=============================================================================== PCC.CU SERVER OBFUSCATION ANALYSIS =============================================================================== Generated: January 11, 2026 Target: pcc.cu (Communist Party of Cuba Official Website) =============================================================================== 1. FINDING SUMMARY =============================================================================== The Communist Party of Cuba website (pcc.cu) deliberately falsifies its HTTP server header to mask its true technology stack. REPORTED SERVER HEADER: Server: Windows95 ACTUAL INFRASTRUCTURE: CMS: Drupal 10 Language: PHP 8.1.20 Load Balancer: Yes (SERVERID=www2) SSL: Let's Encrypt (valid certificate) Hosting: Modern Linux server infrastructure =============================================================================== 2. EVIDENCE OF OBFUSCATION =============================================================================== [2.1] WHY "WINDOWS95" IS IMPOSSIBLE ---------------------------------------------------------------------- - Windows 95 released in 1995, end-of-life in 2001 - Cannot run modern PHP 8.x (requires Windows 7+) - Cannot run Drupal 10 (requires PHP 8.1+) - Cannot obtain Let's Encrypt certificates (service started 2015) - Cannot handle modern TLS 1.2/1.3 encryption - No security updates for 25+ years [2.2] ACTUAL TECHNOLOGY DETECTED ---------------------------------------------------------------------- Source: HTTP response analysis, HTML inspection, cookie analysis Drupal Indicators: - Drupal-specific cookie patterns - /sites/default/files/ path structure - Drupal form tokens in HTML - Drupal JavaScript libraries loaded PHP Version Disclosure: - X-Powered-By header in some responses - PHP 8.1.20 confirmed Load Balancing Evidence: - SERVERID=www2 cookie - Indicates multiple backend servers =============================================================================== 3. SECURITY IMPLICATIONS =============================================================================== [3.1] INTENT ---------------------------------------------------------------------- The fake "Windows95" header is a deliberate security measure: 1. SCANNER EVASION - Automated vulnerability scanners may skip the target - Tools searching for "Apache" or "nginx" won't match - Reduces noise from automated attacks 2. FINGERPRINT CONFUSION - Makes technology stack identification harder - Delays reconnaissance phase for attackers - Forces manual investigation 3. PSYCHOLOGICAL MISDIRECTION - May cause attackers to dismiss as obsolete - Creates false assumptions about target [3.2] EFFECTIVENESS ASSESSMENT ---------------------------------------------------------------------- STRENGTHS: - Blocks basic automated fingerprinting - Shows security awareness by IT team - Low-effort defensive measure WEAKNESSES: - Easily defeated by HTML/cookie analysis - Drupal version still detectable via other methods - PHP version leaked in some configurations - Does not protect against targeted attacks =============================================================================== 4. COMPARATIVE ANALYSIS =============================================================================== Other Cuban government sites do NOT use this technique: Site | Server Header | Obfuscated? ------------------------|--------------------|----------- pcc.cu | Windows95 | YES presidencia.gob.cu | (standard) | NO minfar.gob.cu | Apache | NO parlamentocubano.gob.cu | Apache | NO bc.gob.cu | (nginx/node) | NO aduana.gob.cu | (standard) | NO CONCLUSION: PCC IT team has above-average security awareness compared to other Cuban government entities. =============================================================================== 5. TECHNICAL DETAILS =============================================================================== [5.1] HTTP RESPONSE SAMPLE ---------------------------------------------------------------------- HTTP/1.1 200 OK Server: Windows95 X-Drupal-Cache: HIT Set-Cookie: SERVERID=www2; path=/ Content-Type: text/html; charset=UTF-8 [5.2] TRUE STACK SUMMARY ---------------------------------------------------------------------- Frontend: Likely nginx or Apache reverse proxy Application: Drupal 10.x Language: PHP 8.1.20 Database: MySQL/MariaDB (standard Drupal) Caching: Drupal internal cache enabled Analytics: Matomo Cloud (pcccu.matomo.cloud) Load Balance: Multiple backend servers (www2 observed) =============================================================================== 6. INTELLIGENCE VALUE =============================================================================== This finding indicates: 1. PCC has dedicated IT security personnel 2. They actively implement defensive measures 3. They monitor/configure server responses 4. Higher operational security than peer agencies 5. Likely more hardened against common attacks RECOMMENDATION FOR RESEARCHERS: Do not rely on server headers for Cuban government sites. Always verify technology stack through multiple methods: - HTML source analysis - Cookie inspection - JavaScript library detection - Path structure analysis - Error page fingerprinting =============================================================================== END OF ANALYSIS ===============================================================================