LeakIX - Host energy.economictimes.indiatimes.com

Domain energy.economictimes.indiatimes.com

Germany

I World Tower, DLF CITY

Server vulnerable to Log4J CVE-2021-44228

The reply originated from a backend server, the originating frontend server has been included in the report for reference.

It is critical to patch log4j or the application using since the issues is exploited in the wild and leads to RCE.

IP: 103.18.142.29
Domain: energy.economictimes.indiatimes.com
Port: 443
URL: https://energy.economictimes.indiatimes.com

First seen 2021-12-13 08:20

Severity: critical
Fingerprint: aff4d642200b0639f8880459ed3e1aa46669809b839189a32804a682dc898c02

Received reply after a Log4j payload from this host
Ping was received because of X-Forwared-Host
Reply took 834.338371ms
Orignal request was to 23.222.64.106:443
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f6620582d466f7277617265642d486f73740a5265706c7920746f6f6b203833342e3333383337316d730a4f7269676e616c20726571756573742077617320746f2032332e3232322e36342e3130363a3434330a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a

Found on 2021-12-13 08:20

Severity: critical
Fingerprint: aff4d642200b0639f8880459ed3e1aa44cbc5a88436efabcb56670eb742cf10a

Received reply after a Log4j payload from this host
Ping was received because of X-Forwared-Host
Reply took 6.238495ms
Orignal request was to 23.222.64.106:443
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f6620582d466f7277617265642d486f73740a5265706c7920746f6f6b20362e3233383439356d730a4f7269676e616c20726571756573742077617320746f2032332e3232322e36342e3130363a3434330a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a

Found on 2021-12-13 08:20

Severity: critical
Fingerprint: aff4d642200b0639f8880459ed3e1aa4bf14a4c338347a1b96ecbb4abab8cd06

Received reply after a Log4j payload from this host
Ping was received because of X-Forwared-Host
Reply took 430.382954ms
Orignal request was to 23.222.64.106:443
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f6620582d466f7277617265642d486f73740a5265706c7920746f6f6b203433302e3338323935346d730a4f7269676e616c20726571756573742077617320746f2032332e3232322e36342e3130363a3434330a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a

Found on 2021-12-13 08:20

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 92.122.106.222
Domain: energy.economictimes.indiatimes.com
Port: 443
URL: https://energy.economictimes.indiatimes.com

First seen 2025-12-01 06:12
Last seen 2026-02-19 08:05
Open for 80 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff431818dff1ab714ac2ab714ac2ab714ac2ab714ac2
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /v1/{portal}/{entity}/details/{course_id}
GET /v1/{portal}/{entity}/{type}/{region}
```
  Found on 2026-02-19 08:05
Create report

Open service 92.122.106.222:443 · energy.economictimes.indiatimes.com

2026-01-23 05:05

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Last-Modified: Fri, 23 Jan 2026 05:02:53 GMT
Content-Language: en
Access-Control-Allow-Credentials: true
X-Frame-Options: sameorigin
Strict-Transport-Security: max-age=25920000; includeSubdomains
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Expires: Fri, 23 Jan 2026 05:05:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 23 Jan 2026 05:05:23 GMT
Transfer-Encoding:  chunked
Connection: close
Connection: Transfer-Encoding
x-frame-options: SAMEORIGIN

Found 2026-01-23 by HttpPlugin

Create report

mmnotification.indiatimes.comakamai.newspointapp.comalbum.bombaytimes.comamnotification.indiatimes.comauto.economictimes.indiatimes.comb2bimg.economictimes.indiatimes.comblogs.timesofindia.indiatimes.combmnotification.indiatimes.combrandequity.economictimes.indiatimes.comcfo.economictimes.indiatimes.comcio.economictimes.indiatimes.comciso.economictimes.indiatimes.comcss.etb2bimg.comeisamay.indiatimes.comenergy.economictimes.indiatimes.comesnotifications.indiatimes.cometfeedscache.indiatimes.cometportfolio.indiatimes.comgnnotifications.gadgetsnow.comhealth.economictimes.indiatimes.comhtnotification.happytrips.comimages.economictimes.indiatimes.comimg.etb2bimg.comjs.etb2bimg.comm.gadgetsnow.comm.maharashtratimes.comm.malayalam.samayam.comm.navbharattimes.indiatimes.comm.photos.timesofindia.comm.tamil.samayam.comm.telugu.samayam.comm.timesofindia.comm.vijaykarnataka.commaharashtratimes.indiatimes.commalayalam.samayam.commarketgraphs.economictimes.indiatimes.commbfeeds.magicbricks.commcxlivefeeds.indiatimes.commfapps.economictimes.indiatimes.commlsymnotifications.indiatimes.commobilelivefeeds.indiatimes.commtnotifications.indiatimes.comnavbharattimes.indiatimes.comnavbharattimesfeeds.indiatimes.comnavgujaratsamay.indiatimes.comnbtnotifications.indiatimes.comngsnotifications.indiatimes.comnprssfeeds.indiatimes.compflivefeeds.indiatimes.compgi.magicbricks.comphotogallery.indiatimes.compmnotification.indiatimes.compost.magicbricks.comrating.magicbricks.comrealty.economictimes.indiatimes.comretail.economictimes.indiatimes.comrummon.indiatimes.comslike.indiatimes.comst.etb2bimg.comstaging.whatshot.instatic.economictimes.indiatimes.comstatic.eis.indiatimes.comstatic.etinsure.comstockapps.economictimes.indiatimes.comsubscription.indiatimes.comtamil.samayam.comtech.economictimes.indiatimes.comtelecom.economictimes.indiatimes.comtelugu.samayam.comtimesofindia.indiatimes.comtlsymnotifications.indiatimes.comtmsymnotifications.indiatimes.comvijaykarnataka.indiatimes.comvknotifications.indiatimes.comwebservices.indiatimes.comwww.bangaloremirror.comwww.bombaytimes.comwww.gadgetsnow.comwww.happytrips.comwww.magicbricks.comwww.mumbaimirror.comwww.mumbaimirror.indiatimes.comwww.newspointapp.comwww.staticclmbtech.com

Fingerprint:

93c07226e0ee1f9a748d9dc43a522a96a20d270cf630bdc1b1427af4e0c42965

CN:

mmnotification.indiatimes.com

Key:

ECDSA-256

Issuer:

DigiCert Global G3 TLS ECC SHA384 2020 CA1

Not before:

2025-12-22 00:00

Not after:

2026-12-21 23:59

Domain summary

energy.economictimes.indiatimes.com 4

1 recorded

IP summary

92.122.106.222 1 103.18.142.29 1

2 recorded

Domain energy.economictimes.indiatimes.com

Germany

Server vulnerable to Log4J CVE-2021-44228

Swagger API description is publicly available

Create report

Domain summary

IP summary