LeakIX - Host 20.76.239.165

Host 20.76.239.165

Netherlands

MICROSOFT-CORP-MSN-AS-BLOCK

Server vulnerable to Log4J CVE-2021-44228

The reply originated from a backend server, the originating frontend server has been included in the report for reference.

It is critical to patch log4j or the application using since the issues is exploited in the wild and leads to RCE.

IP: 20.76.239.165
Port: 443
URL: https://20.76.239.165

First seen 2021-12-31 07:38

Severity: critical
Fingerprint: aff4d642200b0639f8880459e94669a5295f06cc24795cd7115db34e9c29484f

Received reply after a Log4j payload from this host
Ping was received because of query value
Reply took 274.538616ms
Orignal request was to 20.76.228.248:443
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f662071756572792076616c75650a5265706c7920746f6f6b203237342e3533383631366d730a4f7269676e616c20726571756573742077617320746f2032302e37362e3232382e3234383a3434330a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a

Found on 2021-12-31 07:38

Severity: critical
Fingerprint: aff4d642200b0639f8880459e94669a5b966d04a6b58cea5b0846000fa1f8e51

Received reply after a Log4j payload from this host
Ping was received because of query value
Reply took 316.947167ms
Orignal request was to 20.76.228.248:443
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f662071756572792076616c75650a5265706c7920746f6f6b203331362e3934373136376d730a4f7269676e616c20726571756573742077617320746f2032302e37362e3232382e3234383a3434330a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a

Found on 2021-12-31 07:38

Severity: critical
Fingerprint: aff4d642200b0639f8880459b0628eb7e6b445901218615346f28a12c8661240

Received reply after a Log4j payload from this host
Ping was received because of User-Agent
Reply took 401.708572ms
Orignal request was to 20.76.228.248:443
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f6620557365722d4167656e740a5265706c7920746f6f6b203430312e3730383537326d730a4f7269676e616c20726571756573742077617320746f2032302e37362e3232382e3234383a3434330a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a

Found on 2021-12-31 07:38

Severity: critical
Fingerprint: aff4d642200b0639f8880459ed3e1aa4751961e5092c606a0f9af99d80fb8392

Received reply after a Log4j payload from this host
Ping was received because of X-Forwared-Host
Reply took 444.011226ms
Orignal request was to 20.76.228.248:443
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f6620582d466f7277617265642d486f73740a5265706c7920746f6f6b203434342e3031313232366d730a4f7269676e616c20726571756573742077617320746f2032302e37362e3232382e3234383a3434330a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a

Found on 2021-12-31 07:38

Severity: critical
Fingerprint: aff4d642200b0639f8880459e94669a538290b74c510330fcf795496859746ed

Received reply after a Log4j payload from this host
Ping was received because of query value
Reply took 528.699955ms
Orignal request was to 20.76.228.248:443
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f662071756572792076616c75650a5265706c7920746f6f6b203532382e3639393935356d730a4f7269676e616c20726571756573742077617320746f2032302e37362e3232382e3234383a3434330a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a

Found on 2021-12-31 07:38

Severity: critical
Fingerprint: aff4d642200b0639f8880459d5e18a65f018a1fb2fb62b409217ca273a92ec1f

Received reply after a Log4j payload from this host
Ping was received because of cookie name
Reply took 663.763059ms
Orignal request was to 20.76.228.248:443
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f6620636f6f6b6965206e616d650a5265706c7920746f6f6b203636332e3736333035396d730a4f7269676e616c20726571756573742077617320746f2032302e37362e3232382e3234383a3434330a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a

Found on 2021-12-31 07:38

Severity: critical
Fingerprint: aff4d642200b0639f8880459d2eb3d8f488ecbd981c3b3f6c3d84de10200b2cc

Received reply after a Log4j payload from this host
Ping was received because of cookie value
Reply took 673.943322ms
Orignal request was to 20.76.228.248:443
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f6620636f6f6b69652076616c75650a5265706c7920746f6f6b203637332e3934333332326d730a4f7269676e616c20726571756573742077617320746f2032302e37362e3232382e3234383a3434330a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a

Found on 2021-12-31 07:38

Severity: critical
Fingerprint: aff4d642200b0639f8880459cfe551f6f50fdc3fb55ed00c129f9c9b0c8ef73b

Received reply after a Log4j payload from this host
Ping was received because of random header
Reply took 389.333957ms
Orignal request was to 20.76.228.248:443
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f662072616e646f6d206865616465720a5265706c7920746f6f6b203338392e3333333935376d730a4f7269676e616c20726571756573742077617320746f2032302e37362e3232382e3234383a3434330a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a

Found on 2021-12-31 07:38

Severity: critical
Fingerprint: aff4d642200b0639f8880459b0628eb76c95c0e8ae38a27bc4cd1c2a48aa2c8e

Received reply after a Log4j payload from this host
Ping was received because of User-Agent
Reply took 621.887727ms
Orignal request was to 20.76.228.248:443
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f6620557365722d4167656e740a5265706c7920746f6f6b203632312e3838373732376d730a4f7269676e616c20726571756573742077617320746f2032302e37362e3232382e3234383a3434330a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a

Found on 2021-12-31 07:38

Severity: critical
Fingerprint: aff4d642200b0639f8880459ed3e1aa44ef88d9c3f37f9c73b98f85ee9b9fe74

Received reply after a Log4j payload from this host
Ping was received because of X-Forwared-Host
Reply took 651.587609ms
Orignal request was to 20.76.228.248:443
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f6620582d466f7277617265642d486f73740a5265706c7920746f6f6b203635312e3538373630396d730a4f7269676e616c20726571756573742077617320746f2032302e37362e3232382e3234383a3434330a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a

Found on 2021-12-31 07:38

Create report

Domain summary

No record