501 lines
29 KiB
Plaintext
501 lines
29 KiB
Plaintext
|
500
|
||
|
|
1 1 User-Agent:\s.*.abc.net 2 0 0 1
|
||
|
|
2 2 (#\d{1,2}){20} 2 0 0 1
|
||
|
|
3 3 (((DestFile|encryptPass)\x3D[^\x26]{50})|((BaseDN|SearchFilter)\x3D[^\x26]{128})) 2 0 0 1
|
||
|
|
4 4 (((c|l)pi\x00.{1}(-\d|0)\x21)|(columns\x00.{1}(-\d|0)\x21)|(page-(right|left|top|bottom)\x00.{1}(-\d|0|([3-9]\d{5}|24\d{4}|236\d{3}|23593\d{1}|23592[2-9])\x21))) 2 0 0 1
|
||
|
|
5 5 (,\d{1,3}){20} 2 0 0 1
|
||
|
|
6 6 (3BFFE033-BF43-11d5-A271-00A024A51325|iNotes6\.iNotes6|E008A543-CEFB-4559-912F-C27C2B89F13B|dwa7\.dwa7) 2 0 0 1
|
||
|
|
7 7 (?P<obj>[A-Z\d_]+)\.DataURL\s*=\s*(\x22[^\x22]{128}|\x27[^\x27]{128}) 2 0 0 1
|
||
|
|
8 8 (Context|Action)\x3D[^\x26\x3b]{1024} 2 0 0 1
|
||
|
|
9 9 (DisableSandboxAndDrop|ConfusedClass|FieldAccessVerifierExpl)\.class 2 0 0 1
|
||
|
|
10 10 (INSERT|UPDATE)\s*[\s\w]*((mysql\.)?func)[^\r\n]+values\s*\([^\)]+\x2c[\x22\x27][^\x22\x27]*\x2f 2 0 0 1
|
||
|
|
11 11 (Image|Doc) 2 0 0 1
|
||
|
|
12 12 (OvAcceptLang|Accept-Language)\s*[\x3D\x3A]\s*[^\n]{69} 2 0 0 1
|
||
|
|
13 13 (OvJavaScript|OvTitleFrame|OvHelpWindow|OvMap|OvSession|OvJavaLocale|OvOSLocale|OvWebSession)\s*\x3D[^\x3B\x2C]{1024} 2 0 0 1
|
||
|
|
14 14 (Set|Check)\x10Properties 2 0 0 1
|
||
|
|
15 15 (USER|PASS)[^\x80-\xff]*[\x80-\xff] 2 0 0 1
|
||
|
|
16 16 ([sp]key|csk)=[^\r\n\x26]+(script|onclick|onload|onmouseover|html|[\x22\x27\x3c\x3e\x28\x29]) 2 0 0 1
|
||
|
|
17 17 (\x22|\x27)daap\x3a\x2f\x2f[^\x22\x27]*\x3a[^\x22\x27\x2f]{256} 2 0 0 1
|
||
|
|
18 18 (\x22|\x27)itms\x3a\x2f\x2f[^\x22\x27]*\x3a[^\x22\x27\x2f]{256} 2 0 0 1
|
||
|
|
19 19 (\x22|\x27)itmss\x3a\x2f\x2f[^\x22\x27]*\x3a[^\x22\x27\x2f]{256} 2 0 0 1
|
||
|
|
20 20 (\x22|\x27)itpc\x3a\x2f\x2f[^\x22\x27]*\x3a[^\x22\x27\x2f]{256} 2 0 0 1
|
||
|
|
21 21 (\x22|\x27)pcast\x3a\x2f\x2f[^\x22\x27]*\x3a[^\x22\x27\x2f]{256} 2 0 0 1
|
||
|
|
22 22 (\x25(n|t|d)\x20){85} 2 0 0 1
|
||
|
|
23 23 (\x3F|\x26)[^\x3D]*(\x27|%27)[^\x3D]*(\x3C|%3c)script(\x3E|%3e) 2 0 0 1
|
||
|
|
24 24 (\x40\x09.{19}|\x41\x0b.{23})[\xf0-\xff].{8}\x01\x00[\x00\x01\x02\x04\x08\x10\x18\x20]\x00 2 0 0 1
|
||
|
|
25 25 (^|&)SelectedID=[^&]+?(\x3B|%3B) 2 0 0 1
|
||
|
|
26 26 (^|&)paths(%5b|\x5b)(%5d|\x5d)=[^&]*?(%2e|\x2e){2}(%2f|\x2f) 2 0 0 1
|
||
|
|
27 27 (^|&)selectedLocale=[^&]+?([\x22\x27]|%22|%27) 2 0 0 1
|
||
|
|
28 28 (^|[\x3b\x7b\x7d]|%3b|%7b|%7d)O(%3a|\x3a)(\x2b|%2b)?[0-9]+?(%3a|\x3a)(%22|\x22) 2 0 0 1
|
||
|
|
29 29 (action|setup)=[a-z]{1,4} 2 0 0 1
|
||
|
|
30 30 (arg=[^\x26]*?OVwSelection[^\x26]*?\x26.*?sel=[^\s\x26]{1023}|sel=[^\x26]{1023,}\x26.*?arg=[^\s\x26]*?OVwSelection) 2 0 0 1
|
||
|
|
31 31 (caption,\x22\x5c\x5c\x5c|\x22\x5cn\x5cn\x5cn\x22\x20\x2b\x20str) 2 0 0 1
|
||
|
|
32 32 (data_select1|nameParams|schdParams|text1|schd_select1)=[^\x26]{512} 2 0 0 1
|
||
|
|
33 33 (displayWidth[\x2b\x20]\d[^\x2b\s\n]{128}) 2 0 0 1
|
||
|
|
34 34 (filename|type)=[^\x26]*?\x2E\x2E 2 0 0 1
|
||
|
|
35 35 (ora_osb_bgcookie|rbtool)=[^\x20\x26\x3b]{1} 2 0 0 1
|
||
|
|
36 36 (sIda\/sId|urua\/uru)[abcd]\.classPK 2 0 0 1
|
||
|
|
37 37 .{20}[\x01\x02]\x00\x03\x00.*?\x5c\x00\x5c\x00 2 0 0 1
|
||
|
|
38 38 5FDC81917DE08A41A6AC(E9B8ECA1EE.8|.98ECB1EEA8E) 2 0 0 1
|
||
|
|
39 39 <FILE>(\x2e\x2e\x5c|%2E%2E%5C){2}[^<]+?</FILE> 2 0 0 1
|
||
|
|
40 40 <SelectedID>[^<]+?(\x3B|%3B) 2 0 0 1
|
||
|
|
41 41 <[^>]*?style\s*[>=].{1,1024}margin\s*\x3a\s*[^\x3b\x7d]*?-(\d{4}|1[0-9][1-9]|[2-9]\d\d)[ce][mx].*?[\x7b\x3b] 2 0 0 1
|
||
|
|
42 42 <\?(php)?.{1,256}define\s*\x28\s*str_repeat\s*\x28\s*[\x22\x27][^\x22\x27]+[\x22\x27]\s*\x2c\s*\x24argv 2 0 0 1
|
||
|
|
43 43 <\s*object[^>]*?data\s*\x3A[^,>]*?base64 2 0 0 1
|
||
|
|
44 44 <\s*valitem[^>]*\s(value|name)\s*=\s*([\x22\x27])[^\x22\x27]{104} 2 0 0 1
|
||
|
|
45 45 <\x21DOCTYPE\s+[^>]*?SYSTEM[^>]*?>.*?\x2EparseError 2 0 0 1
|
||
|
|
46 46 <\x21ENTITY[^>]+SYSTEM[^>]+http\x3A\x2F\x2F[^>\s]+http\x3A\x2F\x2F 2 0 0 1
|
||
|
|
47 47 <applet[^>]+(archive|src)\s*?=\s*?(\x22|\x27|)\s*?(\d{5}\.jar|[^>]+\/\d{5}\.jar) 2 0 0 1
|
||
|
|
48 48 <figure[^>]+?dir\s*?=\s*?[\x22\x27]\s*?rtl\s*?[\x22\x27].*?(&#?x?[a-z\d]{2,4}\x3b){100} 2 0 0 1
|
||
|
|
49 49 <iframe[^>]*?height\x3d\s*[\x22\x27]?\s*[0-9]{6} 2 0 0 1
|
||
|
|
50 50 <script[^>]*?for\s*=\s*[\x22\x27]?.*?event\s*=\s*[\x22\x27]?onpropertychange[\x22\x27]?[^>]*?> 2 0 0 1
|
||
|
|
51 51 <script[^>]*src\s*=\s*[\x22\x27][^\x22\x27]*\.json[\x22\x27][^>]*language=vbs 2 0 0 1
|
||
|
|
52 52 <title>CRiMEPACK [\d\.]+</title> 2 0 0 1
|
||
|
|
53 53 <treechildren.*?ordinal=.*?<treechildren 2 0 0 1
|
||
|
|
54 54 <zombis>\s*<JUNIPER-M3>.*?</JUNIPER-M3>\s*</zombis> 2 0 0 1
|
||
|
|
