Deep SSL Test Report: lms.manappuram.com

Deep SSL/TLS Vulnerability Test

This report provides a deep analysis of the SSL/TLS configuration of lms.manappuram.com. It checks for protocol support, cipher strength, and known vulnerabilities.

Scan Results

Testing all IP addresses (port 443): 13.205.174.235 3.7.21.11
-----------------------------------------------------
 Start 2026-02-13 12:32:16        -->> 13.205.174.235:443 (lms.manappuram.com) <<--

 Further IP addresses:   3.7.21.11 
 rDNS (13.205.174.235):  ec2-13-205-174-235.ap-south-1.compute.amazonaws.com.
 Service detected:       HTTP

 Testing for server implementation bugs 

 No bugs found.

 Testing HTTP header response @ "/" 

 HTTP Status Code             200 OK
 HTTP clock skew              -1 sec from localtime
 Strict Transport Security    365 days=31536000 s, includeSubDomains, preload
 Public Key Pinning           --
 Server banner                (no "Server" line in header, interesting!)
 Application banner           --
 Cookie(s)                    4 issued: 2/4 secure, NONE HttpOnly
 Security headers             X-Content-Type-Options: nosniff
                              Access-Control-Allow-Origin:
                                https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js,https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js,https://code.jquery.com/jquery-3.5.1.min.js,https://connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v9.0,https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css,https://kit.fontawesome.com/a076d05399.js,https://www.jqueryscript.net/demo/feature-rich-pop-modal/popModal.min.js,https://placehold.it/32,https://cdnjs.cloudflare.com/ajax/libs/webcamjs/1.0.24/webcam.js,https://uatlms.manappuram.com/Madu/Madu_proc_track.aspx/PostData,https://webrtc.github.io/adapter/adapter-latest.js,http://www.w3.org/2000/svg,https://fonts.googleapis.com/css2?family=Oswald:wght@200;300;400;500;600;700&amp;display=swap,https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js,https://cdnjs.cloudflare.com/ajax/libs/jspdf/1.5.3/jspdf.min.js,https://unpkg.com/aos@2.3.1/dist/aos.js,https://html2canvas.hertzen.com/dist/html2canvas.js,https://malihu.github.io/custom-scrollbar/jquery.mCustomScrollbar.concat.min.js,https://www.jqueryscript.net/demo/feature-rich-pop-modal/popModal.min.js,https://pdfobject.com/js/pdfobject.min.js,https://us.floatbot.ai/portal/chatbot/?botId=5ffe8a1ce0e6893a3724d94d,https://unpkg.com/aos@2.3.1/dist/aos.css,https://code.jquery.com/jquery-1.12.4.js,https://code.jquery.com/ui/1.12.1/jquery-ui.js,https://madutheme.s3.amazonaws.com/approved+logo+for+MAgeet.png,https://cdn.jsdelivr.net/npm/chart.js@3.3.2/dist/chart.min.js,https://lms.manappuram.com/madu,https://cdnjs.cloudflare.com/ajax/libs/baguettebox.js/1.8.1/baguetteBox.min.js,https://content.dionglobal.in/Manappuram/ticker.aspx,https://rawgit.com/LeshikJanz/libraries/master/Bootstrap/baguetteBox.min.css,https://fonts.googleapis.com/icon?family=Material+Icons+Outlined,https://fonts.googleapis.com/css?family=Arbutus+Slab,https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i,https://github.com/geek1011/ePubViewer,https://2ca31038f72145f787447a29b085007b@sentry.io/1239248,https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.16.8/xlsx.full.min.js,https://cdnjs.cloudflare.com/ajax/libs/FileSaver.js/2.0.5/FileSaver.min.js,https://cdn.datatables.net/1.10.23/js/jquery.dataTables.min.js,https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css,https://developers.facebook.com/docs/sharing/webmasters,https://www.your-domain.com/your-page.html,https://maducerti.s3.amazonaws.com,https://www.your-domain.com/path/image.jpg,https://connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v9.0,https://www.facebook.com/ManappuramFinanceLimitedMAFIL,https://www.youtube.com/channel/UC61FNQkz-EYTASuQwLBcfFQ,https://www.instagram.com/manappuramofficial/?igshid=17zab8da0n5qk,https://twitter.com/ManappuramMAFIL,https://www.linkedin.com/company/manappuram-finance-limited,https://www.talentlms.com/features/blended-learning-lms,https://www.talentlms.com/features/gamification-lms,https://cdn.jsdelivr.net/npm/jquery@3.4.1/dist/jquery.min.js,https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/css/bootstrap.min.css,https://cdn.jsdelivr.net/npm/jquery@3.6.3/dist/jquery.slim.min.js,https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js,https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/bootstrap.bundle.min.js,https://maps.googleapis.com/maps/api/geocode/json,https://api.forecast.io/forecast/b59cb056ae86ddcff4531258c647bf0d,https://files.codepedia.info/files/uploads/iScripts/html2canvas.js,http://msdn.microsoft.com/en-us/library/windows/desktop/dd183374(v=vs.85).aspx,http://msdn.microsoft.com/en-us/library/dd183376.aspx,https://fonts.gstatic.com,https://cdnjs.cloudflare.com/ajax/libs/html2canvas/0.4.1/html2canvas.js,https://fonts.googleapis.com/css2?family=Oswald:wght@200;300;400;500;600;700&display=swap,https://api.postalpincode.in/pincode,https://content.dionglobal.in/Manappuram/ticker.aspx, 
                                ttp://code.google.com/p/rangy/,https://github.com/geek1011/ePubViewer,https://2ca31038f72145f787447a29b085007b@sentry.io/1239248,https://maducerti.s3.amazonaws.com/Certificate_Temp_1TR_11614951.png?WSAccessKeyId=AKIA4MECCLBXNHIIAJWN&Expires=1642237051&Signature=Gi%2FH2r6qO4myFY%2FNqzv1c1TGFbQ%3D,https://webrtc.github.io/adapter/adapter-latest.js,https://madutheme.s3.amazonaws.com/VID-20200924-WA0010.mp4,https://files.codepedia.info/files/uploads/iScripts/html2canvas.js,https://lms.manappuram.com/EPUB_Reader/File_Reader_View.aspx,"https://www.gutenberg.org,http://www.childrenslibrary.org,https://archive.org,https://openlibrary.org,"http://ulib.isri.cmu.edu,https://content.dionglobal.in/Manappuram/ticker.aspx,https://madutheme.s3.amazonaws.com/What+Is+E-Learning.mp4,"https://madutheme.s3.amazonaws.com/COVID-19s+impact+on+education+in+India+%26+are+online+classes+working.mp4,https://s3-us-west-2.amazonaws.com/s.cdpn.io/172905/test.pdf',https://geekanddummy.com/wp-content/uploads/2014/01/Autohypnosis.mp3,https://commondatastorage.googleapis.com/gtv-videos-bucket/CastVideos/mp4/BigBuckBunny.mp4,https://stas-melnikov.ru/cliparts/stas.jpg,https://lmslos-source-3dvshst8vfpl.s3.amazonaws.com/MD+LMS+FINAL.mp4,www.nios.ac.in/departmentsunits/academic/senior-secondary-course-equivalent-to-class-xii.aspx,https://sde.b-u.ac.in/crsoff.aspx,https://sde.b-u.ac.in/crsoff.aspx
                              Cache-Control: max-age=604800
 Reverse Proxy banner         --


