Domain mail.sayb1.app
United States
-
Server vulnerable to Log4J CVE-2021-44228
The reply originated from a backend server, the originating frontend server has been included in the report for reference.
It is critical to patch log4j or the application using since the issues is exploited in the wild and leads to RCE.
First seen 2022-01-01 07:46-
Severity: critical
Fingerprint: aff4d642200b0639f8880459931901238b254644bf36de0a6da0ec6a6da0ec6aReceived reply after a Log4j payload from this host Ping was received because of query argument Reply took 114.330686ms Orignal reply: 5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f6620717565727920617267756d656e740a5265706c7920746f6f6b203131342e3333303638366d730a
Found on 2022-01-01 07:46 -
Severity: critical
Fingerprint: aff4d642200b0639f888045993190123a9c2ec39b91af6dfed255d7eed255d7eReceived reply after a Log4j payload from this host Ping was received because of query argument Reply took 397.303668ms Orignal reply: 5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f6620717565727920617267756d656e740a5265706c7920746f6f6b203339372e3330333636386d730a
Found on 2022-01-01 07:46 -
Severity: critical
Fingerprint: aff4d642200b0639f8880459e94669a5ee34361745ed75bd860b36c0860b36c0Received reply after a Log4j payload from this host Ping was received because of query value Reply took 526.477062ms Orignal reply: 5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f662071756572792076616c75650a5265706c7920746f6f6b203532362e3437373036326d730a
Found on 2022-01-01 07:46 -
Severity: critical
Fingerprint: aff4d642200b0639f8880459e94669a5b32c0e5bbdcef9d154530f6454530f64Received reply after a Log4j payload from this host Ping was received because of query value Reply took 266.538256ms Orignal reply: 5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f662071756572792076616c75650a5265706c7920746f6f6b203236362e3533383235366d730a
Found on 2022-01-01 07:46
-
-
Open service 199.59.243.227:80 · mail.sayb1.app
2024-11-26 17:02
HTTP/1.1 200 OK date: Tue, 26 Nov 2024 17:02:13 GMT content-type: text/html; charset=utf-8 content-length: 1042 x-request-id: c21bd8eb-30c7-4e97-a0f5-ac55affc1cf1 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Vutuu+kizbnfNxcYoznW86UqzZMjBSKCJkD9UCcCMK516F5IyQ4z0kLR5qKkTm4uGeQ0pKpC2caCA/IgeekygA== set-cookie: parking_session=c21bd8eb-30c7-4e97-a0f5-ac55affc1cf1; expires=Tue, 26 Nov 2024 17:17:13 GMT; path=/ connection: close <!doctype html> <html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Vutuu+kizbnfNxcYoznW86UqzZMjBSKCJkD9UCcCMK516F5IyQ4z0kLR5qKkTm4uGeQ0pKpC2caCA/IgeekygA==" lang="en" style="background: #2B2B2B;"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin> </head> <body> <div id="target" style="opacity: 0"></div> <script>window.park = "eyJ1dWlkIjoiYzIxYmQ4ZWItMzBjNy00ZTk3LWEwZjUtYWM1NWFmZmMxY2YxIiwicGFnZV90aW1lIjoxNzMyNjQwNTMzLCJwYWdlX3VybCI6Imh0dHA6Ly9tYWlsLnNheWIxLmFwcC8iLCJwYWdlX21ldGhvZCI6IkdFVCIsInBhZ2VfcmVxdWVzdCI6e30sInBhZ2VfaGVhZGVycyI6e30sImhvc3QiOiJtYWlsLnNheWIxLmFwcCIsImlwIjoiNDYuMTAxLjEuMjI1In0K";</script> <script src="/bNDRqqIMJ.js"></script> </body> </html>Found 2024-11-26 by HttpPluginCreate report
-
Open service 199.59.243.227:443 · mail.sayb1.app
2024-11-26 17:02
HTTP/1.1 200 OK Date: Tue, 26 Nov 2024 17:02:12 GMT Content-Type: text/html; charset=utf-8 Content-Length: 1046 X-Request-Id: c195b9f3-00c6-404c-8628-4360fcc69721 Cache-Control: no-store, max-age=0 Accept-Ch: sec-ch-prefers-color-scheme Critical-Ch: sec-ch-prefers-color-scheme Vary: sec-ch-prefers-color-scheme X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Vutuu+kizbnfNxcYoznW86UqzZMjBSKCJkD9UCcCMK516F5IyQ4z0kLR5qKkTm4uGeQ0pKpC2caCA/IgeekygA== Set-Cookie: parking_session=c195b9f3-00c6-404c-8628-4360fcc69721; expires=Tue, 26 Nov 2024 17:17:13 GMT; path=/ Connection: close <!doctype html> <html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Vutuu+kizbnfNxcYoznW86UqzZMjBSKCJkD9UCcCMK516F5IyQ4z0kLR5qKkTm4uGeQ0pKpC2caCA/IgeekygA==" lang="en" style="background: #2B2B2B;"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin> </head> <body> <div id="target" style="opacity: 0"></div> <script>window.park = "eyJ1dWlkIjoiYzE5NWI5ZjMtMDBjNi00MDRjLTg2MjgtNDM2MGZjYzY5NzIxIiwicGFnZV90aW1lIjoxNzMyNjQwNTMzLCJwYWdlX3VybCI6Imh0dHBzOi8vbWFpbC5zYXliMS5hcHAvIiwicGFnZV9tZXRob2QiOiJHRVQiLCJwYWdlX3JlcXVlc3QiOnt9LCJwYWdlX2hlYWRlcnMiOnt9LCJob3N0IjoibWFpbC5zYXliMS5hcHAiLCJpcCI6IjE1Ny4yNDUuMzYuMTA4In0K";</script> <script src="/bEEZMIPsF.js"></script> </body> </html>Found 2024-11-26 by HttpPluginCreate report