83:d2:_ (2) 37:b3:98:8d:32:3f:37:bf:a1:b7:5b:5f:de:5c:33:_ (2) 92:cf:3e:07:ce:b9:48:4b:e2:f0:55:50:2f:f8:70:_ (2) 42:89:d1:93:96:8a:63:d9:66:0d:e6:58:6e:b9:6d:_ (2) 90:bd:ca:dc:84:66:f2:39:8e:5b:a6:58:55:73:cb:_ (2) 62:6c:1b:d7:20:16:3b:2c:59:f5:cb:c8:56:32:4a:_ (2) 50:27:ba:55:d3:a8:01:cb:72:a9:74:8b:0c:ad:3a:_ (2) e5:15:b6:2a:df:65:f8:de:8a:f5:ef:84:3b:f9:e7:_ (2) 54:65:0b:80:bd:47:45:a5:f0:44:d8:53:3b:be:80:_ (2) f1:2f_ (2) Exponent:_65537_(0x10001)_ (2)X509v3_EXTENSIONS _ (2)X509v3_Subject_Key_Identifier _49:4B:52:27:D1:1B:BC:F2:A1:21:6A:62:7B:51:42:7A:8A:D7:D5:56 54/71

55 (2)X509v3_Authority_Key_Identifier _keyid:bf:5f:b7:d1:ce:dd:1f:86:f4:5b:55:ac:dc:d7:10:c2:0e:a9:88:e7_ (2)X509v3_Basic_Constraints critical (2) CA:TRUE,_pathlen:0 (2)Authority_Information_Access _OCSP_-_URI: (2)X509v3_CRL_Distribution_Points _ (2) Full_Name:_ (2) URI: (2)X509v3_Certificate_Policies _Policy:_X509v3_Any_Policy_ (2) CPS:_http://certificates.starfieldtech.com/repository_ (2)X509v3_Key_Usage critical (2) Certificate_Sign,_CRL_Sign (2)Signature (256_octets)_ (2)_ 86:52:ba:b3:1f:a6:5e:6b:90:a6:64:2a:fc:45:b2:ae (2)_ 9f:3e:b3:62:af:db:1f:67:c4:bd:ca:a1:2f:c7:9c:0d (2)_ 21:57:d0:f8:36:21:ce:3a:25:3e:78:76:b3:d9:dd:bc (2)_ de:fb:6c:84:5f:0c:a3:0d:12:eb:11:3b:71:5f:80:1e (2)_ f1:1f:6d:0e:5f:c1:ec:d4:a5:f7:65:bb:1f:4c:95:01 (2)_ 13:b2:6a:9c:0b:eb:1f:9d:b1:e7:ed:19:0d:bc:85:7c (2)_ f3:17:bd:59:63:ae:a7:1a:05:cd:47:e3:2d:96:62:51 (2)_ 32:0a:08:68:4b:22:77:5f:f7:45:dc:61:de:f4:cb:2b (2)_ 22:29:44:25:d2:9f:0b:77:7a:a1:26:7c:4a:d7:0f:c2 (2)_ d1:3c:ba:0e:a7:95:9a:5b:05:0a:10:f9:55:5f:c1:97 (2)_ 8b:74:cc:5e:28:69:13:7e:d0:0a:8d:9d:0f:60:54:7a (2)_ c4:8c:1b:35:0f:74:7a:70:b2:82:cf:1d:b5:e2:8a:db (2)_ 2a:c6:b2:51:69:bf:12:17:92:60:17:aa:3d:5b:09:f8 (2)_ 87:65:1d:a7:a4:28:e5:22:02:03:82:44:9a:34:63:9e (2)_ fb:28:cf:e8:cd:2e:0e:52:20:ed:4a:cb:38:7c:9d:ae (2)_ 6e:79:d7:95:2c:a8:91:f3:86:01:21:91:4b:b5:40:a4 SSL Session Caching Information QID: Category: General remote services Port: 587 SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters. This test determines if SSL session caching is enabled on the host. SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only. SSLv3 session caching is disabled on the target.tlsv1 session caching is disabled on the target. TLS Secure Renegotiation Extension Supported QID: Category: General remote services Port: 995 Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS 55/71

56 protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not. TLS Secure Renegotiation Extension Status: supported. TLS Secure Renegotiation Extension Supported QID: Category: General remote services Port: 587 Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not. TLS Secure Renegotiation Extension Status: supported. TLS Secure Renegotiation Extension Supported QID: Category: General remote services Port: 25 Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not. TLS Secure Renegotiation Extension Status: supported. 56/71

57 Host Names Found QID: Category: Information gathering Port: 0 The following host names were discovered for this computer using various methods such as DNS look up, NetBIOS query, and SQL server name query. #table cols="2" Host_Name Source User-provided_DNS ip ip.secureserver.net FQDN TLS Secure Renegotiation Extension Supported QID: Category: General remote services Port: 143 Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not. TLS Secure Renegotiation Extension Status: supported. SSL Session Caching Information QID: Category: General remote services Port: 465 SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters. This test determines if SSL session caching is enabled on the host. 57/71

58 SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only. SSLv3 session caching is disabled on the target.tlsv1 session caching is disabled on the target. SSL Session Caching Information QID: Category: General remote services Port: 993 SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters. This test determines if SSL session caching is enabled on the host. SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only. SSLv3 session caching is disabled on the target.tlsv1 session caching is disabled on the target. SSL Session Caching Information QID: Category: General remote services Port: 143 SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters. This test determines if SSL session caching is enabled on the host. SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only. SSLv3 session caching is disabled on the target.tlsv1 session caching is disabled on the target. SSL Certificate - Information 58/71

