Site report for https://habr.com
Lookup another site?
| Site title | Top of the last 24 hours / Habr |
|---|---|
| Site rank | 735 |
| Description | Top of the last 24 hours |
| Date first seen | January 2011 |
|---|---|
| Netcraft Risk Rating | 0/10 |
| Primary language | English |
| Site | https://habr.com |
|---|---|
| Netblock Owner | Habr LLC |
| Domain | habr.com |
| Nameserver | ns1.habradns.net |
| IP address | 178.248.237.68 (VirusTotal) |
| DNS admin | nsmaster@habralab.ru |
| IPv6 address | Not Present |
| Reverse DNS | unknown |
| Domain registrar | unknown |
|---|---|
| Nameserver organisation | unknown |
| Organisation | unknown |
| Hosting company | qrator |
| Top Level Domain | Commercial entities (.com) |
| DNS Security Extensions | Enabled |
| Hosting country | RU |
| IP range | Country | Name | Description |
|---|---|---|---|
| 0.0.0.0-255.255.255.255 | N/A | IANA-BLK | The whole IPv4 address space |
| ↳ 178.0.0.0-178.255.255.255 | Netherlands | 178-RIPE | RIPE Network Coordination Centre |
| ↳ 178.248.232.0-178.248.239.255 | Russian Federation | RU-QRATOR-20100512 | |
| ↳ 178.248.237.68-178.248.237.68 | Russian Federation | QRATOR-2041 | Habr LLC |
| ↳ 178.248.237.68 | Russian Federation | QRATOR-2041 | Habr LLC |
| Assurance | Domain validation |
|---|---|
| Common name | *.habr.com |
| Organisation | Not Present |
| State | Not Present |
| Country | Not Present |
| Organisational unit | Not Present |
| Subject Alternative Name | *.habr.com, habr.com |
| Validity period | From May 30 2020 to Dec 2 2021 (18 months, 3 days) |
| Matches hostname | Yes |
| Server | QRATOR |
| Public key algorithm | id-ecPublicKey |
| Protocol version | TLSv1.2 |
| Public key length | 256 |
| Certificate check | ok |
| Signature algorithm | ecdsa-with-SHA256 |
| Serial number | 0xfe5f34e433eb913a4fd1dcd8599f5f79 |
| Cipher | ECDHE-ECDSA-AES128-GCM-SHA256 |
| Version number | 0x02 |
| Perfect Forward Secrecy | Yes |
|---|---|
| Next Protocol Negotiation | http/1.1 |
| Supported TLS Extensions | RFC5746 renegotiation info, RFC4366 server name, RFC4492 EC point formats, RFC5077 session ticket, Next Protocol Negotiation, unknown |
| Issuing organisation | Sectigo Limited |
| Issuer common name | Sectigo ECC Domain Validation Secure Server CA |
| Issuer unit | Not Present |
| Issuer location | Salford |
| Issuer country | GB |
| Issuer state | Greater Manchester |
| Certificate Revocation Lists | Not Present |
| Certificate Hash | twEjN2OMWH0MMisuYmgcHYKakpo |
| Public Key Hash | 11f75ee993ec9b1cd9925b9d9b3c27a74409859d664b01eb843c5ccdba597263 |
| OCSP servers | http://ocsp.sectigo.com - 100% uptime in the past 24 hours |
| OCSP stapling response | No response received |
Signed Certificate Timestamps (SCTs)
| Source | Log | Timestamp | Signature Verification |
|---|---|---|---|
| Certificate | Google Xenon 2021 fT7y+I//iFVoJMLAyp5SiXkrxQ54CX8uapdomX4i8Nc= |
2020-05-30 12:24:20 | Success |
| Certificate | Let's Encrypt Oak 2021 lCC8Ho7VjWyIcx+CiyIsDdHaTV5sT5Q9YdtOL1hNosI= |
2020-05-30 12:24:20 | Success |
| Certificate | Sectigo Mammoth b1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RM= |
2020-05-30 12:24:20 | Success |
SSLv3/POODLE
This site does not support the SSL version 3 protocol.
More information about SSL version 3 and the POODLE vulnerability.
Heartbleed
The site did not offer the Heartbeat TLS extension prior to the Heartbleed disclosure, and so was not exploitable.
This test does not exploit the Heartbleed vulnerability but uses information from conventional HTTPS requests. More information about Heartbleed detection.
| Common name | USERTrust ECC Certification Authority |
|---|---|
| Organisational unit | Not Present |
| Organisation | The USERTRUST Network |
| Validity period | From 2010-02-01 to 2038-01-18 |
| Common name | Sectigo ECC Domain Validation Secure Server CA |
|---|---|
| Organisational unit | Not Present |
| Organisation | Sectigo Limited |
| Validity period | From 2018-11-02 to 2030-12-31 |
| Netblock owner | IP address | OS | Web server | Last seen |
|---|---|---|---|---|
| Habr LLC Spartakovsky lane 2, bld. 1 Moscow 105082 Russian Federation | 178.248.237.68 | Linux | QRATOR | 20-Mar-2020 |
A host's Sender Policy Framework (SPF) describes who can send mail on its behalf. This is done by publishing an SPF record containing a series of rules. Each rule consists of a qualifier followed by a specification of which domains to apply this qualifier to. For more information please see open-spf.org.
| Qualifier | Mechanism | Argument |
|---|---|---|
| + (Pass) | include | spf.habramail.net |
| ~ (SoftFail) | all |
DMARC (Domain-based Message Authentication, Reporting and Conformance) is a mechanism for domain owners to indicate how mail purporting to originate from their domain should be authenticated. It builds on SPF and DKIM, providing a method to set policy and to give reporting of failures. For more information please see dmarc.org.
