Deep SSL/TLS Vulnerability Test
This report provides a deep analysis of the SSL/TLS configuration of images-ext-1.discordapp.net. It checks for protocol support, cipher strength, and known vulnerabilities.
Scan Results
Testing all IP addresses (port 443): 162.159.134.232 162.159.128.232 162.159.130.232 162.159.129.232 162.159.133.232 ----------------------------------------------------- Start 2026-02-20 10:03:15 -->> 162.159.134.232:443 (images-ext-1.discordapp.net) <<-- Further IP addresses: 162.159.133.232 162.159.128.232 162.159.130.232 162.159.129.232 rDNS (162.159.134.232): -- Service detected: HTTP Testing for server implementation bugs No bugs found. Testing HTTP header response @ "/" HTTP Status Code 401 Unauthorized HTTP clock skew 0 sec from localtime IPv4 address in header set-cookie: __cf_bm=2Pm5DMtuZiwGpg.lh1U9NlzYx8Zuhi7r6xbWWQhV5l8-1771581818.5056021-1.0.1.1-O.EM7OhR7uMHqYQ2_1.A3VVR9OFMjE2Pm8vVcCqr...IjYfLyBTAGu1v4TspR6IBsqz.5hH_k0RJx9kYpgK6wIb55J1BBj7hXO4nQMrrbr_133ST7moYV9DYw60NGdOk; HttpOnly; Secure; Path=/; Domain=discordapp.net; Expires=Fri, 20 Feb 2026 10:33:38 GMT (check if it's your IP address or e.g. a cluster IP) set-cookie: _cfuvid=V8KKaJb5BW0n_vpgHteCtNFPvVxo7wjaPLeCDo6c6HA-1771581818.5056021-1.0.1.1-g3vXc5rk1xoLCNo.n42P2wCQyDSov2qta3U76XVccFw; HttpOnly; SameSite=None; Secure; Path=/; Domain=images-ext-1.discordapp.net Strict Transport Security not offered Public Key Pinning -- Server banner cloudflare Application banner -- Cookie(s) 2 issued: 2/2 secure, 2/2 HttpOnly -- HTTP status 401 signals you maybe missed the web application Security headers Access-Control-Allow-Origin: * Cache-Control: public Reverse Proxy banner via: 1.1 google Testing vulnerabilities Secure Renegotiation (RFC 5746) supported (OK) Secure Client-Initiated Renegotiation not vulnerable (OK) CRIME, TLS (CVE-2012-4929) not vulnerable (OK) BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied "/" tested POODLE, SSL (CVE-2014-3566) not vulnerable (OK) TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) FREAK (CVE-2015-0204) not vulnerable (OK) DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=1C48BFEE29971A6F1A2E136EAAF2F10C86973BA568090CB4DC24B126E9E127C1 LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1 LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses obsolete cipher block chaining ciphers with TLS, see server prefs. Winshock (CVE-2014-6321), experimental not vulnerable (OK) RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) Done 2026-02-20 10:03:52 [ 45s] -->> 162.159.134.232:443 (images-ext-1.discordapp.net) <<-- ----------------------------------------------------- Start 2026-02-20 10:03:53 -->> 162.159.128.232:443 (images-ext-1.discordapp.net) <<-- Further IP addresses: 162.159.133.232 162.159.134.232 162.159.130.232 162.159.129.232 rDNS (162.159.128.232): -- Service detected: HTTP Testing for server implementation bugs No bugs found. Testing HTTP header response @ "/" HTTP Status Code 401 Unauthorized HTTP clock skew 0 sec from localtime IPv4 address in header set-cookie: __cf_bm=v47HH_G33B8zPgx.ewOj9RXf8LM7MMBiic3WUYQAv6k-1771581859.1176279-1.0.1.1-.kLXpH0Gg9WAnvC_EwcsDhpjyebdDsuFWjqDWC.E1Hn2h9MZ2G5S8zkN.eVf1IjrurZx8M1p6COzv_gw_sDjvmcWeSH.JVPCdTndqhZKMqGpgd7j_FpKh1hVPGHllb.8; HttpOnly; Secure; Path=/; Domain=discordapp.net; Expires=Fri, 20 Feb 2026 10:34:19 GMT (check if it's your IP address or e.g. a cluster IP) set-cookie: _cfuvid=2Cf8HUTfSRgJAZYtKwB8_Oq.M7M_QsAy4rD6ALRWV.0-1771581859.1176279-1.0.1.1-DtYA_gJYWQjvFLuvsD7a.V4QIiNORVY4J4070bbHP9M; HttpOnly; SameSite=None; Secure; Path=/; Domain=images-ext-1.discordapp.net Strict Transport Security not offered Public Key Pinning -- Server banner cloudflare Application banner -- Cookie(s) 2 issued: 2/2 secure, 2/2 HttpOnly -- HTTP status 401 signals you maybe missed the web application Security headers Access-Control-Allow-Origin: * Cache-Control: public Reverse Proxy banner via: 1.1 google Testing vulnerabilities Secure Renegotiation (RFC 5746) supported (OK) Secure