59 QID: Category: Web server Port: 110 #table cols="2" NAME VALUE (0)CERTIFICATE_0 _ (0)Version 3_(0x2) (0)Serial_Number _04:21:c8:2b:ce:f1:ab_ (0)Signature_Algorithm sha1withrsaencryption (0)ISSUER_NAME _ countryname US _stateorprovincename Arizona _localityname Scottsdale _organizationname "Starfield_Technologies,_Inc." _organizationalunitname _commonname Starfield_Secure_Certification_Authority _serialnumber (0)SUBJECT_NAME _ countryname US _stateorprovincename Arizona _organizationname "Special_Domain_Services,_LLC" _commonname *.prod.phx3.secureserver.net (0)Valid_From Apr_10_21:06:10_2014_GMT (0)Valid_Till Oct_14_17:08:31_2016_GMT (0)Public_Key_Algorithm rsaencryption (0)RSA_Public_Key (2048_bit) (0) Public-Key:_(2048_bit)_ (0) Modulus:_ (0) 00:ba:cc:2a:8b:6c:db:a4:40:66:48:af:89:d4:72:_ (0) 14:5d:c3:f6:8b:fd:b9:20:ca:b5:ef:1c:b6:77:23:_ (0) 80:bf:3e:60:c1:de:0a:d9:82:ed:86:a9:5e:70:20:_ (0) f7:a9:a6:f9:ad:e0:33:78:a7:26:63:e8:87:61:cf:_ (0) 2d:8f:a1:67:36:5d:4c:c0:06:ad:2f:57:79:56:60:_ (0) d6:f9:ff:05:db:8a:e1:88:c6:50:e6:a3:b5:4e:7b:_ (0) 2e:f7:d1:ba:78:4c:6d:d7:97:c6:a2:3e:ae:a7:cb:_ (0) 09:ec:a5:0c:2c:47:a4:3a:e6:4f:cc:3a:01:aa:1a:_ (0) 50:bd:39:07:89:7a:ea:d3:29:21:bf:53:fd:0d:7d:_ (0) 2c:6d:79:16:e2:4f:d5:8c:aa:2b:d1:d4:5d:a5:66:_ (0) 99:8b:aa:fb:38:1a:cd:01:fd:04:3f:ad:bb:c1:35:_ (0) 91:49:0b:6e:a2:e6:3f:1e:5f:f2:6a:39:86:15:c8:_ (0) 98:a1:02:cb:f7:07:8d:85:06:3c:ab:6b:c1:31:15:_ (0) a2:54:c2:0a:bc:ec:e2:be:72:b9:08:d1:ce:1e:d6:_ (0) d3:c2:dc:09:3d:1b:19:58:c0:eb:7e:b2:e4:44:e3:_ (0) 88:b4:b7:b7:5f:69:2e:88:15:15:52:55:d2:79:df:_ (0) 99:29:df:ce:2d:93:a9:ed:28:24:84:f1:7c:fe:01:_ (0) 5d:f9_ (0) Exponent:_65537_(0x10001)_ (0)X509v3_EXTENSIONS _ (0)X509v3_Basic_Constraints critical (0) CA:FALSE (0)X509v3_Extended_Key_Usage _TLS_Web_Server_Authentication,_TLS_Web_Client_Authentication (0)X509v3_Key_Usage critical (0) Digital_Signature,_Key_Encipherment (0)X509v3_CRL_Distribution_Points _ (0) Full_Name:_ (0) URI: (0)X509v3_Certificate_Policies _Policy:_ _ (0) CPS:_http://certificates.starfieldtech.com/repository/_ (0)Authority_Information_Access _OCSP_- _URI: (0) CA_Issuers_- _URI: intermediate.crt _ (0)X509v3_Authority_Key_Identifier _keyid:49:4b:52:27:d1:1b:bc:f2:a1:21:6a:62:7b:51:42:7a:8a:d7:d5:56_ (0)X509v3_Subject_Alternative_Name _DNS:*.prod.phx3.secureserver.net,_DNS:prod.phx3.secureserver.net (0)X509v3_Subject_Key_Identifier _FC:08:18:6D:14:3A:A7:AA:5D:BF:D1:9A:1B:DE:43:A7:CB:15:65:F0 (0)Signature (256_octets)_ (0)_ bb:49:1d:0c:ab:69:95:ba:fb:f3:90:bb:03:4a:c2:c9 (0)_ b6:c0:b9:11:2f:78:43:b1:07:b9:27:f8:8d:12:d2:fb (0)_ 98:38:ab:c7:4a:88:47:70:64:f6:d6:3c:95:2a:37:1a (0)_ e4:e6:44:ee:5e:a7:0f:9a:31:80:8f:0c:14:0e:c3:f1 (0)_ ec:8f:e1:57:51:05:ee:cc:2f:77:36:e3:67:64:e1:a7 (0)_ 47:f2:2a:1f:17:c8:a6:9a:7f:ac:30:2e:35:a8:84:84 (0)_ 5c:8c:78:75:df:2d:1d:45:52:5d:e5:e4:fd:a6:eb:33 (0)_ 76:35:3f:50:b1:ec:9e:d4:24:f4:87:71:1e:21:81:95 (0)_ 55:22:da:06:35:12:b2:bb:0c:1a:7b:d9:a6:dc:e4:d5 (0)_ 99:67:0a:58:4c:59:c5:a3:d8:b3:54:b6:a9:d2:6a:91 (0)_ 2a:fd:dc:0d:31:6e:d9:28:67:73:46:7c:b2:9a:ed:67 (0)_ 59/71

60 8a:27:af:16:aa:3c:b7:d4:c4:5d:2a:68:0a:c9:19:71 (0)_ 85:dc:11:e6:b3:ff:6a:a3:4b:b6:d8:1d:21:14:7f:48 (0)_ 18:c4:40:28:d0:5d:f9:4d:09:1a:f4:e5:6f:17:11:81 (0)_ 9d:dc:d9:5e:3c:b7:a5:55:1f:57:5d:b4:7e:e7:01:60 (0)_ 61:60:e2:11:96:77:a0:a2:9a:ac:8e:6c:bc:37:eb:be (1)CERTIFICATE_1 _ (1)Version 3_(0x2) (1)Serial_Number 0_(0x0)_ (1)Signature_Algorithm sha1withrsaencryption (1)ISSUER_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (1)SUBJECT_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (1)Valid_From Jun_29_17:39:16_2004_GMT (1)Valid_Till Jun_29_17:39:16_2034_GMT (1)Public_Key_Algorithm rsaencryption (1)RSA_Public_Key (2048_bit) (1) Public-Key:_(2048_bit)_ (1) Modulus:_ (1) 00:b7:32:c8:fe:e9:71:a6:04:85:ad:0c:11:64:df:_ (1) ce:4d:ef:c8:03:18:87:3f:a1:ab:fb:3c:a6:9f:f0:_ (1) c3:a1:da:d4:d8:6e:2b:53:90:fb:24:a4:3e:84:f0:_ (1) 9e:e8:5f:ec:e5:27:44:f5:28:a6:3f:7b:de:e0:2a:_ (1) f0:c8:af:53:2f:9e:ca:05:01:93:1e:8f:66:1c:39:_ (1) a7:4d:fa:5a:b6:73:04:25:66:eb:77:7f:e7:59:c6:_ (1) 4a:99:25:14:54:eb:26:c7:f3:7f:19:d5:30:70:8f:_ (1) af:b0:46:2a:ff:ad:eb:29:ed:d7:9f:aa:04:87:a3:_ (1) d4:f9:89:a5:34:5f:db:43:91:82:36:d9:66:3c:b1:_ (1) b8:b9:82:fd:9c:3a:3e:10:c8:3b:ef:06:65:66:7a:_ (1) 9b:19:18:3d:ff:71:51:3c:30:2e:5f:be:3d:77:73:_ (1) b2:5d:06:6c:c3:23:56:9a:2b:85:26:92:1c:a7:02:_ (1) b3:e4:3f:0d:af:08:79:82:b8:36:3d:ea:9c:d3:35:_ (1) b3:bc:69:ca:f5:cc:9d:e8:fd:64:8d:17:80:33:6e:_ (1) 5e:4a:5d:99:c9:1e:87:b4:9d:1a:c0:d5:6e:13:35:_ (1) 23:5e:df:9b:5f:3d:ef:d6:f7:76:c2:ea:3e:bb:78:_ (1) 0d:1c:42:67:6b:04:d8:f8:d6:da:6f:8b:f2:44:a0:_ (1) 01:ab_ (1) Exponent:_3_(0x3)_ (1)X509v3_EXTENSIONS _ (1)X509v3_Subject_Key_Identifier _BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 (1)X509v3_Authority_Key_Identifier _keyid:bf:5f:b7:d1:ce:dd:1f:86:f4:5b:55:ac:dc:d7:10:c2:0e:a9:88:e7_ (1) DirName:/C=US/O=Starfield_Technologies,_Inc./OU=Starfield_Class_2_Certifi cation_authority_ (1) serial:00_ (1)X509v3_Basic_Constraints _CA:TRUE (1)Signature (256_octets)_ (1)_ 05:9d:3f:88:9d:d1:c9:1a:55:a1:ac:69:f3:f3:59:da (1)_ 9b:01:87:1a:4f:57:a9:a1:79:09:2a:db:f7:2f:b2:1e (1)_ cc:c7:5e:6a:d8:83:87:a1:97:ef:49:35:3e:77:06:41 (1)_ 58:62:bf:8e:58:b8:0a:67:3f:ec:b3:dd:21:66:1f:c9 (1)_ 54:fa:72:cc:3d:4c:40:d8:81:af:77:9e:83:7a:bb:a2 (1)_ c7:f5:34:17:8e:d9:11:40:f4:fc:2c:2a:4d:15:7f:a7 (1)_ 62:5d:2e:25:d3:00:0b:20:1a:1d:68:f9:17:b8:f4:bd (1)_ 8b:ed:28:59:dd:4d:16:8b:17:83:c8:b2:65:c7:2d:7a (1)_ a5:aa:bc:53:86:6d:dd:57:a4:ca:f8:20:41:0b:68:f0 (1)_ f4:fb:74:be:56:5d:7a:79:f5:f9:1d:85:e3:2d:95:be (1)_ f5:71:90:43:cc:8d:1f:9a:00:0a:87:29:e9:55:22:58 (1)_ 00:23:ea:e3:12:43:29:5b:47:08:dd:8c:41:6a:65:06 (1)_ a8:e5:21:aa:41:b4:95:21:95:b9:7d:d1:34:ab:13:d6 (1)_ ad:bc:dc:e2:3d:39:cd:bd:3e:75:70:a1:18:59:03:c9 (1)_ 22:b4:8f:9c:d5:5e:2a:d7:a5:b6:d4:0a:6d:f8:b7:40 (1)_ 11:46:9a:1f:79:0e:62:bf:0f:97:ec:e0:2f:1f:17:94 (2)CERTIFICATE_2 _ (2)Version 3_(0x2) (2)Serial_Number 513_(0x201)_ (2)Signature_Algorithm sha1withrsaencryption (2)ISSUER_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (2)SUBJECT_NAME _ countryname US _stateorprovincename Arizona _localityname Scottsdale _organizationname "Starfield_Technologies,_Inc." _organizationalunitname _commonname Starfield_Secure_Certification_Authority _serialnumber (2)Valid_From Nov_16_01:15:40_2006_GMT (2)Valid_Till Nov_16_01:15:40_2026_GMT (2)Public_Key_Algorithm rsaencryption (2)RSA_Public_Key (2048_bit) (2) Public-Key:_(2048_bit)_ (2) Modulus:_ (2) 00:e2:a7:5d:a3:ed:66:ef:6a:2f:2b:36:1f:dd:8d:_ (2) d3:05:02:a0:ca:0f:5e:19:ae:38:72:cf:16:da:54:_ (2) 4a:cb:48:0a:f4:a1:73:11:65:85:43:c9:5b:17:0c:_ (2) 9a:2b:be:0f:98:51:7a:60:29:0d:6c:de:e2:e8:e5:_ (2)_ 60/71