55 55 AdminServlet.*(userid|adminurl)[^\x26\x20\x0a]*<script 2 0 0 1
|
||
|
|
56 56 Authorization\s*\x3A\s*Basic\s*[^\n]{437} 2 0 0 1
|
||
|
|
57 57 Collab\x2EaddStateModel\s*\x28\s*\x7B.*cName\s*\x3A\s*\x22(\x22|\x5Cx00) 2 0 0 1
|
||
|
|
58 58 ComputerName\s*\x3d\s*\x22[^\x22]{256} 2 0 0 1
|
||
|
|
59 59 Content-Type\x3A\s*misc/ultravox.+?(\r?\n){2}\x5A.9\x01 2 0 0 1
|
||
|
|
60 60 CreationDate\x28[^\x3c\x29]{500} 2 0 0 1
|
||
|
|
61 61 DBMS_ASSERT\x2Esimple_sql_name\x28[^\x29\x22]*?\x22 2 0 0 1
|
||
|
|
62 62 EnteredAttrName=[^&]{32} 2 0 0 1
|
||
|
|
63 63 Entry\x20\x2f[^\x2f]*\x2f[^\x2f]{68} 2 0 0 1
|
||
|
|
64 64 ExecWB\s*\x28\s*[^\x2c\x29]*(7|IDM_PRINTPREVIEW)[^\x29]+http\x3a\x2f\x2f 2 0 0 1
|
||
|
|
65 65 FILECODE=[^&]{96} 2 0 0 1
|
||
|
|
66 66 HEADER[\x20\r]*\n[\x20]*9[\x20\r]*\n\x24[^\n]{92} 2 0 0 1
|
||
|
|
67 67 HTTP\/1.[01]\r\nUser\x2dAgent\x3a\x20[ -~]+\r\nHost\x3a\x20[a-z0-9\x2d\x2e]+\.info\r\n 2 0 0 1
|
||
|
|
68 68 HostList=([^\r\n\x3B]{,296}\x3B)*[^\r\n\x3B]{297} 2 0 0 1
|
||
|
|
69 69 Host\x3A\s*[^\x0D\x0A]{121} 2 0 0 1
|
||
|
|
70 70 Hostname\x3D[^\x26\x3F\x3B\x0D\x0A\s]{300} 2 0 0 1
|
||
|
|
71 71 ICount\x3D\x2D[^\x26\x3F\x3B\x0D\x0A\s]{300} 2 0 0 1
|
||
|
|
72 72 IP=(https?|ftps?) 2 0 0 1
|
||
|
|
73 73 InformixServerList=([^\r\n\x3B]{,293}\x3B)*[^\r\n\x3B]{294} 2 0 0 1
|
||
|
|
74 74 Libs\/Starter(CmdExec|NetUtils|Rec|ScreenShots|Settings)\.py 2 0 0 1
|
||
|
|
75 75 Math\x2efloor([^\x7d]{1,3})?\x7dcatch\x28 2 0 0 1
|
||
|
|
76 76 Math\x2eround([^\x7d]{1,3})?\x7dcatch\x28 2 0 0 1
|
||
|
|
77 77 MaxAge\x3D[^\x26\x3F\x3B\x0D\x0A]{300} 2 0 0 1
|
||
|
|
78 78 Oid\x3D[^\x0D\x0A]{1000} 2 0 0 1
|
||
|
|
79 79 OvAcceptLang\s*\x3d\s*[^\x3b\n]{300} 2 0 0 1
|
||
|
|
80 80 OvOSLocale\s*\x3d\s*[^\x3b\s]{249} 2 0 0 1
|
||
|
|
81 81 Referer\x3a[^\x0d\x0a]*\/world\/ 2 0 0 1
|
||
|
|
82 82 Referer\x3a\s*?http\x3a\x2f{2}[a-z0-9\x2e\x2d]+\x2fs\x2f\x3fk\x3d 2 0 0 1
|
||
|
|
83 83 RegExp?\x23.{0,5}\x28\x3f[^\x29]{0,4}i.*?\x28\x3f\x2d[^\x29]{0,4}i.{0,50}\x7c\x7c 2 0 0 1
|
||
|
|
84 84 SET_(SENDFROM|MAILHOST)\x28\x27[^\x27]{256} 2 0 0 1
|
||
|
|
85 85 SOAPAction\x3A\s*?\x22[^\x22\x23]+?\x23([^\x22]{2048}|[^\x22]+$) 2 0 0 1
|
||
|
|
86 86 SYS\.LT\.FINDRICSET\([^,\)]*\'\'\|\| 2 0 0 1
|
||
|
|
87 87 SYS\x2eDBMS\x5fAQADM\x5fSYS\x2eGRANT\x5fTYPE\x5fACCESS\s*\x28\s*\x27[^\x2c\x20\x27]*[\x2c\x20] 2 0 0 1
|
||
|
|
88 88 SelectedSubTabId=[^>]*?([\x22\x27]|%22|%27)\s*?>\s*?<[^>]*?script 2 0 0 1
|
||
|
|
89 89 SignUrl=[^\x26\s]*[\x22\x27\x28\x29\x3C\x3E] 2 0 0 1
|
||
|
|
90 90 SoftwareRegistration\.do.*?updateRegn=[^\x26\r\n]+(script|onclick|onload|onmouseover|html) 2 0 0 1
|
||
|
|
91 91 TMlogonEncrypted=(\!|\%21)CRYPT(\!|\%21)[A-Z0-9]{512} 2 0 0 1
|
||
|
|
92 92 Template\x3D[^\x0D\x0A]{1000} 2 0 0 1
|
||
|
|
93 93 TimerMethod\x3D[^\x26]*[\x3C\x28\x22\x27] 2 0 0 1
|
||
|
|
94 94 USER\s*[^\x0d]+\x25\x27 2 0 0 1
|
||
|
|
95 95 User-Agent\:[^\x0a\x0d]+?Havij 2 0 0 1
|
||
|
|
96 96 User-Agent\x3A\s+?mus[\x0d\x0a] 2 0 0 1
|
||
|
|
97 97 User-Agent\x3a[^\x0d\x0a]*Java\/1\. 2 0 0 1
|
||
|
|
98 98 User-Agent\x3a\x20Agent\d{5,9} 2 0 0 1
|
||
|
|
99 99 User-Agent\x3a\x20[^\n]*?WinHttp\x2eWinHttpRequest.*?\n 2 0 0 1
|
||
|
|
100 100 Visio \x28TM\x29 Drawing\r\n\x00{4}([^\x00]|\x00[^\x00]|\x00\x00[^\x01-\x06\x0b]|\x00\x00[\x01-\x06\x0b][^\x00]) 2 0 0 1
|
||
|
|
101 101 [1-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12} 2 0 0 1
|
||
|
|
102 102 [?&](CallbackParam|CallbackFn)=[^&]+?([\x22\x27\x3c\x3e\x28\x29]|eval|script|onload|src) 2 0 0 1
|
||
|
|
103 103 [?&](k|u|cs)=[^&]+?< 2 0 0 1
|
||
|
|
104 104 [?&](path|file)Name=[^&]*?\x2e\x2e\x2f 2 0 0 1
|
||
|
|
105 105 [?&](search|topic)=[^&]*?(\x27|%27)(\s*|(%20)*)(\x3b|%3b) 2 0 0 1
|
||
|
|
106 106 [?&]SelectedSubTabId=[^&]*?([\x22\x27\x3c\x3e\x28\x29]|onload|src) 2 0 0 1
|
||
|
|
107 107 [?&]Using=_layouts/query.iqy.*?&List=[^&]+(script|src|location|document|onlick|onload) 2 0 0 1
|
||
|
|
108 108 [?&]appName=[^&]+?([\x22\x27\x3c\x3e\x28\x29]|script|onload|src) 2 0 0 1
|
||
|
|
109 109 [?&]arg=[^-][^+&$]{189} 2 0 0 1
|
||
|
|
110 110 [?&]configName=[^&]+?([\x22\x27\x3c\x3e\x28\x29]|script|onload|src) 2 0 0 1
|
||
|
|
111 111 [?&]filename=[^&]*?[\x22\x27][^&]*?\x3B 2 0 0 1
|
||
|
|
112 112 [?&]iprange=[^&]{68} 2 0 0 1
|
||
|
|
113 113 [?&]key=[^&]+?([\x22\x27\x3c\x3e\x28\x29]|script|onload|src) 2 0 0 1
|
||
|
|
114 114 [?&]name=(\x5c\x5c|%5c%5c) 2 0 0 1
|
||
|
|
115 115 [?&]name=[^&]*\x2e\x2e\x2f[^&]*\x2e\x2e\x2f[^&]*\x2e\x2e\x2f 2 0 0 1
|
||
|
|
116 116 [?&]name=[^&]+?([\x22\x27\x3c\x3e\x28\x29]|script|onload|src) 2 0 0 1
|
||
|
|
117 117 [?&]site2pstoretoken=[^&]+?([\x22\x27\x3c\x3e\x28\x29]|script|onload|src) 2 0 0 1