 Testing vulnerabilities 

 Secure Renegotiation (RFC 5746)           supported (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    potentially NOT ok, "gzip" HTTP compression detected. - only supplied "/" tested
                                           Can be ignored for static pages or if no secrets in the page
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507)              No fallback possible (OK), no protocol below TLS 1.2 offered
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services, see
                                           https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=D280C7C4372EE11D82DD6E0C7925063D99ADFCACD9C134E8253C26618819613E
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
 BEAST (CVE-2011-3389)                     not vulnerable (OK), no SSL3 or TLS1
 LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses obsolete cipher block chaining ciphers with TLS, see server prefs.
 Winshock (CVE-2014-6321), experimental    not vulnerable (OK)
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)


 Done 2026-02-13 12:34:04 [ 119s] -->> 13.205.174.235:443 (lms.manappuram.com) <<--

-----------------------------------------------------
 Start 2026-02-13 12:34:04        -->> 3.7.21.11:443 (lms.manappuram.com) <<--

 Further IP addresses:   13.205.174.235 
 rDNS (3.7.21.11):       ec2-3-7-21-11.ap-south-1.compute.amazonaws.com.
 Service detected:       HTTP

 Testing for server implementation bugs 

 No bugs found.

 Testing HTTP header response @ "/" 

 HTTP Status Code             200 OK
 HTTP clock skew              -1 sec from localtime
 Strict Transport Security    365 days=31536000 s, includeSubDomains, preload
 Public Key Pinning           --
 Server banner                (no "Server" line in header, interesting!)
 Application banner           --
 Cookie(s)                    4 issued: 2/4 secure, NONE HttpOnly
 Security headers             X-Content-Type-Options: nosniff
                              Access-Control-Allow-Origin:
                                https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js,https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js,https://code.jquery.com/jquery-3.5.1.min.js,https://connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v9.0,https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css,https://kit.fontawesome.com/a076d05399.js,https://www.jqueryscript.net/demo/feature-rich-pop-modal/popModal.min.js,https://placehold.it/32,https://cdnjs.cloudflare.com/ajax/libs/webcamjs/1.0.24/webcam.js,https://uatlms.manappuram.com/Madu/Madu_proc_track.aspx/PostData,https://webrtc.github.io/adapter/adapter-latest.js,http://www.w3.org/2000/svg,https://fonts.googleapis.com/css2?family=Oswald:wght@200;300;400;500;600;700&amp;display=swap,https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js,https://cdnjs.cloudflare.com/ajax/libs/jspdf/1.5.3/jspdf.min.js,https://unpkg.com/aos@2.3.1/dist/aos.js,https://html2canvas.hertzen.com/dist/html2canvas.js,https://malihu.github.io/custom-scrollbar/jquery.mCustomScrollbar.concat.min.js,https://www.jqueryscript.net/demo/feature-rich-pop-modal/popModal.min.js,https://pdfobject.com/js/pdfobject.min.js,https://us.floatbot.ai/portal/chatbot/?botId=5ffe8a1ce0e6893a3724d94d,https://unpkg.com/aos@2.3.1/dist/aos.css,https://code.jquery.com/jquery-1.12.4.js,https://code.jquery.com/ui/1.12.1/jquery-ui.js,https://madutheme.s3.amazonaws.com/approved+logo+for+MAgeet.png,https://cdn.jsdelivr.net/npm/chart.js@3.3.2/dist/chart.min.js,https://lms.manappuram.com/madu,https://cdnjs.cloudflare.com/ajax/libs/baguettebox.js/1.8.1/baguetteBox.min.js,https://content.dionglobal.in/Manappuram/ticker.aspx,https://rawgit