LeakIX - Host 95.163.138.156

Host 95.163.138.156

Russia

LLC Digital Network

Server vulnerable to Log4J CVE-2021-44228

The reply originated from a backend server, the originating frontend server has been included in the report for reference.

It is critical to patch log4j or the application using since the issues is exploited in the wild and leads to RCE.

IP: 95.163.138.156
Port: 443
URL: https://95.163.138.156

First seen 2021-12-31 03:27

Severity: critical
Fingerprint: aff4d642200b0639f8880459e94669a586035840f2de8a83fac70ae220f90a1c

Received reply after a Log4j payload from this host
Ping was received because of query value
Reply took 1.882261065s
Orignal request was to 178.248.233.72:443
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f662071756572792076616c75650a5265706c7920746f6f6b20312e383832323631303635730a4f7269676e616c20726571756573742077617320746f203137382e3234382e3233332e37323a3434330a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a

Found on 2021-12-31 03:27

Severity: critical
Fingerprint: aff4d642200b0639f8880459ed3e1aa40c9127ec2fe7bd7f135fec26fab06992

Received reply after a Log4j payload from this host
Ping was received because of X-Forwared-Host
Reply took 2.24006903s
Orignal request was to 178.248.233.72:443
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f6620582d466f7277617265642d486f73740a5265706c7920746f6f6b20322e3234303036393033730a4f7269676e616c20726571756573742077617320746f203137382e3234382e3233332e37323a3434330a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a

Found on 2021-12-31 03:27

Severity: critical
Fingerprint: aff4d642200b0639f888045993190123dc4177c7bb8d6b721e705275d31b899b

Received reply after a Log4j payload from this host
Ping was received because of query argument
Reply took 1.73507128s
Orignal request was to 178.248.233.72:443
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f6620717565727920617267756d656e740a5265706c7920746f6f6b20312e3733353037313238730a4f7269676e616c20726571756573742077617320746f203137382e3234382e3233332e37323a3434330a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a

Found on 2021-12-31 03:27

Severity: critical
Fingerprint: aff4d642200b0639f8880459b0628eb7234e833784c3794298b0cce56d1cc433

Received reply after a Log4j payload from this host
Ping was received because of User-Agent
Reply took 2.109973735s
Orignal request was to 178.248.233.72:443
This event's HTTP and SSL details are preserved from the orignal request.

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a50696e67207761732072656365697665642062656361757365206f6620557365722d4167656e740a5265706c7920746f6f6b20322e313039393733373335730a4f7269676e616c20726571756573742077617320746f203137382e3234382e3233332e37323a3434330a54686973206576656e742773204854545020616e642053534c2064657461696c7320617265207072657365727665642066726f6d20746865206f7269676e616c20726571756573742e0a

Found on 2021-12-31 03:27

Create report

Server vulnerable to Log4J CVE-2021-44228
The reply originated from a backend server, the originating frontend server has been included in the report for reference.

It is critical to patch log4j or the application using since the issues is exploited in the wild and leads to RCE.

https://www.lunasec.io/docs/blog/log4j-zero-day/

https://issues.apache.org/jira/browse/LOG4J2-2109

https://logging.apache.org/log4j/2.x/security.html
IP: 95.163.138.156
Port: 80
URL: http://95.163.138.156

First seen 2021-12-11 04:18
- Severity: critical
  Fingerprint: aff4d642200b0639f888045931afa2f32345b7372345b737e197899dc2cdd2ee
```
Received reply after a Log4j payload from this host
Reply took 3.997321228s
Orignal request was to 93.125.48.201

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a5265706c7920746f6f6b20332e393937333231323238730a4f7269676e616c20726571756573742077617320746f2039332e3132352e34382e3230310a
```
  Found on 2021-12-11 04:18
- Severity: critical
  Fingerprint: aff4d642200b0639f8880459738103908546e0908546e090dc60c9a641f1d008
```
Received reply after a Log4j payload from this host
Reply took 7.151860229s
Orignal request was to 93.125.48.201

Orignal reply:
5265636569766564207265706c792061667465722061204c6f67346a207061796c6f61642066726f6d207468697320686f73740a5265706c7920746f6f6b20372e313531383630323239730a4f7269676e616c20726571756573742077617320746f2039332e3132352e34382e3230310a
```
  Found on 2021-12-11 04:18
Create report

Domain summary

No record