|
||
|
|
118 118 [\x35\x36\x41\x42\x44-\x49]\x00\x00 2 0 0 1
|
||
|
|
119 119 [\x37-\x40\x43]\x00\x00 2 0 0 1
|
||
|
|
120 120 [\x3f\x26]id=\d*[\x28\x29\x22\x27] 2 0 0 1
|
||
|
|
121 121 [^&]+&[a-z]=[a-f0-9]{16}&[a-z]=[a-f0-9]{16}$ 2 0 0 1
|
||
|
|
122 122 [^R]CHAR\(.*?[^R]CHAR\(.*?[^R]CHAR\(.*?[^R]CHAR\(.*?[^R]CHAR\( 2 0 0 1
|
||
|
|
123 123 [^\x3E]*?text\s*\x3D\s*(\x27[^\x27]{500}|\x22[^\x22]{500}|\S{500}) 2 0 0 1
|
||
|
|
124 124 [^\x3a\s]{309}\sPRIVMSG 2 0 0 1
|
||
|
|
125 125 [^\x3e]{0,300}\x2fURI \x28data 2 0 0 1
|
||
|
|
126 126 [^\x5C\x2F\x3A\x2A\x3F\x22\x3C\x3E\x7C\x3D\s]{256}\x2Eppt($|\x3f) 2 0 0 1
|
||
|
|
127 127 [a-z0-9]{32}\.jar 2 0 0 1
|
||
|
|
128 128 \%5b\%5f[0-9]{16} 2 0 0 1
|
||
|
|
129 129 \&h=\d{5}$ 2 0 0 1
|
||
|
|
130 130 \.(jsp|html)\?[^\r\n]*PG=SPEEDBAR 2 0 0 1
|
||
|
|
131 131 \.dashstyle\.array\.length\s*?=[^\x3b]*?-\s*?\d 2 0 0 1
|
||
|
|
132 132 \.jpg\x20HTTP\/1\.[01]\r\nUser\x2dAgent\x3a\x20[a-z]+\r\nHost\x3a\x20[a-z0-9\x2d\x2e]+\.com\.br\r\n\r\n$ 2 0 0 1
|
||
|
|
133 133 \.js\/\?[a-z]+\=[a-z]{1,4} 2 0 0 1
|
||
|
|
134 134 \.location(\.href)?\s*=\s*new\s+String\s*\x28\s*\x22\s*javascript\x3A 2 0 0 1
|
||
|
|
135 135 \.onpropertychange\s*=\s*function[^{]*?\{[^}]*?\w+\.swapNode\x28 2 0 0 1
|
||
|
|
136 136 \.php\?[a-z]{2,12}=[a-f0-9]{10,64}&[a-z]{2,12}=.*?&[a-z]{2,12}= 2 0 0 1
|
||
|
|
137 137 \.php\?[a-z]{2,8}=[a-z0-9]{2}\x3a[a-z0-9]{2}\x3a[a-z0-9]{2}\x3a[a-z0-9]{2}\x3a[a-z0-9]{2}\&[a-z]{2,8}= 2 0 0 1
|
||
|
|
138 138 \.php\?action=jv\&h=\d+ 2 0 0 1
|
||
|
|
139 139 \.php\?b=[A-F0-9]+&v=1\. 2 0 0 1
|
||
|
|
140 140 \.php\?j=1&k=[0-9](i=[0-9])?$ 2 0 0 1
|
||
|
|
141 141 \.php\?mac\x3d([a-f0-9]{2}\x3a){5}[a-f0-9]{2}$ 2 0 0 1
|
||
|
|
142 142 \.php\?setup=d\&s=\d+\&r=\d+ 2 0 0 1
|
||
|
|
143 143 \.php\x3fw\x3d\d+\x26n\x3d\d+ 2 0 0 1
|
||
|
|
144 144 \.png$ 2 0 0 1
|
||
|
|
145 145 \.replace\x28\x2F[^\x2F]+\x2F[A-Z]*\x2C(\x22\x22|\x27\x27) 2 0 0 1
|
||
|
|
146 146 \/$ 2 0 0 1
|
||
|
|
147 147 \/%2E%2E(\\|%5C)\/ 2 0 0 1
|
||
|
|
148 148 \/([0-9][0-9a-z]{2}|[0-9a-z][0-9][0-9a-z]|[0-9a-z]{2}[0-9])\.jar$ 2 0 0 1
|
||
|
|
149 149 \/(\\|%5C)%2E%2E\/ 2 0 0 1
|
||
|
|
150 150 \/AES\d+O\d+\.jsp\?[a-z0-9=\x2b\x2f]{20} 2 0 0 1
|
||
|
|
151 151 \/AES\d{9}O\d{4,5}\x2ejsp 2 0 0 1
|
||
|
|
152 152 \/CreationDate\x28[^\x3c\x29]{500} 2 0 0 1
|
||
|
|
153 153 \/DES\d+O\d+\.jsp\?[a-z0-9=\x2b\x2f]{20} 2 0 0 1
|
||
|
|
154 154 \/DES\d{9}O\d{4,5}\x2ejsp 2 0 0 1
|
||
|
|
155 155 \/F[^\/>]+\.(exe|dll|swf) 2 0 0 1
|
||
|
|
156 156 \/Java([0-9]{1,2})?\.jar\?java=[0-9]{2} 2 0 0 1
|
||
|
|
157 157 \/La(.)*?\s*?\/F[^\/>]+\.(exe|dll|swf) 2 0 0 1
|
||
|
|
158 158 \/MacApp\/\d{2}(-\d{2}){3}(:\d{2}){2}\.png\r\n[^\x89]+?\x89PNG 2 0 0 1
|
||
|
|
159 159 \/OvCgi\/(jovgraph|webappmon)\.exe 2 0 0 1
|
||
|
|
160 160 \/OvCgi\/(jovgraph|webappmon)\.exe.*?-textFile+[^+]{201} 2 0 0 1
|
||
|
|
161 161 \/SUS\d+O\d+\.jsp\?[a-z0-9=\x2b\x2f]{20} 2 0 0 1
|
||
|
|
162 162 \/VertexNet\/adduser\.php\?uid=\x7B[^\r\n]+\x7D\x26la[^\r\n]+\x26cmpname= 2 0 0 1
|
||
|
|
163 163 \/VertexNet\/tasks\.php\?uid=\x7B[^\r\n]+\x7D\x26la[^\r\n]+\x26cmpname= 2 0 0 1
|
||
|
|
164 164 \/ZES\d+O\d+\.jsp\?[a-z0-9=\x2b\x2f]{20} 2 0 0 1
|
||
|
|
165 165 \/[a-f0-9]{16}([a-f0-9]{16})?\/ff\.php 2 0 0 1
|
||
|
|
166 166 \/[a-f0-9]{16}\/a\.php 2 0 0 1
|
||
|
|
167 167 \/[a-f0-9]{16}\/q\.php 2 0 0 1
|
||
|
|
168 168 \/[a-f0-9]{32}\/a\.php 2 0 0 1
|
||
|
|
169 169 \/[a-f0-9]{32}\/q\.php 2 0 0 1
|
||
|
|
170 170 \/[a-z0-9]{12}\.txt$ 2 0 0 1
|
||
|
|
171 171 \/[a-zA-Z0-9]{150,}\/getmyfile\.exe\?o=1\&h=11$ 2 0 0 1
|
||
|
|
172 172 \/[a-z]{4}\.html\?h\=\d{6,7}$ 2 0 0 1
|
||
|
|
173 173 \/[a-z]{4}\.html\?i\=\d{6,7}$ 2 0 0 1
|
||
|
|
174 174 \/[a-z]{4}\.html\?j\=\d{6,7}$ 2 0 0 1
|
||
|
|
175 175 \/\?[0-9a-f]{60,66}[\;\d]*$ 2 0 0 1
|
||
|
|
176 176 \/\?id=\d+\x26AnSSip= 2 0 0 1
|
||
|
|
177 177 \/\?java\=[0-9]{2,4} 2 0 0 1
|
||
|
|
178 178 \/\[fx]\.jar$ 2 0 0 1
|
||
|
|
179 179 \/\d{2}\.html$ 2 0 0 1
|
||
|
|
180 180 \/api\/urls\/\?ts=[a-z0-9]+&affid=\d{5} 2 0 0 1
|
||
|
|
181 181 \/app\/\?prj=\d\x26pid=[^\r\n]+\x26mac= 2 0 0 1
|
||
|
|
182 182 \/blog/images/3521\.jpg\?v\d{2}=\d{2}\x26tq= 2 0 0 1
|
||
|
|
183 183 \/count\d{2}\.php$ 2 0 0 1
|
||
|
|
184 184 \/elections\.php\?([a-z0-9]+\x3d\d{1,3}\&){9}[a-z0-9]+\x3d\d{1,3}$ 2 0 0 1
|
||
|
|
185 185 \/f\.php\?k=\d 2 0 0 1
|
||
|
|
186 186 \/html\/license_[0-9A-F]{550,}\.html$ 2 0 0 1
|
||
|
|
187 187 \/images\/[a-zA-Z]\.php\?id\=[0-9]{2,3}(\.\d)?$ 2 0 0 1
|
||
|
|
188 188 \/index\d{9}\.asp 2 0 0 1
|
||
|
|
189 189 \/install\.asp\?mac=[A-F\d]{12}\x26mode 2 0 0 1
|
||
|
|
190 190 \/jdb\/inf\.php\?id=[a-f0-9]{32}$ 2 0 0 1