.com/LeshikJanz/libraries/master/Bootstrap/baguetteBox.min.css,https://fonts.googleapis.com/icon?family=Material+Icons+Outlined,https://fonts.googleapis.com/css?family=Arbutus+Slab,https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i,https://github.com/geek1011/ePubViewer,https://2ca31038f72145f787447a29b085007b@sentry.io/1239248,https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.16.8/xlsx.full.min.js,https://cdnjs.cloudflare.com/ajax/libs/FileSaver.js/2.0.5/FileSaver.min.js,https://cdn.datatables.net/1.10.23/js/jquery.dataTables.min.js,https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css,https://developers.facebook.com/docs/sharing/webmasters,https://www.your-domain.com/your-page.html,https://maducerti.s3.amazonaws.com,https://www.your-domain.com/path/image.jpg,https://connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v9.0,https://www.facebook.com/ManappuramFinanceLimitedMAFIL,https://www.youtube.com/channel/UC61FNQkz-EYTASuQwLBcfFQ,https://www.instagram.com/manappuramofficial/?igshid=17zab8da0n5qk,https://twitter.com/ManappuramMAFIL,https://www.linkedin.com/company/manappuram-finance-limited,https://www.talentlms.com/features/blended-learning-lms,https://www.talentlms.com/features/gamification-lms,https://cdn.jsdelivr.net/npm/jquery@3.4.1/dist/jquery.min.js,https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/css/bootstrap.min.css,https://cdn.jsdelivr.net/npm/jquery@3.6.3/dist/jquery.slim.min.js,https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js,https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/bootstrap.bundle.min.js,https://maps.googleapis.com/maps/api/geocode/json,https://api.forecast.io/forecast/b59cb056ae86ddcff4531258c647bf0d,https://files.codepedia.info/files/uploads/iScripts/html2canvas.js,http://msdn.microsoft.com/en-us/library/windows/desktop/dd183374(v=vs.85).aspx,http://msdn.microsoft.com/en-us/library/dd183376.aspx,https://fonts.gstatic.com,https://cdnjs.cloudflare.com/ajax/libs/html2canvas/0.4.1/html2canvas.js,https://fonts.googleapis.com/css2?family=Oswald:wght@200;300;400;500;600;700&display=swap,https://api.postalpincode.in/pincode,https://content.dionglobal.in/Manappuram/ticker.aspx, 
                                ttp://code.google.com/p/rangy/,https://github.com/geek1011/ePubViewer,https://2ca31038f72145f787447a29b085007b@sentry.io/1239248,https://maducerti.s3.amazonaws.com/Certificate_Temp_1TR_11614951.png?WSAccessKeyId=AKIA4MECCLBXNHIIAJWN&Expires=1642237051&Signature=Gi%2FH2r6qO4myFY%2FNqzv1c1TGFbQ%3D,https://webrtc.github.io/adapter/adapter-latest.js,https://madutheme.s3.amazonaws.com/VID-20200924-WA0010.mp4,https://files.codepedia.info/files/uploads/iScripts/html2canvas.js,https://lms.manappuram.com/EPUB_Reader/File_Reader_View.aspx,"https://www.gutenberg.org,http://www.childrenslibrary.org,https://archive.org,https://openlibrary.org,"http://ulib.isri.cmu.edu,https://content.dionglobal.in/Manappuram/ticker.aspx,https://madutheme.s3.amazonaws.com/What+Is+E-Learning.mp4,"https://madutheme.s3.amazonaws.com/COVID-19s+impact+on+education+in+India+%26+are+online+classes+working.mp4,https://s3-us-west-2.amazonaws.com/s.cdpn.io/172905/test.pdf',https://geekanddummy.com/wp-content/uploads/2014/01/Autohypnosis.mp3,https://commondatastorage.googleapis.com/gtv-videos-bucket/CastVideos/mp4/BigBuckBunny.mp4,https://stas-melnikov.ru/cliparts/stas.jpg,https://lmslos-source-3dvshst8vfpl.s3.amazonaws.com/MD+LMS+FINAL.mp4,www.nios.ac.in/departmentsunits/academic/senior-secondary-course-equivalent-to-class-xii.aspx,https://sde.b-u.ac.in/crsoff.aspx,https://sde.b-u.ac.in/crsoff.aspx
                              Cache-Control: max-age=604800
 Reverse Proxy banner         --