61 _15:4d:56:ff:90:d1:a7:a6:04:3f:60:07:4a:ca:6f:_ (2) a5:10:e7:b3:f8:5c:b1:bc:2b:2a:dc:01:79:f5:1d:_ (2) 35:f5:7a:28:83:f2:93:73:82:89:ac:60:6d:cb:c2:_ (2) 48:c2:1d:d4:06:44:17:3c:ac:01:47:ab:3e:70:84:_ (2) 09:0b:b8:20:08:40:20:87:a1:63:1a:ca:3e:83:d2:_ (2) 37:b3:98:8d:32:3f:37:bf:a1:b7:5b:5f:de:5c:33:_ (2) 92:cf:3e:07:ce:b9:48:4b:e2:f0:55:50:2f:f8:70:_ (2) 42:89:d1:93:96:8a:63:d9:66:0d:e6:58:6e:b9:6d:_ (2) 90:bd:ca:dc:84:66:f2:39:8e:5b:a6:58:55:73:cb:_ (2) 62:6c:1b:d7:20:16:3b:2c:59:f5:cb:c8:56:32:4a:_ (2) 50:27:ba:55:d3:a8:01:cb:72:a9:74:8b:0c:ad:3a:_ (2) e5:15:b6:2a:df:65:f8:de:8a:f5:ef:84:3b:f9:e7:_ (2) 54:65:0b:80:bd:47:45:a5:f0:44:d8:53:3b:be:80:_ (2) f1:2f_ (2) Exponent:_65537_(0x10001)_ (2)X509v3_EXTENSIONS _ (2)X509v3_Subject_Key_Identifier _49:4B:52:27:D1:1B:BC:F2:A1:21:6A:62:7B:51:42:7A:8A:D7:D5:56 (2)X509v3_Authority_Key_Identifier _keyid:bf:5f:b7:d1:ce:dd:1f:86:f4:5b:55:ac:dc:d7:10:c2:0e:a9:88:e7_ (2)X509v3_Basic_Constraints critical (2) CA:TRUE,_pathlen:0 (2)Authority_Information_Access _OCSP_-_URI: (2)X509v3_CRL_Distribution_Points _ (2) Full_Name:_ (2) URI: (2)X509v3_Certificate_Policies _Policy:_X509v3_Any_Policy_ (2) CPS:_http://certificates.starfieldtech.com/repository_ (2)X509v3_Key_Usage critical (2) Certificate_Sign,_CRL_Sign (2)Signature (256_octets)_ (2)_ 86:52:ba:b3:1f:a6:5e:6b:90:a6:64:2a:fc:45:b2:ae (2)_ 9f:3e:b3:62:af:db:1f:67:c4:bd:ca:a1:2f:c7:9c:0d (2)_ 21:57:d0:f8:36:21:ce:3a:25:3e:78:76:b3:d9:dd:bc (2)_ de:fb:6c:84:5f:0c:a3:0d:12:eb:11:3b:71:5f:80:1e (2)_ f1:1f:6d:0e:5f:c1:ec:d4:a5:f7:65:bb:1f:4c:95:01 (2)_ 13:b2:6a:9c:0b:eb:1f:9d:b1:e7:ed:19:0d:bc:85:7c (2)_ f3:17:bd:59:63:ae:a7:1a:05:cd:47:e3:2d:96:62:51 (2)_ 32:0a:08:68:4b:22:77:5f:f7:45:dc:61:de:f4:cb:2b (2)_ 22:29:44:25:d2:9f:0b:77:7a:a1:26:7c:4a:d7:0f:c2 (2)_ d1:3c:ba:0e:a7:95:9a:5b:05:0a:10:f9:55:5f:c1:97 (2)_ 8b:74:cc:5e:28:69:13:7e:d0:0a:8d:9d:0f:60:54:7a (2)_ c4:8c:1b:35:0f:74:7a:70:b2:82:cf:1d:b5:e2:8a:db (2)_ 2a:c6:b2:51:69:bf:12:17:92:60:17:aa:3d:5b:09:f8 (2)_ 87:65:1d:a7:a4:28:e5:22:02:03:82:44:9a:34:63:9e (2)_ fb:28:cf:e8:cd:2e:0e:52:20:ed:4a:cb:38:7c:9d:ae (2)_ 6e:79:d7:95:2c:a8:91:f3:86:01:21:91:4b:b5:40:a4 SSL Server Information Retrieval QID: Category: General remote services Port: 143 The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-low grade cipher. In this case even though LOW grade cipher will be listed here QID will not be reported. SSLv2_PROTOCOL_IS_DISABLED _ SSLv3_PROTOCOL_IS_ENABLED _ SSLv3 COMPRESSION_METHOD None _ RC4-MD5 RSA RSA MD5 RC4(128)_ MEDIUM_ RC4-SHA RSA RSA SHA1 RC4(128)_ MEDIUM_ IDEA-CBC-SHA RSA RSA SHA1 IDEA(128)_ MEDIUM_ DES-CBC3-SHA RSA RSA SHA1 3DES(168)_ HIGH_ EDH-RSA-DES- 61/71