|
||
|
|
191 191 \/jlnp\.html$ 2 0 0 1
|
||
|
|
192 192 \/jorg\.html$ 2 0 0 1
|
||
|
|
193 193 \/jovf\.html$ 2 0 0 1
|
||
|
|
194 194 \/loader\.cpl$ 2 0 0 1
|
||
|
|
195 195 \/pdfx\.html$ 2 0 0 1
|
||
|
|
196 196 \/pte\.aspx\?ver=\d\.\d\.\d+\.\d\x26rnd=\d{5} 2 0 0 1
|
||
|
|
197 197 \/r_autoidcnt\.asp\?mer_seq=\d[^\r\n]*\x26mac= 2 0 0 1
|
||
|
|
198 198 \/se\/[a-f0-9]{100,200}\/[a-f0-9]{6,9}\/[A-Z0-9_]{4,200}\.com 2 0 0 1
|
||
|
|
199 199 \/setup_b\.asp\?prj=\d\x26pid=[^\r\n]*\x26mac= 2 0 0 1
|
||
|
|
200 200 \/stat_d\/$ 2 0 0 1
|
||
|
|
201 201 \/stat_n\/$ 2 0 0 1
|
||
|
|
202 202 \/stat_svc\/$ 2 0 0 1
|
||
|
|
203 203 \/stat_u\/$ 2 0 0 1
|
||
|
|
204 204 \/vic\.aspx\?ver=\d\.\d\.\d+\.\d\x26rnd=\d{5} 2 0 0 1
|
||
|
|
205 205 \/world\/[^\x2f]*\.pdf 2 0 0 1
|
||
|
|
206 206 \<a\s+[^\>]*href\s*\x3D\s*[\x22\x27]?[^\>\x22\x27]*\x23\x3A\x2F\x2F[^\>]+\> 2 0 0 1
|
||
|
|
207 207 \?[a-f0-9]{4}$ 2 0 0 1
|
||
|
|
208 208 \?id=[A-Z0-9]{20}&cmd=img 2 0 0 1
|
||
|
|
209 209 \?inf\=[0-9a-f]{8}\x2Ex\d{2}\x2E\d{8}\x2E 2 0 0 1
|
||
|
|
210 210 \?page\=[a-f0-9]{16} 2 0 0 1
|
||
|
|
211 211 \?spl=\d&br=[^&]+&vers=[^&]+&s= 2 0 0 1
|
||
|
|
212 212 \bcmd\x2eexe\b 2 0 0 1
|
||
|
|
213 213 \d+& 2 0 0 1
|
||
|
|
214 214 \r\nHost\x3A\s+[^\r\n]*?[bcdfghjklmnpqrstvwxyz]{5,}[^\r\n]*?\x2Einfo\r\n 2 0 0 1
|
||
|
|
215 215 \r\nHost\x3a\x20[a-z0-9\x2d\x2e]+\.com\x2d[a-z0-9\x2d\x2e]+(\x3a\d{1,5})?\r\n 2 0 0 1
|
||
|
|
216 216 \r\nReferer\x3A\x20http\x3A\x2F\x2f[a-z0-9\x2d\x2e]+\x2F\x3Fdo\x3Dpayment\x26ver\x3D\d+\x26sid\x3D\d+\x26sn\x3D\d+\r\n 2 0 0 1
|
||
|
|
217 217 \s*\x28(\x27[^\x27]{64}|\x27[^\x27]*\x27\s*,\s*\x27[^\x27]{64}) 2 0 0 1
|
||
|
|
218 218 \sAUTHENTICATE\s[^\n]{100} 2 0 0 1
|
||
|
|
219 219 \sEXAMINE\s[^\n]*?\s\{ 2 0 0 1
|
||
|
|
220 220 \sFETCH\s[^\n]*?\s\{ 2 0 0 1
|
||
|
|
221 221 \sLOGIN\s\w+\s\{\d+\}[\r]?\n[^\n]*?% 2 0 0 1
|
||
|
|
222 222 \x00[\x3b\x7c\x26\x60][^\x00]+\x00airappinstaller\x00ASnative\x00 2 0 0 1
|
||
|
|
223 223 \x00[\x70-\x74]\x00[\x00-\x09] 2 0 0 1
|
||
|
|
224 224 \x00\.\x00\.\x00[\x2f\x5c] 2 0 0 1
|
||
|
|
225 225 \x00\x00\x00[\x00\x01].{4}\x00\x01\x00\x01espia_(video_get_dev_image|audio_get_dev_audio|image_get_dev_screen) 2 0 0 1
|
||
|
|
226 226 \x00\x00\x00[\x00\x01].{4}\x00\x01\x00\x01incognito_(list_tokens|impersonate_token|add_user|add_group_user|add_localgroup_user|snarf_hashes) 2 0 0 1
|
||
|
|
227 227 \x00\x00\x00[\x00\x01].{4}\x00\x01\x00\x01lanattacks_(start_dhcp|reset_dhcp|set_dhcp_option|stop_dhcp|dhcp_log|start_tftp|reset_tftp|add_tftp_file|stop_tftp) 2 0 0 1
|
||
|
|
228 228 \x00\x00\x00[\x00\x01].{4}\x00\x01\x00\x01networkpug_(start|stop) 2 0 0 1
|
||
|
|
229 229 \x00\x00\x00[\x00\x01].{4}\x00\x01\x00\x01priv_(elevate_getsystem|passwd_get_sam_hashes|fs_get_file_mace|fs_set_file_mace) 2 0 0 1
|
||
|
|
230 230 \x00\x00\x00[\x00\x01].{4}\x00\x01\x00\x01sniffer_(interfaces|capture_start|capture_stop|capture_stats|capture_dump|capture_dump_read) 2 0 0 1
|
||
|
|
231 231 \x00\x00\x00[\x00\x01].{4}\x00\x01\x00\x01stdapi_fs_(separator|search|file_expand_path|md5|sha1|delete_file|stat|ls|chdir|mkdir|getwd|delete_dir) 2 0 0 1
|
||
|
|
232 232 \x00\x00\x00[\x00\x01].{4}\x00\x01\x00\x01stdapi_net_(config_get_interfaces|config_get_routes|config_add_route|udp_client|tcp_server|tcp_client|socket_tcp_shutdown) 2 0 0 1
|
||
|
|
233 233 \x00\x00\x00[\x00\x01].{4}\x00\x01\x00\x01stdapi_railgun_(memread|memwrite|api_multi|api) 2 0 0 1
|
||
|
|
234 234 \x00\x00\x00[\x00\x01].{4}\x00\x01\x00\x01stdapi_registry_(load_key|unload_key|open_key|open_remote_key|create_key|delete_key|close_key|enum_key) 2 0 0 1
|
||
|
|
235 235 \x00\x00\x00[\x00\x01].{4}\x00\x01\x00\x01stdapi_sys_config_(getuid|sysinfo|rev2self|steal_token|drop_token|getprivs) 2 0 0 1
|
||
|
|
236 236 \x00\x00\x00[\x00\x01].{4}\x00\x01\x00\x01stdapi_sys_eventlog_(open|numrecords|read|oldest|clear|close) 2 0 0 1
|
||
|
|
237 237 \x00\x00\x00[\x00\x01].{4}\x00\x01\x00\x01stdapi_sys_process_(thread_open|thread_create|thread_get_threads) 2 0 0 1
|
||
|
|
238 238 \x00\x00\x00[\x00\x01].{4}\x00\x01\x00\x01stdapi_ui_(enable_keyboard|enable_mouse|get_idle_time|desktop_enum|desktop_get|desktop_set|desktop_screenshot) 2 0 0 1
|
||
|
|
239 239 \x00\x00\x00[\x00\x01].{4}\x00\x01\x00\x01webcam_(list|start|get_frame|stop|audio_record) 2 0 0 1
|
||
|
|
240 240 \x0a\x0d?\x0a[A-Z0-9\x2b\x2f\s]*[^A-Z0-9\x2b\x2f\s\x3d] 2 0 0 1
|
||
|
|
241 241 \x23\d{2}\x3a\d{2}\x3a\d\d$ 2 0 0 1
|
||
|
|
242 242 \x25USERPROFILE\x25\x5C[^\x2e]{1,255}\x2eexe 2 0 0 1
|
||
|
|
243 243 \x26?arg\d+\s*=\s*[^\x26]*?(import|http) 2 0 0 1
|
||
|
|
244 244 \x26TARGET\x3d\x5f(blank|parent|top) 2 0 0 1