 Testing vulnerabilities 

 Secure Renegotiation (RFC 5746)           supported (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    potentially NOT ok, "gzip" HTTP compression detected. - only supplied "/" tested
                                           Can be ignored for static pages or if no secrets in the page
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507)              No fallback possible (OK), no protocol below TLS 1.2 offered
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services, see
                                           https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=D280C7C4372EE11D82DD6E0C7925063D99ADFCACD9C134E8253C26618819613E
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
 BEAST (CVE-2011-3389)                     not vulnerable (OK), no SSL3 or TLS1
 LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses obsolete cipher block chaining ciphers with TLS, see server prefs.
 Winshock (CVE-2014-6321), experimental    not vulnerable (OK)
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)


 Done 2026-02-13 12:35:57 [ 232s] -->> 3.7.21.11:443 (lms.manappuram.com) <<--

-----------------------------------------------------
Done testing now all IP addresses (on port 443): 13.205.174.235 3.7.21.11

About this Scan

This scan uses testssl.sh to check for:

  • Protocols: SSLv2, SSLv3, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3
  • Vulnerabilities: Heartbleed, POODLE, FREAK, Logjam, DROWN, etc.
  • Cipher Suites: Weak ciphers, perfect forward secrecy (PFS) support.

Run Another Scan Recent Scans