62 CBC3-SHA DH RSA SHA1 3DES(168)_ HIGH_ AES128-SHA RSA RSA SHA1 AES(128)_ MEDIUM_ DHE-RSA-AES128-SHA DH RSA SHA1 AES(128)_ MEDIUM_ AES256-SHA RSA RSA SHA1 AES(256)_ HIGH_ DHE-RSA-AES256-SHA DH RSA SHA1 AES(256)_ HIGH_ CAMELLIA128-SHA RSA RSA SHA1 Camellia(128)_ MEDIUM_ DHE-RSA-CAMELLIA128- SHA DH RSA SHA1 Camellia(128)_ MEDIUM_ CAMELLIA256-SHA RSA RSA SHA1 Camellia(256)_ HIGH_ DHE-RSA-CAMELLIA256-SHA DH RSA SHA1 Camellia(256)_ HIGH_ SEED-SHA RSA RSA SHA1 SEED(128)_ MEDIUM_ DHE-RSA-SEED-SHA DH RSA SHA1 SEED(128)_ MEDIUM_ TLSv1_PROTOCOL_IS_ENABLED _ TLSv1 COMPRESSION_METHOD None _ RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_ RC4- SHA RSA RSA SHA1 RC4(128) _MEDIUM_ IDEA-CBC-SHA RSA RSA SHA1 IDEA(128) _MEDIUM_ DES-CBC3-SHA RSA RSA SHA1 3DES(168) _HIGH_ EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168) _HIGH_ AES128-SHA RSA RSA SHA1 AES(128) _MEDIUM_ DHE-RSA-AES128-SHA DH RSA SHA1 AES(128) _MEDIUM_ AES256-SHA RSA RSA SHA1 AES(256) _HIGH_ DHE-RSA-AES256-SHA DH RSA SHA1 AES(256) _HIGH_ CAMELLIA128-SHA RSA RSA SHA1 Camellia(128) _MEDIUM_ DHE-RSA-CAMELLIA128- SHA DH RSA SHA1 Camellia(128) _MEDIUM_ CAMELLIA256-SHA RSA RSA SHA1 Camellia(256) _HIGH_ DHE-RSA-CAMELLIA256-SHA DH RSA SHA1 Camellia(256) _HIGH_ SEED-SHA RSA RSA SHA1 SEED(128) _MEDIUM_ DHE-RSA-SEED-SHA DH RSA SHA1 SEED(128) _MEDIUM_ TLS Secure Renegotiation Extension Supported QID: Category: General remote services Port: 993 Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not. TLS Secure Renegotiation Extension Status: supported. SSL Certificate - Information QID: Category: Web server Port: 21 #table cols="2" NAME VALUE (0)CERTIFICATE_0 _ (0)Version 3_(0x2) (0)Serial_Number _(0x72a0bbd1)_ (0)Signature_Algorithm sha1withrsaencryption (0)ISSUER_NAME _ commonname p3plcpnl0246.prod.phx3.secureserver.net _ address [email protected] (0)SUBJECT_NAME _ commonname p3plcpnl0246.prod.phx3.secureserver.net _ address 62/71

63 (0)Valid_From Feb_20_18:37:39_2014_GMT (0)Valid_Till Feb_20_18:37:39_2015_GMT (0)Public_Key_Algorithm rsaencryption (0)RSA_Public_Key (2048_bit) (0) Public-Key:_(2048_bit)_ (0) Modulus:_ (0) 00:b8:1c:45:9d:be:be:12:b2:e7:ce:fd:ec:6b:d3:_ (0) 33:23:31:2f:29:95:74:2c:21:50:3b:3e:02:0d:15:_ (0) 75:9d:e1:b4:fa:e2:d2:d7:72:49:d3:1a:0b:5d:ce:_ (0) f1:61:48:6a:5b:53:03:d9:72:3c:2d:d4:35:a9:1d:_ (0) 0e:db:6c:10:34:e1:fc:f2:7d:13:b0:fc:cb:68:f9:_ (0) 52:e8:08:ba:76:01:99:28:48:13:36:d7:e1:3e:60:_ (0) 65:54:4a:11:d4:3c:c6:c7:1a:f0:0b:1b:2f:a3:03:_ (0) 4e:74:43:22:59:44:83:68:9e:6d:5b:64:dc:97:cf:_ (0) db:77:04:3b:c3:a2:b3:b0:65:1f:c4:d6:67:6c:d4:_ (0) cc:ac:ed:2d:d4:d1:7e:23:cc:49:ef:7a:05:f1:54:_ (0) b1:5b:60:c5:f0:d1:28:b2:bc:26:e9:9f:c4:1e:a9:_ (0) 42:53:f4:ea:10:dc:aa:5c:53:08:32:10:06:73:74:_ (0) de:54:74:db:01:a9:a2:40:8e:b1:9d:d1:1d:1d:eb:_ (0) 76:48:5e:4a:37:37:da:58:c3:c2:c9:9d:9e:e8:74:_ (0) 9c:54:f8:1d:eb:6c:8f:99:2b:a6:84:1c:01:a8:6b:_ (0) 30:cf:ad:a2:fe:d3:ce:0b:e8:21:b4:fd:e9:38:d1:_ (0) 02:a2:d9:e7:dd:9e:00:6c:ed:a8:14:6c:c5:27:2e:_ (0) b8:81_ (0) Exponent:_65537_(0x10001)_ (0)X509v3_EXTENSIONS _ (0)X509v3_Subject_Key_Identifier _2B:98:52:BB:B5:60:62:79:49:A1:AC:39:5A:57:BA:6C:CC:36:A4:D6 (0)X509v3_Authority_Key_Identifier _keyid:2b:98:52:bb:b5:60:62:79:49:a1:ac:39:5a:57:ba:6c:cc:36:a4:d6_ (0)X509v3_Basic_Constraints _CA:TRUE (0)Signature (256_octets)_ (0)_ 6b:76:3a:ef:8a:6f:3e:61:96:f0:99:04:03:f8:4d:90 (0)_ 60:22:86:74:08:82:47:af:8b:91:ff:9f:8c:ba:9c:72 (0)_ 87:9e:94:bb:f5:83:fb:73:9d:55:6b:ff:3b:9f:ea:77 (0)_ 05:51:82:00:48:44:e6:58:10:49:32:f2:b4:33:d7:db (0)_ db:73:b6:a8:7f:07:d9:fd:f2:dc:95:3c:ff:2d:d4:10 (0)_ ff:79:2c:9f:98:40:22:47:a5:cd:21:49:02:51:40:9c (0)_ 65:38:31:ad:54:03:93:18:8a:ed:11:2c:1a:06:9c:a4 (0)_ 97:b3:b7:84:60:27:05:09:c0:89:c9:b8:9a:68:f9:fd (0)_ 09:44:12:95:ee:e7:3c:8a:ee:28:54:a9:b8:96:79:c0 (0)_ 70:b9:5d:5f:e6:96:ad:31:84:95:d4:73:c4:85:98:45 (0)_ 95:d9:73:0f:73:49:f7:92:0a:f2:94:b9:4b:59:66:7c (0)_ 54:d5:b5:9f:76:06:54:8d:4d:bc:f1:cf:d0:82:9f:bb (0)_ f6:98:1f:a6:60:b9:e0:97:77:cf:0b:49:17:0a:dc:e5 (0)_ 2e:d5:a0:5e:9e:90:27:33:98:d9:81:f8:fe:7c:b0:60 (0)_ c2:e0:69:ab:f9:00:96:66:96:e5:bd:17:69:13:ee:45 (0)_ be:1b:2b:3c:9b:97:52:70:11:5b:a0:06:1f:f3:44:93 SSL Session Caching Information QID: Category: General remote services Port: 110 SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters. This test determines if SSL session caching is enabled on the host. SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only. 63/71

64 SSLv3 session caching is enabled on the target.tlsv1 session caching is disabled on the target. Target Network Information QID: Category: Information gathering Port: 0 The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located). This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information. This information can be used by malicious users to gather more information about the network infrastructure that may help in launching attacks against it. The network handle is: GO-DADDY-COM-LLC Network description: GoDaddy.com, LLC TLS Secure Renegotiation Extension Supported QID: Category: General remote services Port: 21 Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not. TLS Secure Renegotiation Extension Status: supported. SSL Server Information Retrieval QID: Category: General remote services Port: 465 The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it 64/71