|
||
|
|
245 245 \x26arg\d+\s*=\s*[^\r\n\x26]*import 2 0 0 1
|
||
|
|
246 246 \x26r\d\x3d[^\x26\s]*\x27 2 0 0 1
|
||
|
|
247 247 \x26r\d\x3d\d*[^\x26\s\d] 2 0 0 1
|
||
|
|
248 248 \x26tv\x3d\d\.\d\.\d{4}\.\d{4} 2 0 0 1
|
||
|
|
249 249 \x26uid\x3d[a-f0-9]{16}($|\x26) 2 0 0 1
|
||
|
|
250 250 \x28\s*\x22\s*\x25([2-9][6-9][5-9]|[1-9][0-9]{3,})f 2 0 0 1
|
||
|
|
251 251 \x28compatible\x3b[A-Z]*\x3b\x29\x0d\x0a 2 0 0 1
|
||
|
|
252 252 \x2A\x02.{4}\x00\x04\x00\x07.*\x3C\x3E[^\x00]{1023,} 2 0 0 1
|
||
|
|
253 253 \x2E[A-Z\d_]+\s*\x7b\s*text-decoration[^\x3A]*?\x7d 2 0 0 1
|
||
|
|
254 254 \x2E\x00?d\x00?l\x00?l\x00? 2 0 0 1
|
||
|
|
255 255 \x2Ebin([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
256 256 \x2Emaplet([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
257 257 \x2Ermf([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
258 258 \x2Eview\x2Eselection.*?\x2Etree\s*\x3D\s*null.*?\x2Einvalidate 2 0 0 1
|
||
|
|
259 259 \x2FCSuserCGI\x2Eexe\x3F.*?Logout.[^&]{96} 2 0 0 1
|
||
|
|
260 260 \x2F[a-z]+\x2epng 2 0 0 1
|
||
|
|
261 261 \x2Faws\d{1,5}\.jsp\x3F 2 0 0 1
|
||
|
|
262 262 \x2Fdesktop\x2F\d+\x2Ftoolbar\x2Fsupremetb\d+\.cfg 2 0 0 1
|
||
|
|
263 263 \x2Fevil\x2Fservices\x2Fbid_register\x2Ephp\x3FBID\x3D[A-Za-z]{6}\x26IP\x3D\d{1,3}\x2E\d{1,3}\x2E\d{1,3}\x2E\d{1,3}\x26cipher\x3D[A-Za-z]{9} 2 0 0 1
|
||
|
|
264 264 \x2Fgumblar\x2Ecn\x2Frss\x2F\x3Fid\x3D\d+ 2 0 0 1
|
||
|
|
265 265 \x2Fin\.cgi\?\d{1,2}$ 2 0 0 1
|
||
|
|
266 266 \x2Flogo\.gif\x3F[0-9a-f]{5,7}=\d{5,7} 2 0 0 1
|
||
|
|
267 267 \x2Flogos\.gif\x3F[0-9a-f]+=\x2d?\d+ 2 0 0 1
|
||
|
|
268 268 \x2Fmartuz\x2Ecn\x2Fvid\x2F\x3Fid\x3D\d+ 2 0 0 1
|
||
|
|
269 269 \x2Fmrow\x5Fpin\x2F\x3Fid\d+[a-z]{5,}\d{5}\x26rnd\x3D\d+ 2 0 0 1
|
||
|
|
270 270 \x2FphpThumb\.php\x3F[^\r\n]*fltr\[\]=[^\r\n\x26]+\x3B 2 0 0 1
|
||
|
|
271 271 \x2Fupdate\w\x2Ephp\x3Fp\x3D\d+.*User\x2DAgent\x3A\s+Mozilla\x2F4\x2E75\s\x5Ben\x5D\s\x28X11\x3B\sU\x3B\sLinux\s2\x2E2\x2E16\x2D3\si686\x29 2 0 0 1
|
||
|
|
272 272 \x2e(jpg|png|gif)\x3fs?v.*?&tq=g[A-Z0-9]{2} 2 0 0 1
|
||
|
|
273 273 \x2e3g2([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
274 274 \x2e3gp([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
275 275 \x2e4xm([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
276 276 \x2eExecWB\s*\x28(IDM_PRINTPREVIEW|7)\x2c\s+(0|2)\x2C\s+\x22http 2 0 0 1
|
||
|
|
277 277 \x2eafm([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
278 278 \x2eani([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
279 279 \x2eapk([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
280 280 \x2easx([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
281 281 \x2eavi([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
282 282 \x2ecdr([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
283 283 \x2ecgm([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
284 284 \x2echm([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
285 285 \x2eclass([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
286 286 \x2ecov([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
287 287 \x2ecpe([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
288 288 \x2ecsd([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
289 289 \x2edcr([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
290 290 \x2edefinition\s*\x28 2 0 0 1
|
||
|
|
291 291 \x2edir([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
292 292 \x2edisco([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
293 293 \x2edmg([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
294 294 \x2edoc([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
295 295 \x2edxf([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
296 296 \x2eeot([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
297 297 \x2eeps([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
298 298 \x2eexe([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
299 299 \x2eexport(AsFDF|AsText|AsXFDF|DataObject|XFAData)\x28[^\x2c\x29]*\x2c[^\x2c\x29]*\x2c[^\x29]+\x2eexe 2 0 0 1
|
||
|
|
300 300 \x2ef4a([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
301 301 \x2ef4b([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
302 302 \x2ef4p([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
303 303 \x2ef4v([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
304 304 \x2eflv([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
305 305 \x2efpx([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
306 306 \x2egif([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
307 307 \x2ehpj([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