Client-Initiated Renegotiation not vulnerable (OK) CRIME, TLS (CVE-2012-4929) not vulnerable (OK) BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied "/" tested POODLE, SSL (CVE-2014-3566) not vulnerable (OK) TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) FREAK (CVE-2015-0204) not vulnerable (OK) DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=1C48BFEE29971A6F1A2E136EAAF2F10C86973BA568090CB4DC24B126E9E127C1 LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1 LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses obsolete cipher block chaining ciphers with TLS, see server prefs. Winshock (CVE-2014-6321), experimental not vulnerable (OK) RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) Done 2026-02-20 10:04:34 [ 87s] -->> 162.159.128.232:443 (images-ext-1.discordapp.net) <<-- ----------------------------------------------------- Start 2026-02-20 10:04:34 -->> 162.159.130.232:443 (images-ext-1.discordapp.net) <<-- Further IP addresses: 162.159.133.232 162.159.134.232 162.159.128.232 162.159.129.232 rDNS (162.159.130.232): -- Service detected: HTTP Testing for server implementation bugs No bugs found. Testing HTTP header response @ "/" HTTP Status Code 401 Unauthorized HTTP clock skew 0 sec from localtime IPv4 address in header set-cookie: __cf_bm=ZflkMxgq1nYoSo9.FhbVTrg6xubdJ4qqAtqZAbOxt6M-1771581901.6764214-1.0.1.1-w06ll2XC9AfA8WXZ6BXzeHCkzqc4MdGcD1zVx2zjIkW7szoVIObkVelUIz8.SpO758PbKPrfC1t3PvqhnCiOb2RVHubgVA5bWlVvBxeQHSLOlynL1SLTcc6.pZIbFFdQ; HttpOnly; Secure; Path=/; Domain=discordapp.net; Expires=Fri, 20 Feb 2026 10:35:01 GMT (check if it's your IP address or e.g. a cluster IP) set-cookie: _cfuvid=OPn_SGdHRuAzf.xRU7pDMaP6gzZcZsqEOLn8yTO6TRc-1771581901.6764214-1.0.1.1-ZY6Rdz42zCG9E_a_wFmlQMzGdodJU1F0rcEZ2cOcbhU; HttpOnly; SameSite=None; Secure; Path=/; Domain=images-ext-1.discordapp.net Strict Transport Security not offered Public Key Pinning -- Server banner cloudflare Application banner -- Cookie(s) 2 issued: 2/2 secure, 2/2 HttpOnly -- HTTP status 401 signals you maybe missed the web application Security headers Access-Control-Allow-Origin: * Cache-Control: public Reverse Proxy banner via: 1.1 google Testing vulnerabilities Secure Renegotiation (RFC 5746) supported (OK) Secure Client-Initiated Renegotiation not vulnerable (OK) CRIME, TLS (CVE-2012-4929) not vulnerable (OK) BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied "/" tested POODLE, SSL (CVE-2014-3566) not vulnerable (OK) TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) FREAK (CVE-2015-0204) not vulnerable (OK) DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=1C48BFEE29971A6F1A2E136EAAF2F10C86973BA568090CB4DC24B126E9E127C1 LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1 LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses obsolete cipher block chaining ciphers with TLS, see server prefs. Winshock (CVE-2014-6321), experimental not vulnerable (OK) RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) Done 2026-02-20 10:05:18 [ 131s] -->> 162.159.130.232:443 (images-ext-1.discordapp.net) <<-- ----------------------------------------------------- Start 2026-02-20 10:05:18 -->> 162.159.129.232:443 (images-ext-1.discordapp.net) <<-- Further IP addresses: 162.159.133.232 162.159.134.232 162.159.128.232 162.159.130.232 rDNS (162.159.129.232): -- Service detected: HTTP Testing for server implementation bugs No bugs found. Testing HTTP header response @ "/" HTTP Status Code 401 Unauthorized HTTP clock skew 0 sec from localtime IPv4 address in header set-cookie: __cf_bm=OR9igLHWpv5RJnYdIcgVRw5PU665OWxcZaETdxTyG2k-1771581946.5020394-1.0.1.1-2xej0lhe.KXRpXq3vRujtNRAsfHNhvndNn1t_mY6KZxnjOwnCkgVu7f.0u_LS9RCy6F_kMn8.253q9KGzBdMZ7vtDan7vkO01tnDL2Xi7EGdQvCD3rbqmNUfDNmEACRt; HttpOnly; Secure; Path=/; Domain=discordapp.net; Expires=Fri, 20 Feb 2026 10:35:46 GMT (check if it's your IP address or e.g. a cluster IP) set-cookie: _cfuvid=qPy.NbzyLgR1EdcbqvmozQg62mvM8NBunrRwlSrJEWs-1771581946.5020394-1.0.1.1-SYRwk9q5Cae.oBq3jdCAlpEca0DzVOb6XbDlJexn5eU; HttpOnly; SameSite=None; Secure; Path=/; Domain=images-ext-1.discordapp.net