65 means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-low grade cipher. In this case even though LOW grade cipher will be listed here QID will not be reported. SSLv2_PROTOCOL_IS_DISABLED _ SSLv3_PROTOCOL_IS_ENABLED _ SSLv3 COMPRESSION_METHOD None _ RC4-MD5 RSA RSA MD5 RC4(128)_ MEDIUM_ RC4-SHA RSA RSA SHA1 RC4(128)_ MEDIUM_ IDEA-CBC-SHA RSA RSA SHA1 IDEA(128)_ MEDIUM_ DES-CBC3-SHA RSA RSA SHA1 3DES(168)_ HIGH_ EDH-RSA-DES- CBC3-SHA DH RSA SHA1 3DES(168)_ HIGH_ AES128-SHA RSA RSA SHA1 AES(128)_ MEDIUM_ DHE-RSA-AES128-SHA DH RSA SHA1 AES(128)_ MEDIUM_ AES256-SHA RSA RSA SHA1 AES(256)_ HIGH_ DHE-RSA-AES256-SHA DH RSA SHA1 AES(256)_ HIGH_ CAMELLIA128-SHA RSA RSA SHA1 Camellia(128)_ MEDIUM_ DHE-RSA-CAMELLIA128- SHA DH RSA SHA1 Camellia(128)_ MEDIUM_ CAMELLIA256-SHA RSA RSA SHA1 Camellia(256)_ HIGH_ DHE-RSA-CAMELLIA256-SHA DH RSA SHA1 Camellia(256)_ HIGH_ SEED-SHA RSA RSA SHA1 SEED(128)_ MEDIUM_ DHE-RSA-SEED-SHA DH RSA SHA1 SEED(128)_ MEDIUM_ TLSv1_PROTOCOL_IS_ENABLED _ TLSv1 COMPRESSION_METHOD None _ RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_ RC4- SHA RSA RSA SHA1 RC4(128) _MEDIUM_ IDEA-CBC-SHA RSA RSA SHA1 IDEA(128) _MEDIUM_ DES-CBC3-SHA RSA RSA SHA1 3DES(168) _HIGH_ EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168) _HIGH_ AES128-SHA RSA RSA SHA1 AES(128) _MEDIUM_ DHE-RSA-AES128-SHA DH RSA SHA1 AES(128) _MEDIUM_ AES256-SHA RSA RSA SHA1 AES(256) _HIGH_ DHE-RSA-AES256-SHA DH RSA SHA1 AES(256) _HIGH_ CAMELLIA128-SHA RSA RSA SHA1 Camellia(128) _MEDIUM_ DHE-RSA-CAMELLIA128- SHA DH RSA SHA1 Camellia(128) _MEDIUM_ CAMELLIA256-SHA RSA RSA SHA1 Camellia(256) _HIGH_ DHE-RSA-CAMELLIA256-SHA DH RSA SHA1 Camellia(256) _HIGH_ SEED-SHA RSA RSA SHA1 SEED(128) _MEDIUM_ DHE-RSA-SEED-SHA DH RSA SHA1 SEED(128) _MEDIUM_ SSL Session Caching Information QID: Category: General remote services Port: 995 SSL session is a collection of security parameters that are negotiated by the SSL client and server for each SSL connection. SSL session caching is targeted to reduce the overhead of negotiations in recurring SSL connections. SSL sessions can be reused to resume an earlier connection or to establish multiple simultaneous connections. The client suggests an SSL session to be reused by identifying the session with a Session-ID during SSL handshake. If the server finds it appropriate to reuse the session, then they both proceed to secure communication with already known security parameters. This test determines if SSL session caching is enabled on the host. SSL session caching is part of the SSL and TLS protocols and is not a security threat. The result of this test is for informational purposes only. SSLv3 session caching is disabled on the target.tlsv1 session caching is disabled on the target. SSL Certificate - Information 65/71

66 QID: Category: Web server Port: 993 #table cols="2" NAME VALUE (0)CERTIFICATE_0 _ (0)Version 3_(0x2) (0)Serial_Number _04:21:c8:2b:ce:f1:ab_ (0)Signature_Algorithm sha1withrsaencryption (0)ISSUER_NAME _ countryname US _stateorprovincename Arizona _localityname Scottsdale _organizationname "Starfield_Technologies,_Inc." _organizationalunitname _commonname Starfield_Secure_Certification_Authority _serialnumber (0)SUBJECT_NAME _ countryname US _stateorprovincename Arizona _organizationname "Special_Domain_Services,_LLC" _commonname *.prod.phx3.secureserver.net (0)Valid_From Apr_10_21:06:10_2014_GMT (0)Valid_Till Oct_14_17:08:31_2016_GMT (0)Public_Key_Algorithm rsaencryption (0)RSA_Public_Key (2048_bit) (0) Public-Key:_(2048_bit)_ (0) Modulus:_ (0) 00:ba:cc:2a:8b:6c:db:a4:40:66:48:af:89:d4:72:_ (0) 14:5d:c3:f6:8b:fd:b9:20:ca:b5:ef:1c:b6:77:23:_ (0) 80:bf:3e:60:c1:de:0a:d9:82:ed:86:a9:5e:70:20:_ (0) f7:a9:a6:f9:ad:e0:33:78:a7:26:63:e8:87:61:cf:_ (0) 2d:8f:a1:67:36:5d:4c:c0:06:ad:2f:57:79:56:60:_ (0) d6:f9:ff:05:db:8a:e1:88:c6:50:e6:a3:b5:4e:7b:_ (0) 2e:f7:d1:ba:78:4c:6d:d7:97:c6:a2:3e:ae:a7:cb:_ (0) 09:ec:a5:0c:2c:47:a4:3a:e6:4f:cc:3a:01:aa:1a:_ (0) 50:bd:39:07:89:7a:ea:d3:29:21:bf:53:fd:0d:7d:_ (0) 2c:6d:79:16:e2:4f:d5:8c:aa:2b:d1:d4:5d:a5:66:_ (0) 99:8b:aa:fb:38:1a:cd:01:fd:04:3f:ad:bb:c1:35:_ (0) 91:49:0b:6e:a2:e6:3f:1e:5f:f2:6a:39:86:15:c8:_ (0) 98:a1:02:cb:f7:07:8d:85:06:3c:ab:6b:c1:31:15:_ (0) a2:54:c2:0a:bc:ec:e2:be:72:b9:08:d1:ce:1e:d6:_ (0) d3:c2:dc:09:3d:1b:19:58:c0:eb:7e:b2:e4:44:e3:_ (0) 88:b4:b7:b7:5f:69:2e:88:15:15:52:55:d2:79:df:_ (0) 99:29:df:ce:2d:93:a9:ed:28:24:84:f1:7c:fe:01:_ (0) 5d:f9_ (0) Exponent:_65537_(0x10001)_ (0)X509v3_EXTENSIONS _ (0)X509v3_Basic_Constraints critical (0) CA:FALSE (0)X509v3_Extended_Key_Usage _TLS_Web_Server_Authentication,_TLS_Web_Client_Authentication (0)X509v3_Key_Usage critical (0) Digital_Signature,_Key_Encipherment (0)X509v3_CRL_Distribution_Points _ (0) Full_Name:_ (0) URI: (0)X509v3_Certificate_Policies _Policy:_ _ (0) CPS:_http://certificates.starfieldtech.com/repository/_ (0)Authority_Information_Access _OCSP_- _URI: (0) CA_Issuers_- _URI: intermediate.crt _ (0)X509v3_Authority_Key_Identifier _keyid:49:4b:52:27:d1:1b:bc:f2:a1:21:6a:62:7b:51:42:7a:8a:d7:d5:56_ (0)X509v3_Subject_Alternative_Name _DNS:*.prod.phx3.secureserver.net,_DNS:prod.phx3.secureserver.net (0)X509v3_Subject_Key_Identifier _FC:08:18:6D:14:3A:A7:AA:5D:BF:D1:9A:1B:DE:43:A7:CB:15:65:F0 (0)Signature (256_octets)_ (0)_ bb:49:1d:0c:ab:69:95:ba:fb:f3:90:bb:03:4a:c2:c9 (0)_ b6:c0:b9:11:2f:78:43:b1:07:b9:27:f8:8d:12:d2:fb (0)_ 98:38:ab:c7:4a:88:47:70:64:f6:d6:3c:95:2a:37:1a (0)_ e4:e6:44:ee:5e:a7:0f:9a:31:80:8f:0c:14:0e:c3:f1 (0)_ ec:8f:e1:57:51:05:ee:cc:2f:77:36:e3:67:64:e1:a7 (0)_ 47:f2:2a:1f:17:c8:a6:9a:7f:ac:30:2e:35:a8:84:84 (0)_ 5c:8c:78:75:df:2d:1d:45:52:5d:e5:e4:fd:a6:eb:33 (0)_ 76:35:3f:50:b1:ec:9e:d4:24:f4:87:71:1e:21:81:95 (0)_ 55:22:da:06:35:12:b2:bb:0c:1a:7b:d9:a6:dc:e4:d5 (0)_ 99:67:0a:58:4c:59:c5:a3:d8:b3:54:b6:a9:d2:6a:91 (0)_ 2a:fd:dc:0d:31:6e:d9:28:67:73:46:7c:b2:9a:ed:67 (0)_ 8a:27:af:16:aa:3c:b7:d4:c4:5d:2a:68:0a:c9:19:71 (0)_ 66/71