308 308 \x2ehtc([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
309 309 \x2eimg([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
310 310 \x2ejar([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
311 311 \x2ejfif?([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
312 312 \x2ejif([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
313 313 \x2ejnlp([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
314 314 \x2ejpe([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
315 315 \x2ejpeg([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
316 316 \x2ejpg([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
317 317 \x2ek3g([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
318 318 \x2elnk([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
319 319 \x2em3u([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
320 320 \x2em4a([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
321 321 \x2em4b([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
322 322 \x2em4p([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
323 323 \x2em4r([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
324 324 \x2em4v([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
325 325 \x2emanifest([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
326 326 \x2emetalink([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
327 327 \x2emov([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
328 328 \x2emp3([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
329 329 \x2emp4([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
330 330 \x2empeg([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
331 331 \x2empg([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
332 332 \x2emswmm([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
333 333 \x2eoga([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
334 334 \x2eogg([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
335 335 \x2eogv([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
336 336 \x2eogx([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
337 337 \x2eopus([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
338 338 \x2eotf([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
339 339 \x2epaq8o([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
340 340 \x2epct([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
341 341 \x2epdf([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
342 342 \x2epfa([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
343 343 \x2epfb([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
344 344 \x2epfm([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
345 345 \x2ephp\x3f[a-z]+=[a-fA-Z0-9]+&[a-z]+=[0-9]+$ 2 0 0 1
|
||
|
|
346 346 \x2ephp\x3f\s*-s 2 0 0 1
|
||
|
|
347 347 \x2epict([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
348 348 \x2epjpeg([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
349 349 \x2epls([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
350 350 \x2epmd([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
351 351 \x2epng([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
352 352 \x2eppt([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
353 353 \x2epub([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
354 354 \x2eqcp([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
355 355 \x2eqt([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
356 356 \x2eram?([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
357 357 \x2erm([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
358 358 \x2ermp([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
359 359 \x2erp([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
360 360 \x2ert([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
361 361 \x2ertf([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
362 362 \x2eru/\w+\?\d$ 2 0 0 1
|
||
|
|
363 363 \x2erv([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
364 364 \x2esami([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
365 365 \x2eskm([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
366 366 \x2eskp([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
367 367 \x2eslk([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
368 368 \x2esmi([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
369 369 \x2esmil([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
370 370 \x2espx([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
371 371 \x2esubstringData\s*\x28[^\x2c]*\x2c\s*0x7(f|F){6}[6-9AaBbCcDdEeFf] 2 0 0 1
|
||
|
|
372 372 \x2eswf([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