Raw DMARC record:
v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:dmarc-receiver@habramail.net; ri=86400;
| Tag | Field | Value |
|---|---|---|
| p=quarantine | Requested handling policy | Quarantine: emails that fail the DMARC mechanism check should be treated by Mail Receivers as suspicious. Depending on the capabilities of the Mail Receiver, this can mean "place into spam folder", "scrutinize with additional intensity", and/or "flag as suspicious". |
| sp=quarantine | Requested handling policy for subdomains | Quarantine: emails that fail the DMARC mechanism check should be treated by Mail Receivers as suspicious. Depending on the capabilities of the Mail Receiver, this can mean "place into spam folder", "scrutinize with additional intensity", and/or "flag as suspicious". |
| rua=mailto:dmarc-receiver@habramail.net | Reporting URI(s) for aggregate data | dmarc-receiver@habramail.net |
| ri=86400 | Aggregate reporting interval | No more than 86400 seconds separating aggregate reports. |
Web Trackers are third-party resources loaded onto a webpage. Trackable resources include social sharing widgets, javascript files, and images. These trackers can be used to monitor individual user behaviour across the web. Data derived from these trackers are primarily used for advertising or analytics purposes.
5 known trackers were identified.| Company | Primary Category | Tracker | Popular Sites with this Tracker |
|---|---|---|---|
| Criteo | Advertising | Criteo | www.babnet.net, www.kp.ru, www.walmart.ca |
| Analytics | Facebookpixel | www.b92.net, www.webmd.com, www.mediafire.com | |
| Analytics | Googletagmanager | www.digikala.com, www.t-online.de, www.bbc.co.uk | |
| VKontakte | Widget | VK | www.reg.ru, www.ntv.ru, www.yaplakal.com |
| Yandex | Analytics | Yandexanalytics | www.liveomg.com, www.yandex.ru, online.sberbank.ru |
-
An application server is a server that provides software applications with services such as security, data services, transaction support, load balancing, and management of large distributed systems.
Technology Description Popular sites using this technology Debian No description www.majorgeeks.com, www.leonard-de-vinci.net, www.thingiverse.com -
Includes all the main technologies that Netcraft detects as running on the server such as PHP.
Technology Description Popular sites using this technology SSL A cryptographic protocol providing communication security over the Internet PHP Enabled Server supports PHP www.mydealz.de, www.ilovepdf.com, www.trendupdeal.com -
Includes all the main technologies that run on the browser (such as JavaScript and Adobe Flash).
Technology Description Popular sites using this technology Asynchronous Javascript No description www.walmart.com, www.ebay.com, freebitco.in Local Storage No description Session Storage No description www.grammarly.com, www.bol.com, www.bankofamerica.com JavaScript Widely-supported programming language commonly used to power client-side dynamic content on websites -
Frameworks or libraries allow for easier development of applications by providing an Application Program Interface (API) or a methodology to follow whilst developing.
Technology Description Popular sites using this technology jQuery A JavaScript library used to simplify the client-side scripting of HTML www.arco.co.uk, www.msn.com, www.t-online.de -
RSS Rich Site Summary is a family of web feed formats used to publish frequently updated works such as blog entries, news headlines, audio, and video in a standardized format.
Technology Description Popular sites using this technology RSS Standardized web feed format used to publish frequently updated works www.webmd.com, www.dianomi.com, www.tagesschau.de -
A character encoding system consists of a code that pairs each character from a given repertoire with something else such as a bit pattern, sequence of natural numbers, octets, or electrical pulses in order to facilitate the transmission of data (generally numbers or text) through telecommunication networks or for data storage.
-
HTTP compression is a capability that can be built into web servers and web clients to make better use of available bandwidth, and provide greater transmission speeds between both.
Technology Description Popular sites using this technology Gzip Content Encoding Gzip HTTP Compression protocol www.tsetmc.com, www.seznam.cz, www.ups.com -
Web browser targeting enables software applications to make use of specific functions of the browser as well as optimizing the application for specific browser versions.
Technology Description Popular sites using this technology Strict Transport Security Web security policy mechanism whereby a web server declares that complying user agents are to interact with it using only secure HTTP connections t.co, medium.com, disqus.com Strict-Transport-Security (including subdomains) No description discordapp.com, player.vimeo.com, login.microsoftonline.com X-Content-Type-Options Browser MIME type sniffing is disabled www.googleadservices.com, teams.microsoft.com, vars.hotjar.com Strict-Transport-Security (preload) No description www.researchgate.net, www.upwork.com, static.addtoany.com X-Frame-Options Same Origin Do not allow this site to be rendered within an iframe www.google.com, accounts.google.com Public Key Pins Detect and mitigate MITM attacks www.zacks.com, addons.mozilla.org, packages.debian.org -
Privacy policy is a statement or a legal document (privacy law) that discloses some or all of the ways a party gathers, uses, discloses and manages a customer or client's data.
Technology Description Popular sites using this technology P3P Platform for Privacy Preferences Project allows websites to express their privacy practices yandex.ru, pixel.mathtag.com, static.olark.com -
A Document Type Declaration, or DOCTYPE, is an instruction that associates a particular SGML or XML document (for example, a webpage) with a Document Type Definition (DTD).
-
Cascading Style Sheets (CSS) is a style sheet language used for describing the presentation semantics (the look and formatting) of a document written in a markup language (such as XHTML).
Technology Description Popular sites using this technology External Styles defined within an external CSS file www.linkedin.com, www.paypal.com, www.yahoo.com CSS Media Query No description www.w3schools.com, www.booking.com, www.microsoft.com Embedded Styles defined within a webpage www.bbc.co.uk, www.amazon.co.uk, www.amazon.com