67 85:dc:11:e6:b3:ff:6a:a3:4b:b6:d8:1d:21:14:7f:48 (0)_ 18:c4:40:28:d0:5d:f9:4d:09:1a:f4:e5:6f:17:11:81 (0)_ 9d:dc:d9:5e:3c:b7:a5:55:1f:57:5d:b4:7e:e7:01:60 (0)_ 61:60:e2:11:96:77:a0:a2:9a:ac:8e:6c:bc:37:eb:be (1)CERTIFICATE_1 _ (1)Version 3_(0x2) (1)Serial_Number 0_(0x0)_ (1)Signature_Algorithm sha1withrsaencryption (1)ISSUER_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (1)SUBJECT_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (1)Valid_From Jun_29_17:39:16_2004_GMT (1)Valid_Till Jun_29_17:39:16_2034_GMT (1)Public_Key_Algorithm rsaencryption (1)RSA_Public_Key (2048_bit) (1) Public-Key:_(2048_bit)_ (1) Modulus:_ (1) 00:b7:32:c8:fe:e9:71:a6:04:85:ad:0c:11:64:df:_ (1) ce:4d:ef:c8:03:18:87:3f:a1:ab:fb:3c:a6:9f:f0:_ (1) c3:a1:da:d4:d8:6e:2b:53:90:fb:24:a4:3e:84:f0:_ (1) 9e:e8:5f:ec:e5:27:44:f5:28:a6:3f:7b:de:e0:2a:_ (1) f0:c8:af:53:2f:9e:ca:05:01:93:1e:8f:66:1c:39:_ (1) a7:4d:fa:5a:b6:73:04:25:66:eb:77:7f:e7:59:c6:_ (1) 4a:99:25:14:54:eb:26:c7:f3:7f:19:d5:30:70:8f:_ (1) af:b0:46:2a:ff:ad:eb:29:ed:d7:9f:aa:04:87:a3:_ (1) d4:f9:89:a5:34:5f:db:43:91:82:36:d9:66:3c:b1:_ (1) b8:b9:82:fd:9c:3a:3e:10:c8:3b:ef:06:65:66:7a:_ (1) 9b:19:18:3d:ff:71:51:3c:30:2e:5f:be:3d:77:73:_ (1) b2:5d:06:6c:c3:23:56:9a:2b:85:26:92:1c:a7:02:_ (1) b3:e4:3f:0d:af:08:79:82:b8:36:3d:ea:9c:d3:35:_ (1) b3:bc:69:ca:f5:cc:9d:e8:fd:64:8d:17:80:33:6e:_ (1) 5e:4a:5d:99:c9:1e:87:b4:9d:1a:c0:d5:6e:13:35:_ (1) 23:5e:df:9b:5f:3d:ef:d6:f7:76:c2:ea:3e:bb:78:_ (1) 0d:1c:42:67:6b:04:d8:f8:d6:da:6f:8b:f2:44:a0:_ (1) 01:ab_ (1) Exponent:_3_(0x3)_ (1)X509v3_EXTENSIONS _ (1)X509v3_Subject_Key_Identifier _BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 (1)X509v3_Authority_Key_Identifier _keyid:bf:5f:b7:d1:ce:dd:1f:86:f4:5b:55:ac:dc:d7:10:c2:0e:a9:88:e7_ (1) DirName:/C=US/O=Starfield_Technologies,_Inc./OU=Starfield_Class_2_Certifi cation_authority_ (1) serial:00_ (1)X509v3_Basic_Constraints _CA:TRUE (1)Signature (256_octets)_ (1)_ 05:9d:3f:88:9d:d1:c9:1a:55:a1:ac:69:f3:f3:59:da (1)_ 9b:01:87:1a:4f:57:a9:a1:79:09:2a:db:f7:2f:b2:1e (1)_ cc:c7:5e:6a:d8:83:87:a1:97:ef:49:35:3e:77:06:41 (1)_ 58:62:bf:8e:58:b8:0a:67:3f:ec:b3:dd:21:66:1f:c9 (1)_ 54:fa:72:cc:3d:4c:40:d8:81:af:77:9e:83:7a:bb:a2 (1)_ c7:f5:34:17:8e:d9:11:40:f4:fc:2c:2a:4d:15:7f:a7 (1)_ 62:5d:2e:25:d3:00:0b:20:1a:1d:68:f9:17:b8:f4:bd (1)_ 8b:ed:28:59:dd:4d:16:8b:17:83:c8:b2:65:c7:2d:7a (1)_ a5:aa:bc:53:86:6d:dd:57:a4:ca:f8:20:41:0b:68:f0 (1)_ f4:fb:74:be:56:5d:7a:79:f5:f9:1d:85:e3:2d:95:be (1)_ f5:71:90:43:cc:8d:1f:9a:00:0a:87:29:e9:55:22:58 (1)_ 00:23:ea:e3:12:43:29:5b:47:08:dd:8c:41:6a:65:06 (1)_ a8:e5:21:aa:41:b4:95:21:95:b9:7d:d1:34:ab:13:d6 (1)_ ad:bc:dc:e2:3d:39:cd:bd:3e:75:70:a1:18:59:03:c9 (1)_ 22:b4:8f:9c:d5:5e:2a:d7:a5:b6:d4:0a:6d:f8:b7:40 (1)_ 11:46:9a:1f:79:0e:62:bf:0f:97:ec:e0:2f:1f:17:94 (2)CERTIFICATE_2 _ (2)Version 3_(0x2) (2)Serial_Number 513_(0x201)_ (2)Signature_Algorithm sha1withrsaencryption (2)ISSUER_NAME _ countryname US _organizationname "Starfield_Technologies,_Inc." _organizationalunitname Starfield_Class_2_Certification_Authority (2)SUBJECT_NAME _ countryname US _stateorprovincename Arizona _localityname Scottsdale _organizationname "Starfield_Technologies,_Inc." _organizationalunitname _commonname Starfield_Secure_Certification_Authority _serialnumber (2)Valid_From Nov_16_01:15:40_2006_GMT (2)Valid_Till Nov_16_01:15:40_2026_GMT (2)Public_Key_Algorithm rsaencryption (2)RSA_Public_Key (2048_bit) (2) Public-Key:_(2048_bit)_ (2) Modulus:_ (2) 00:e2:a7:5d:a3:ed:66:ef:6a:2f:2b:36:1f:dd:8d:_ (2) d3:05:02:a0:ca:0f:5e:19:ae:38:72:cf:16:da:54:_ (2) 4a:cb:48:0a:f4:a1:73:11:65:85:43:c9:5b:17:0c:_ (2) 9a:2b:be:0f:98:51:7a:60:29:0d:6c:de:e2:e8:e5:_ (2) 15:4d:56:ff:90:d1:a7:a6:04:3f:60:07:4a:ca:6f:_ (2)_ 67/71