373 373 \x2etga([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
374 374 \x2etif(f)?([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
375 375 \x2etorrent([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
376 376 \x2ette([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
377 377 \x2ettf([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
378 378 \x2evap([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
379 379 \x2evbs([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
380 380 \x2evisprj([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
381 381 \x2evsd([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
382 382 \x2ewav([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
383 383 \x2ewax([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
384 384 \x2ewm([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
385 385 \x2ewma([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
386 386 \x2ewmd([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
387 387 \x2ewmf([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
388 388 \x2ewmv([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
389 389 \x2ewmx([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
390 390 \x2ewmz([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
391 391 \x2ewps([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
392 392 \x2ewrf([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
393 393 \x2ewri([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
394 394 \x2ewvx([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
395 395 \x2exbm([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
396 396 \x2exls([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
397 397 \x2exlw([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
398 398 \x2exml([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
399 399 \x2expm([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
400 400 \x2exsl([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
401 401 \x2exslt([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
402 402 \x2exspf([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
403 403 \x2exul([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
404 404 \x2ezip([\?\x5c\x2f]|$) 2 0 0 1
|
||
|
|
405 405 \x2f1020\d{6,16}$ 2 0 0 1
|
||
|
|
406 406 \x2fAdmin\x2fFunctionsClient\x2f(check.txt|Select.php|Update.php) 2 0 0 1
|
||
|
|
407 407 \x2fF\s*(<<|)\s*\x2fDOS\s*\x28 2 0 0 1
|
||
|
|
408 408 \x2fF\s*(<<|)\s*\x2fMac\s*\x28 2 0 0 1
|
||
|
|
409 409 \x2fF\s*(<<|)\s*\x2fUnix\s*\x28 2 0 0 1
|
||
|
|
410 410 \x2f[a-z0-9]+\.php\?php\x3dreceipt$ 2 0 0 1
|
||
|
|
411 411 \x2f\?ts\x3d[a-f0-9]{40}\x26 2 0 0 1
|
||
|
|
412 412 \x2fblackmuscats?\x3f\d 2 0 0 1
|
||
|
|
413 413 \x2fib2\x2f$ 2 0 0 1
|
||
|
|
414 414 \x2fkills\x2etxt\x3f(t\d|p)\x3d\d{6}$ 2 0 0 1
|
||
|
|
415 415 \x2fms162cfg\x2ejsp\x3f([sverlcfan]\x3d[^\x26\s]*\x26){8} 2 0 0 1
|
||
|
|
416 416 \x2fpanda\x2f\x3fu\x3d[a-z0-9]{32} 2 0 0 1
|
||
|
|
417 417 \x2ftimthumb\x2ephp\x3f[^\r\n]*?src=https?\x3a\x2f([^\x2e\x2f]+?\x2e){3} 2 0 0 1
|
||
|
|
418 418 \x2fwidth[^\x3e]+\x2fDCTDecode 2 0 0 1
|
||
|
|
419 419 \x3C\s*applet[^\x3E\n$]*code\s*=\s*[\x27\x22]AppletX[\x22\x27][^\x3E\n$]*archive\s*=\s*[\x22\x27][^\s\x3E\n$]{32}\x2Ejar[\x22\x27] 2 0 0 1
|
||
|
|
420 420 \x3C\s*param\s*\x3E\s*\x3C\s*value\s*\x3E\s*\x3C\s*string\s*\x3E[^\x3C]*[\x2C\x3B] 2 0 0 1
|
||
|
|
421 421 \x3b\s*udhcpc\s*\x3b.*\x26 2 0 0 1
|
||
|
|
422 422 \x3c[^\x3e]+[\x22\x27]mailto\x3a[^\x3e]+\x3f[^\x3e]*\x2faltvba 2 0 0 1
|
||
|
|
423 423 \x3c[^\x3e]+[\x22\x27]mailto\x3a[^\x3e]+\x3f[^\x3e]*\x2fimportprf 2 0 0 1
|
||
|
|
424 424 \x3c\s*Marquee[^\x3e]*onstart\s*\x3D\s*\x22\s*document\x2e(write|writeln|open) 2 0 0 1
|
||
|
|
425 425 \x3ccell\s+[^\x3e]*\x3aFormula\s*\x3d\s*\x22\s*\x3drept\x28 2 0 0 1
|
||
|
|
426 426 \x3ciframe[^\x3e]*?src\x3d\x22http\x3a\x2f\x2f[^\x26\x2e]+\x26\x2346\x3b[^\x2e]+\x2epl\x2frc\x2f\x22 2 0 0 1
|
||
|
|
427 427 \x3cimg[^\x3e]*src\x3d(\x22|\x27)?[^\x22\x27\s]{300} 2 0 0 1
|
||
|
|
428 428 \x3cj2se[^\x3e]*(initial|max)-heap-size\s*\x3d\s*(\x22|\x27)[^\x22\x27]{50} 2 0 0 1
|
||
|
|
429 429 \x3cscript\x3etry\x7b\w+\x2b\x2b([^\x7d]{1,4})?\x7dcatch\x28 2 0 0 1
|
||
|
|
430 430 \x3ctime\x20[^\x3e]*(begin|end)\x3d\x22[^\x22]{13} 2 0 0 1
|
||
|
|
431 431 \x3e\x0d\x0aSUBJECT\x3a (\d{1,3}\x2e){3}\d{1,3}\x7c[^\r\n]*\x7c\d{2,4}\x0d\x0a 2 0 0 1
|
||
|
|
432 432 \x3fsv\x3d\d{1,3}\x26tq\x3d 2 0 0 1
|
||
|
|
433 433 \x45\x4d\x46\x2b\x08\x40.(\x06|\x86).{28}([\xf4-\xff]\xff\xff(\xff|\x7f)|[\x00-\x06]\x00\x00\x80) 2 0 0 1
|
||
|
|
434 434 \x5Csv\s+[^\x7D]*?\x3B[^\x7D]*?\x3B[^\x7B]{12} 2 0 0 1
