Less secure bootstrap in the CloudFlare/GoDaddy clouds!
Issues with bootstrap
Found with SRI-hash issues in Stylesheets:
https://sritest.io/#report/144f10cc-d705-4ef7-b513-46edbfa469d1CloudFlare GoDaddy abuse - The getbootstrap.com server is vulnerable to:
Heartbleed also has problems with TLS:
Common name:
-sni49733.cloudflaressl.com Comodo certificate chain ECC Domain Validated Secure Server & -sni49733.cloudflaressl certificate
SAN:
-sni49733.cloudflaressl.com, *.-amazinghunters.com, *.-avhipo.com, *.-bloggbyran.cf, *.-brakeingasout.com, *.-caketopia.eu, *.-egedenbutiklezzetler.com, *.-erwinolie.nl, *.-femclick.com, *.f-rankl.computer, *.-fren.us, *.-getbootstrap.com, *.-ghbtns.com, *.-hncuyelik.com, *.-hockeyed.com, *.-mobile4bizz.net, *.-nokiacamera.com, *.-secstories.com, *.-therecruit.zone, *.-thewareaglereader.com, *.-tickat636.ga, *.-zoekeenfietsenmaker.nl, -amazinghunters.com, -avhipo.com, -bloggbyran.cf, -brakeingasout.com, -caketopia.eu, -egedenbutiklezzetler.com, -erwinolie.nl, -femclick.com, -frankl.computer, -fren.us, -
getbootstrap.com, -ghbtns.com, -hncuyelik.com,-hockeyed.com, -mobile4bizz.net, -nokiacamera.com, -secstories.com, -therecruit.zone, -thewareaglereader.com, -tickat636.ga, -zoekeenfietsenmaker.nl
Re:
http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fgetbootstrap.comSee:
https://urlscan.io/result/bb7dec19-4186-4864-b722-ac2989f663fb#summaryF-F-X status:
https://observatory.mozilla.org/analyze.html?host=getbootstrap.comMISSING MANDATORY CIPHERS for TLS:
https://www.htbridge.com/ssl/?id=11fdf72a57bff6ed97fd176c0f1c23985b6a10e99247c7b70b52025f396e05caand other misconfigurations and weaknesses (mixed content and https redirect)
Seems from this report that the American infrastructure does not have that secure e2e encryption we are being led to believe,
this is endangering the average users that make use of such services.
polonus (volunteer website security analyst and website error-hunter)