68 _a5:10:e7:b3:f8:5c:b1:bc:2b:2a:dc:01:79:f5:1d:_ (2) 35:f5:7a:28:83:f2:93:73:82:89:ac:60:6d:cb:c2:_ (2) 48:c2:1d:d4:06:44:17:3c:ac:01:47:ab:3e:70:84:_ (2) 09:0b:b8:20:08:40:20:87:a1:63:1a:ca:3e:83:d2:_ (2) 37:b3:98:8d:32:3f:37:bf:a1:b7:5b:5f:de:5c:33:_ (2) 92:cf:3e:07:ce:b9:48:4b:e2:f0:55:50:2f:f8:70:_ (2) 42:89:d1:93:96:8a:63:d9:66:0d:e6:58:6e:b9:6d:_ (2) 90:bd:ca:dc:84:66:f2:39:8e:5b:a6:58:55:73:cb:_ (2) 62:6c:1b:d7:20:16:3b:2c:59:f5:cb:c8:56:32:4a:_ (2) 50:27:ba:55:d3:a8:01:cb:72:a9:74:8b:0c:ad:3a:_ (2) e5:15:b6:2a:df:65:f8:de:8a:f5:ef:84:3b:f9:e7:_ (2) 54:65:0b:80:bd:47:45:a5:f0:44:d8:53:3b:be:80:_ (2) f1:2f_ (2) Exponent:_65537_(0x10001)_ (2)X509v3_EXTENSIONS _ (2)X509v3_Subject_Key_Identifier _49:4B:52:27:D1:1B:BC:F2:A1:21:6A:62:7B:51:42:7A:8A:D7:D5:56 (2)X509v3_Authority_Key_Identifier _keyid:bf:5f:b7:d1:ce:dd:1f:86:f4:5b:55:ac:dc:d7:10:c2:0e:a9:88:e7_ (2)X509v3_Basic_Constraints critical (2) CA:TRUE,_pathlen:0 (2)Authority_Information_Access _OCSP_-_URI: (2)X509v3_CRL_Distribution_Points _ (2) Full_Name:_ (2) URI: (2)X509v3_Certificate_Policies _Policy:_X509v3_Any_Policy_ (2) CPS:_http://certificates.starfieldtech.com/repository_ (2)X509v3_Key_Usage critical (2) Certificate_Sign,_CRL_Sign (2)Signature (256_octets)_ (2)_ 86:52:ba:b3:1f:a6:5e:6b:90:a6:64:2a:fc:45:b2:ae (2)_ 9f:3e:b3:62:af:db:1f:67:c4:bd:ca:a1:2f:c7:9c:0d (2)_ 21:57:d0:f8:36:21:ce:3a:25:3e:78:76:b3:d9:dd:bc (2)_ de:fb:6c:84:5f:0c:a3:0d:12:eb:11:3b:71:5f:80:1e (2)_ f1:1f:6d:0e:5f:c1:ec:d4:a5:f7:65:bb:1f:4c:95:01 (2)_ 13:b2:6a:9c:0b:eb:1f:9d:b1:e7:ed:19:0d:bc:85:7c (2)_ f3:17:bd:59:63:ae:a7:1a:05:cd:47:e3:2d:96:62:51 (2)_ 32:0a:08:68:4b:22:77:5f:f7:45:dc:61:de:f4:cb:2b (2)_ 22:29:44:25:d2:9f:0b:77:7a:a1:26:7c:4a:d7:0f:c2 (2)_ d1:3c:ba:0e:a7:95:9a:5b:05:0a:10:f9:55:5f:c1:97 (2)_ 8b:74:cc:5e:28:69:13:7e:d0:0a:8d:9d:0f:60:54:7a (2)_ c4:8c:1b:35:0f:74:7a:70:b2:82:cf:1d:b5:e2:8a:db (2)_ 2a:c6:b2:51:69:bf:12:17:92:60:17:aa:3d:5b:09:f8 (2)_ 87:65:1d:a7:a4:28:e5:22:02:03:82:44:9a:34:63:9e (2)_ fb:28:cf:e8:cd:2e:0e:52:20:ed:4a:cb:38:7c:9d:ae (2)_ 6e:79:d7:95:2c:a8:91:f3:86:01:21:91:4b:b5:40:a4 Internet Service Provider QID: Category: Information gathering Port: 0 The information shown in the Result section was returned by the network infrastructure responsible for routing traffic from our cloud platform to the target network (where the scanner appliance is located). This information was returned from: 1) the WHOIS service, or 2) the infrastructure provided by the closest gateway server to our cloud platform. If your ISP is routing traffic, your ISP's gateway server returned this information. This information can be used by malicious users to gather more information about the network infrastructure that may aid in launching further attacks against it. The ISP network handle is: NET ISP Network description: Qwest Communications Company, LLC PHNX01-WAN /71

69 TLS Secure Renegotiation Extension Supported QID: Category: General remote services Port: 110 Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. TLS protocol was extended to cryptographically tierenegotiations to the TLS connections they are being performed over, This is referred to as TLS secure renegotiation extension. This detection determines whether the TLS secure renegotiation extension is supported by the server or not. TLS Secure Renegotiation Extension Status: supported. SSL Server Information Retrieval QID: Category: General remote services Port: 110 The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-low grade cipher. In this case even though LOW grade cipher will be listed here QID will not be reported. SSLv2_PROTOCOL_IS_DISABLED _ SSLv3_PROTOCOL_IS_ENABLED _ SSLv3 COMPRESSION_METHOD None _ RC4-MD5 RSA RSA MD5 RC4(128)_ MEDIUM_ RC4-SHA RSA RSA SHA1 RC4(128)_ MEDIUM_ IDEA-CBC-SHA RSA RSA SHA1 IDEA(128)_ MEDIUM_ DES-CBC3-SHA RSA RSA SHA1 3DES(168)_ HIGH_ EDH-RSA-DES- CBC3-SHA DH RSA SHA1 3DES(168)_ HIGH_ AES128-SHA RSA RSA SHA1 AES(128)_ MEDIUM_ DHE-RSA-AES128-SHA DH RSA SHA1 AES(128)_ MEDIUM_ AES256-SHA RSA RSA SHA1 AES(256)_ HIGH_ DHE-RSA-AES256-SHA DH RSA SHA1 AES(256)_ HIGH_ CAMELLIA128-SHA RSA RSA SHA1 Camellia(128)_ MEDIUM_ DHE-RSA-CAMELLIA128- SHA DH RSA SHA1 Camellia(128)_ MEDIUM_ CAMELLIA256-SHA RSA RSA SHA1 Camellia(256)_ HIGH_ DHE-RSA-CAMELLIA256-SHA DH RSA SHA1 Camellia(256)_ HIGH_ SEED-SHA RSA RSA SHA1 SEED(128)_ MEDIUM_ DHE-RSA-SEED-SHA DH RSA SHA1 SEED(128)_ MEDIUM_ TLSv1_PROTOCOL_IS_ENABLED _ TLSv1 COMPRESSION_METHOD None _ RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_ RC4- SHA RSA RSA SHA1 RC4(128) _MEDIUM_ IDEA-CBC-SHA RSA RSA SHA1 IDEA(128) _MEDIUM_ DES-CBC3-SHA RSA RSA SHA1 3DES(168) _HIGH_ EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168) _HIGH_ AES128-SHA RSA RSA SHA1 AES(128) _MEDIUM_ DHE-RSA-AES128-SHA DH RSA SHA1 AES(128) _MEDIUM_ AES256-SHA RSA RSA SHA1 AES(256) _HIGH_ DHE-RSA-AES256-SHA DH RSA SHA1 AES(256) _HIGH_ CAMELLIA128-SHA RSA RSA SHA1 Camellia(128) _MEDIUM_ DHE-RSA-CAMELLIA128- SHA DH RSA SHA1 Camellia(128) _MEDIUM_ CAMELLIA256-SHA RSA RSA SHA1 69/71