|
||
|
|
435 435 \x5F[A-F0-9]{16} 2 0 0 1
|
||
|
|
436 436 \x5c\x00\x5c\x00[^\x5c]*?\x5c\x00\x00\x00 2 0 0 1
|
||
|
|
437 437 \x5cdpcallout\s*\x5cdpcallout\s*\x5cdpcallout 2 0 0 1
|
||
|
|
438 438 \x5flayouts\x2fhelp\x2easpx\x3f.*?cid0\x3d[A-Za-z\x5c\x2e0-9]*[^A-Za-z\x5c\x2f\x2e\x26\x3d0-9\s] 2 0 0 1
|
||
|
|
439 439 \xff\x5e\x00(\x05[\x80-\xff]|\x06\x00[\x80-\xff]|\x06[^\x00]) 2 0 0 1
|
||
|
|
440 440 \xff{32}$ 2 0 0 1
|
||
|
|
441 441 \|(25[0-5]|2[0-4]\d|[01]?\d\d?)\.(25[0-5]|2[0-4]\d|[01]?\d\d?)\.(25[0-5]|2[0-4]\d|[01]?\d\d?)\.(25[0-5]|2[0-4]\d|[01]?\d\d?)\|\d+\| 2 0 0 1
|
||
|
|
442 442 ^((\.\.\/|\.\.\\).*|(\.(exe|dll)))~~ 2 0 0 1
|
||
|
|
443 443 ^(.{3}[\x80-\xFF]|.{7}[\x80-\xFF]) 2 0 0 1
|
||
|
|
444 444 ^(GET|OPTIONS|HEAD|POST|PUT|DELETE|CONNECT|PROPFIND|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK)[^\r\n]*\s+[^\r\n]*\x2f\x25c0\x25af\x2f 2 0 0 1
|
||
|
|
445 445 ^(GET|POST|HEAD)\s+[^\x25\r\n]*\x25[\x23\x24\x27\x2a\x2b\x2d\x2ehlqjzt1234567890]*[diouxefgacspn] 2 0 0 1
|
||
|
|
446 446 ^(NT|CallBack|SID|TimeOut)\s*\x3a\s*[^\n]{512} 2 0 0 1
|
||
|
|
447 447 ^(To|From)[^\x3e]*?\x3e[a-z0-9]*[^a-z0-9][^\x3c]*?\x3c\x2fconvert(To|From) 2 0 0 1
|
||
|
|
448 448 ^(UN)?SUBSCRIBE\s 2 0 0 1
|
||
|
|
449 449 ^([\x22\x27]\s*value)?\s*=\s*\x22[^\x22]{70} 2 0 0 1
|
||
|
|
450 450 ^([\x22\x27]\s*value)?\s*=\s*\x27[^\x27]{70} 2 0 0 1
|
||
|
|
451 451 ^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74) 2 0 0 1
|
||
|
|
452 452 ^(\xFF|\x3C)\x00 2 0 0 1
|
||
|
|
453 453 ^(admin|axis2) 2 0 0 1
|
||
|
|
454 454 ^(encrypt|decrypt)\x28\x27[^\x27]{129} 2 0 0 1
|
||
|
|
455 455 ^...(..)?[\x80-\xff] 2 0 0 1
|
||
|
|
456 456 ^.\x00{3}(\x03|\x04) 2 0 0 1
|
||
|
|
457 457 ^.{27} 2 0 0 1
|
||
|
|
458 458 ^.{27} 2 0 0 1
|
||
|
|
459 459 ^.{28}([0-9A-Z\x20\x2F]{4}.{8}[^\xFF].{7})*([0-9A-Z\x20\x2F]{4}.{8}\xFF{3}) 2 0 0 1
|
||
|
|
460 460 ^.{28}(\x00\x1f|\x00\x20) 2 0 0 1
|
||
|
|
461 461 ^.{2} 2 0 0 1
|
||
|
|
462 462 ^.{2}\x08\xa5\x00\x01.{14}(([^\x00]|\x00[\x81-\xFF])|.{4}([^\x00]|\x00[\x81-\xFF])) 2 0 0 1
|
||
|
|
463 463 ^.{4} 2 0 0 1
|
||
|
|
464 464 ^.{4} 2 0 0 1
|
||
|
|
465 465 ^.{4}(\x00\x00\x00\x00|.{12}) 2 0 0 1
|
||
|
|
466 466 ^.{8}\x01[\x35\x36\x41\x42\x44-\x49] 2 0 0 1
|
||
|
|
467 467 ^.{8}\x01[\x37-\x40\x43] 2 0 0 1
|
||
|
|
468 468 ^.{8}user\x00[^\x00]+?\x00database\x00-[^\x00]+?\x00 2 0 0 1
|
||
|
|
469 469 ^9\s(\S{101}|\S+\s(\S{349}|\S+\s\S{521})) 2 0 0 1
|
||
|
|
470 470 ^<!--\s+[\w]{52,}\s+-->\r\n 2 0 0 1
|
||
|
|
471 471 ^Authorization\s*\x3A\s*Digest\s+([^\n\x2C]*\x2C){15} 2 0 0 1
|
||
|
|
472 472 ^Authorization\x3a\s*Basic[^\n]{256} 2 0 0 1
|
||
|
|
473 473 ^CONNECT\s[^\s]{1024} 2 0 0 1
|
||
|
|
474 474 ^Connection\x3A\s*[^\r\n]*?\x2c\x2c 2 0 0 1
|
||
|
|
475 475 ^Content-Disposition\x3A\s*attachment 2 0 0 1
|
||
|
|
476 476 ^Content-Length\s*\x3A\s 2 0 0 1
|
||
|
|
477 477 ^Content-Length\s*\x3A\s*[1-9][0-9]{8} 2 0 0 1
|
||
|
|
478 478 ^Content-Length\x3a\s*0*([1-9][0-9]{8}|[7-9][0-9]{8}) 2 0 0 1
|
||
|
|
479 479 ^Content-Type\x3a[\x20\x09]+application\/octet-stream 2 0 0 1
|
||
|
|
480 480 ^Content-Type\x3a[\x20\x09]+application\/x-msdos-program 2 0 0 1
|
||
|
|
481 481 ^Cookie\x3a\s?SECID=[^\x3b]+?$ 2 0 0 1
|
||
|
|
482 482 ^EXECSCRIPT\s+\.\.[\x2F\x5C]\.\. 2 0 0 1
|
||
|
|
483 483 ^From\x3A[^\r\n]*Trojaner-Info<webmaster@trojaner-info\x2Ede> 2 0 0 1
|
||
|
|
484 484 ^From\x3a[^\r\n]*SpyBuddy 2 0 0 1
|
||
|
|
485 485 ^GET \x2F3010[0-9A-F]{166}00000001 2 0 0 1
|
||
|
|
486 486 ^GET\s+.*\x2Frequests\x2Fstatus\.xml\x3F.*smb\x3A\x2F\x2F[^\s\x0A\x0D]{251} 2 0 0 1
|
||
|
|
487 487 ^Host:\s*?[a-f0-9]{16}\. 2 0 0 1
|
||
|
|
488 488 ^Host:\s*?[a-f0-9]{63,64}\. 2 0 0 1
|
||
|
|
489 489 ^Host\x3A\s+.*jaiku\x2Ecom 2 0 0 1
|
||
|
|
490 490 ^Host\x3a[^\r\n]*cojud\x2Edmcast\x2Ecom 2 0 0 1
|
||
|
|
491 491 ^Host\x3a[^\r\n]*corep\x2Edmcast\x2Ecom 2 0 0 1
|
||
|
|
492 492 ^Host\x3a[^\r\n]*dcww\x2Edmcast\x2Ecom 2 0 0 1
|
||
|
|
493 493 ^Host\x3a[^\r\n]*related\x2Eyok\x2Ecom 2 0 0 1
|
||
|
|
494 494 ^Host\x3a[^\r\n]*www\x2Eyok\x2Ecom 2 0 0 1
|
||
|
|
495 495 ^Host\x3a\s*(194.192.14.125|202.75.58.179|flashupdates.info|nvidiadrivers.info|videosync.info) 2 0 0 1
|
||
|
|
496 496 ^Host\x3a\s*(cache.dyndns.info|flashcenter.info|flashrider.org|webapp.serveftp.com|web.velocitycache.com) 2 0 0 1
|
||
|
|
497 497 ^Host\x3a\x20\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\r?\n 2 0 0 1
|
||
|
|
498 498 ^Location:\s*?https?\x3a\x2f{2}[0-9a-f]{16}[^/]+?\/index.php\?[a-z]=[^&\r\n]{100} 2 0 0 1
|
||
|
|
499 499 ^Location\x3a[^\n]*file\x3a\x2f\x2f127\x2e0\x2e0\x2e1 2 0 0 1
|
||
|
|
500 500 ^POST\x20\x2fg[ao]lfstream\x26 2 0 0 1
|