Strict Transport Security not offered Public Key Pinning -- Server banner cloudflare Application banner -- Cookie(s) 2 issued: 2/2 secure, 2/2 HttpOnly -- HTTP status 401 signals you maybe missed the web application Security headers Access-Control-Allow-Origin: * Cache-Control: public Reverse Proxy banner via: 1.1 google Testing vulnerabilities Secure Renegotiation (RFC 5746) supported (OK) Secure Client-Initiated Renegotiation not vulnerable (OK) CRIME, TLS (CVE-2012-4929) not vulnerable (OK) BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied "/" tested POODLE, SSL (CVE-2014-3566) not vulnerable (OK) TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) FREAK (CVE-2015-0204) not vulnerable (OK) DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=1C48BFEE29971A6F1A2E136EAAF2F10C86973BA568090CB4DC24B126E9E127C1 LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1 LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses obsolete cipher block chaining ciphers with TLS, see server prefs. Winshock (CVE-2014-6321), experimental not vulnerable (OK) RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) Done 2026-02-20 10:06:02 [ 175s] -->> 162.159.129.232:443 (images-ext-1.discordapp.net) <<-- ----------------------------------------------------- Start 2026-02-20 10:06:03 -->> 162.159.133.232:443 (images-ext-1.discordapp.net) <<-- Further IP addresses: 162.159.134.232 162.159.128.232 162.159.130.232 162.159.129.232 rDNS (162.159.133.232): -- Service detected: HTTP Testing for server implementation bugs No bugs found. Testing HTTP header response @ "/" HTTP Status Code 401 Unauthorized HTTP clock skew 0 sec from localtime IPv4 address in header set-cookie: __cf_bm=rJB6ySeOafnAl6a.dfb5eCZG0ikXawMGi2Dz4RvjLks-1771581998.8170094-1.0.1.1-BwU2I7G6T0QqhErMpce16t9SD54gpSbCWUUXCdmXyCCbHWjs4q_27S1TKyIj9b5ReJyXZFeIbO_Z6ytB1tdwHG4redVo7XB3rvTndTpzBwFX2l7f9wDgYoZPdwKHIztK; HttpOnly; Secure; Path=/; Domain=discordapp.net; Expires=Fri, 20 Feb 2026 10:36:38 GMT (check if it's your IP address or e.g. a cluster IP) set-cookie: _cfuvid=3xvGNSDZhR78gVZ8l_ISbVObkCLSkBKmtrr_.BKsLUc-1771581998.8170094-1.0.1.1-rshQZ4T0Y0RCdMM9ey8aNT4SJWc6UOUnY86au4mpsL0; HttpOnly; SameSite=None; Secure; Path=/; Domain=images-ext-1.discordapp.net Strict Transport Security not offered Public Key Pinning -- Server banner cloudflare Application banner -- Cookie(s) 2 issued: 2/2 secure, 2/2 HttpOnly -- HTTP status 401 signals you maybe missed the web application Security headers Access-Control-Allow-Origin: * Cache-Control: public Reverse Proxy banner via: 1.1 google Testing vulnerabilities Secure Renegotiation (RFC 5746) supported (OK) Secure Client-Initiated Renegotiation not vulnerable (OK) CRIME, TLS (CVE-2012-4929) not vulnerable (OK) BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied "/" tested POODLE, SSL (CVE-2014-3566) not vulnerable (OK) TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) FREAK (CVE-2015-0204) not vulnerable (OK) DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=1C48BFEE29971A6F1A2E136EAAF2F10C86973BA568090CB4DC24B126E9E127C1 LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1 LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses obsolete cipher block chaining ciphers with TLS, see server prefs. Winshock (CVE-2014-6321), experimental not vulnerable (OK) RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) Done 2026-02-20 10:06:55 [ 228s] -->> 162.159.133.232:443 (images-ext-1.discordapp.net) <<-- ----------------------------------------------------- Done testing now all IP addresses (on port 443): 162.159.134.232 162.159.128.232 162.159.130.232 162.159.129.232 162.159.133.232
About this Scan
This scan uses testssl.sh to check for:
- Protocols: SSLv2, SSLv3, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3
- Vulnerabilities: Heartbleed, POODLE, FREAK, Logjam, DROWN, etc.
- Cipher Suites: Weak ciphers, perfect forward secrecy (PFS) support.