70 Camellia(256) _HIGH_ DHE-RSA-CAMELLIA256-SHA DH RSA SHA1 Camellia(256) _HIGH_ SEED-SHA RSA RSA SHA1 SEED(128) _MEDIUM_ DHE-RSA-SEED-SHA DH RSA SHA1 SEED(128) _MEDIUM_ SSL Server Information Retrieval QID: Category: General remote services Port: 25 The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-low grade cipher. In this case even though LOW grade cipher will be listed here QID will not be reported. SSLv2_PROTOCOL_IS_DISABLED _ SSLv3_PROTOCOL_IS_ENABLED _ SSLv3 COMPRESSION_METHOD None _ RC4-MD5 RSA RSA MD5 RC4(128)_ MEDIUM_ RC4-SHA RSA RSA SHA1 RC4(128)_ MEDIUM_ IDEA-CBC-SHA RSA RSA SHA1 IDEA(128)_ MEDIUM_ DES-CBC3-SHA RSA RSA SHA1 3DES(168)_ HIGH_ EDH-RSA-DES- CBC3-SHA DH RSA SHA1 3DES(168)_ HIGH_ AES128-SHA RSA RSA SHA1 AES(128)_ MEDIUM_ DHE-RSA-AES128-SHA DH RSA SHA1 AES(128)_ MEDIUM_ AES256-SHA RSA RSA SHA1 AES(256)_ HIGH_ DHE-RSA-AES256-SHA DH RSA SHA1 AES(256)_ HIGH_ CAMELLIA128-SHA RSA RSA SHA1 Camellia(128)_ MEDIUM_ DHE-RSA-CAMELLIA128- SHA DH RSA SHA1 Camellia(128)_ MEDIUM_ CAMELLIA256-SHA RSA RSA SHA1 Camellia(256)_ HIGH_ DHE-RSA-CAMELLIA256-SHA DH RSA SHA1 Camellia(256)_ HIGH_ SEED-SHA RSA RSA SHA1 SEED(128)_ MEDIUM_ DHE-RSA-SEED-SHA DH RSA SHA1 SEED(128)_ MEDIUM_ TLSv1_PROTOCOL_IS_ENABLED _ TLSv1 COMPRESSION_METHOD None _ RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_ RC4- SHA RSA RSA SHA1 RC4(128) _MEDIUM_ IDEA-CBC-SHA RSA RSA SHA1 IDEA(128) _MEDIUM_ DES-CBC3-SHA RSA RSA SHA1 3DES(168) _HIGH_ EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168) _HIGH_ AES128-SHA RSA RSA SHA1 AES(128) _MEDIUM_ DHE-RSA-AES128-SHA DH RSA SHA1 AES(128) _MEDIUM_ AES256-SHA RSA RSA SHA1 AES(256) _HIGH_ DHE-RSA-AES256-SHA DH RSA SHA1 AES(256) _HIGH_ CAMELLIA128-SHA RSA RSA SHA1 Camellia(128) _MEDIUM_ DHE-RSA-CAMELLIA128- SHA DH RSA SHA1 Camellia(128) _MEDIUM_ CAMELLIA256-SHA RSA RSA SHA1 Camellia(256) _HIGH_ DHE-RSA-CAMELLIA256-SHA DH RSA SHA1 Camellia(256) _HIGH_ SEED-SHA RSA RSA SHA1 SEED(128) _MEDIUM_ DHE-RSA-SEED-SHA DH RSA SHA1 SEED(128) _MEDIUM_ SSL/TLS invalid protocol version tolerance QID: Category: General remote services Port: 443 SSL/TLS protocols have different version that can be supported by both the client and the server. This test attempts to send invalid protocol versions to the target in order to find out what is the targets behavior. The results section contains a table that indicates what was the target's response to each of our tests. 70/71

71 #table cols=2 my_version target_version rejected 0499 rejected SSL Server Information Retrieval QID: Category: General remote services Port: 995 The following is a list of supported SSL ciphers. Note: If a cipher is included in this list it means that it was possible to establish a SSL connection using that cipher. There are some web servers setups that allow connections to be established using a LOW grade cipher, only to provide a web page stating that the URL is accessible only through a non-low grade cipher. In this case even though LOW grade cipher will be listed here QID will not be reported. SSLv2_PROTOCOL_IS_DISABLED _ SSLv3_PROTOCOL_IS_ENABLED _ SSLv3 COMPRESSION_METHOD None _ RC4-MD5 RSA RSA MD5 RC4(128)_ MEDIUM_ RC4-SHA RSA RSA SHA1 RC4(128)_ MEDIUM_ IDEA-CBC-SHA RSA RSA SHA1 IDEA(128)_ MEDIUM_ DES-CBC3-SHA RSA RSA SHA1 3DES(168)_ HIGH_ EDH-RSA-DES- CBC3-SHA DH RSA SHA1 3DES(168)_ HIGH_ AES128-SHA RSA RSA SHA1 AES(128)_ MEDIUM_ DHE-RSA-AES128-SHA DH RSA SHA1 AES(128)_ MEDIUM_ AES256-SHA RSA RSA SHA1 AES(256)_ HIGH_ DHE-RSA-AES256-SHA DH RSA SHA1 AES(256)_ HIGH_ CAMELLIA128-SHA RSA RSA SHA1 Camellia(128)_ MEDIUM_ DHE-RSA-CAMELLIA128- SHA DH RSA SHA1 Camellia(128)_ MEDIUM_ CAMELLIA256-SHA RSA RSA SHA1 Camellia(256)_ HIGH_ DHE-RSA-CAMELLIA256-SHA DH RSA SHA1 Camellia(256)_ HIGH_ SEED-SHA RSA RSA SHA1 SEED(128)_ MEDIUM_ DHE-RSA-SEED-SHA DH RSA SHA1 SEED(128)_ MEDIUM_ TLSv1_PROTOCOL_IS_ENABLED _ TLSv1 COMPRESSION_METHOD None _ RC4-MD5 RSA RSA MD5 RC4(128) _MEDIUM_ RC4- SHA RSA RSA SHA1 RC4(128) _MEDIUM_ IDEA-CBC-SHA RSA RSA SHA1 IDEA(128) _MEDIUM_ DES-CBC3-SHA RSA RSA SHA1 3DES(168) _HIGH_ EDH-RSA-DES-CBC3-SHA DH RSA SHA1 3DES(168) _HIGH_ AES128-SHA RSA RSA SHA1 AES(128) _MEDIUM_ DHE-RSA-AES128-SHA DH RSA SHA1 AES(128) _MEDIUM_ AES256-SHA RSA RSA SHA1 AES(256) _HIGH_ DHE-RSA-AES256-SHA DH RSA SHA1 AES(256) _HIGH_ CAMELLIA128-SHA RSA RSA SHA1 Camellia(128) _MEDIUM_ DHE-RSA-CAMELLIA128- SHA DH RSA SHA1 Camellia(128) _MEDIUM_ CAMELLIA256-SHA RSA RSA SHA1 Camellia(256) _HIGH_ DHE-RSA-CAMELLIA256-SHA DH RSA SHA1 Camellia(256) _HIGH_ SEED-SHA RSA RSA SHA1 SEED(128) _MEDIUM_ DHE-RSA-SEED-SHA DH RSA SHA1 SEED(128) _MEDIUM_ 71/71