diff --git a/Makefile b/Makefile
index a9188d045..621cf5bb1 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@
 
 
 SAMPLES_REPO ?= chainguard-dev/malcontent-samples
-SAMPLES_COMMIT ?= dd5e3099092d965b83ac31f803769ab04bc18d7d
+SAMPLES_COMMIT ?= 38d8faef6bcbd63f7cc02bb243b12aaa3e1ba70c
 
 # BEGIN: lint-install ../malcontent
 # http://github.com/tinkerbell/lint-install
diff --git a/pkg/compile/compile.go b/pkg/compile/compile.go
index 25b3cf2bc..c945c1acf 100644
--- a/pkg/compile/compile.go
+++ b/pkg/compile/compile.go
@@ -58,6 +58,7 @@ var badRules = map[string]bool{
 	"mimikatz_offensive_tool_keyword":            true,
 	// Inquest
 	"Microsoft_Excel_Hidden_Macrosheet": true,
+	"Adobe_Type_1_Font":                 true,
 	// YARA VT
 	"Base64_Encoded_URL":   true,
 	"Windows_API_Function": true,
diff --git a/rules/anti-behavior/process-check.yara b/rules/anti-behavior/process-check.yara
index 474ddcd3a..9cfeb71c4 100644
--- a/rules/anti-behavior/process-check.yara
+++ b/rules/anti-behavior/process-check.yara
@@ -34,8 +34,12 @@ rule linux_monitors: high linux {
     $x_vmstat  = "vmstat" fullword
     $x_ps      = "ps" fullword
 
+    $not_renice     = "renice" fullword
+    $not_ddrescue   = "ddrescue" fullword
+    $not_traceroute = "traceroute" fullword
+
   condition:
-    filesize < 100KB and any of ($p*) and 3 of ($x*)
+    filesize < 100KB and any of ($p*) and 3 of ($x*) and none of ($not*)
 }
 
 rule anti_rootkit_hunter: high linux {
diff --git a/rules/anti-static/base64/exec.yara b/rules/anti-static/base64/exec.yara
index 80eaace58..536780750 100644
--- a/rules/anti-static/base64/exec.yara
+++ b/rules/anti-static/base64/exec.yara
@@ -3,26 +3,27 @@ rule base64_commands: high {
     description = "commands in base64 form"
 
   strings:
-    $b_chmod        = "chmod" base64
-    $b_curl         = "curl -" base64
-    $b_bin_sh       = "/bin/sh" base64
-    $b_bin_bash     = "/bin/bash" base64
-    $b_openssl      = "openssl" base64
-    $b_dev_null     = "/dev/null" base64
-    $b_usr_bin      = "/usr/bin" base64
-    $b_usr_sbin     = "/usr/sbin" base64
-    $b_var_tmp      = "/var/tmp" base64
-    $b_var_run      = "/var/run" base64
-    $b_screen_dm    = "screen -" base64
-    $b_zmodload     = "zmodload" base64
-    $b_dev_tcp      = "/dev/tcp" base64
-    $b_bash_i       = "bash -i" base64
-    $b_tar_c        = "tar -c" base64
-    $b_tar_x        = "tar -x" base64
-    $b_bash_c       = "bash -c" base64
-    $not_kandji     = "kandji-parameter-agent"
-    $not_mdmprofile = "mdmprofile"
-    $not_example    = "commands are encoded"
+    $b_chmod              = "chmod" base64
+    $b_curl               = "curl -" base64
+    $b_bin_sh             = "/bin/sh" base64
+    $b_bin_bash           = "/bin/bash" base64
+    $b_openssl            = "openssl" base64
+    $b_dev_null           = "/dev/null" base64
+    $b_usr_bin            = "/usr/bin" base64
+    $b_usr_sbin           = "/usr/sbin" base64
+    $b_var_tmp            = "/var/tmp" base64
+    $b_var_run            = "/var/run" base64
+    $b_screen_dm          = "screen -" base64
+    $b_zmodload           = "zmodload" base64
+    $b_dev_tcp            = "/dev/tcp" base64
+    $b_bash_i             = "bash -i" base64
+    $b_tar_c              = "tar -c" base64
+    $b_tar_x              = "tar -x" base64
+    $b_bash_c             = "bash -c" base64
+    $not_kandji           = "kandji-parameter-agent"
+    $not_mdmprofile       = "mdmprofile"
+    $not_example          = "commands are encoded"
+    $not_sourcemappingURL = "sourceMappingURL=data:application/json;charset=utf-8;base64"
 
   condition:
     any of ($b_*) and none of ($not_*)
@@ -82,19 +83,6 @@ rule echo_decode_bash_probable: high {
     filesize < 256KB and any of them and (@shell[#shell] - @decode[#decode]) < 32 and (@shell[#shell] - @decode[#decode]) > 0
 }
 
-rule acme_sh: override {
-  meta:
-    description               = "acme.sh"
-    echo_decode_bash_probable = "medium"
-    iplookup_website          = "medium"
-
-  strings:
-    $ref = "https://github.com/acmesh-official"
-
-  condition:
-    $ref
-}
-
 rule ruby_system_near_enough: critical {
   meta:
     description = "Executes commands from base64 content"
diff --git a/rules/anti-static/base64/http_agent.yara b/rules/anti-static/base64/http_agent.yara
index 5a683b387..81375eb4f 100644
--- a/rules/anti-static/base64/http_agent.yara
+++ b/rules/anti-static/base64/http_agent.yara
@@ -3,12 +3,14 @@ rule base64_http_val: high {
     description = "base64 HTTP protocol references"
 
   strings:
-    $user_agent  = "User-Agent" base64
-    $mozilla_5_0 = "Mozilla/5.0" base64
-    $referer     = "Referer" base64
-    $http_1_0    = "HTTP/1.0" base64
-    $http_1_1    = "HTTP/1.1" base64
+    $b_user_agent  = "User-Agent" base64
+    $b_mozilla_5_0 = "Mozilla/5.0" base64
+    $b_referer     = "Referer" base64
+    $b_http_1_0    = "HTTP/1.0" base64
+    $b_http_1_1    = "HTTP/1.1" base64
+
+    $not_sourcemappingURL = "sourceMappingURL=data:application/json;charset=utf-8;base64"
 
   condition:
-    any of them
+    any of ($b*) and none of ($not*)
 }
diff --git a/rules/anti-static/elf/entropy.yara b/rules/anti-static/elf/entropy.yara
index 262adae50..a656ac54f 100644
--- a/rules/anti-static/elf/entropy.yara
+++ b/rules/anti-static/elf/entropy.yara
@@ -24,9 +24,10 @@ rule normal_elf_high_entropy_7_4: high {
 
   strings:
     $not_whirlpool = "libgcrypt-grub/cipher/whirlpool.c"
+    $not_bazel     = "BazelLogHandler"
 
   condition:
-    normal_elf and math.entropy(1, filesize) >= 7.4 and none of ($not*)
+    filesize < 30MB and normal_elf and math.entropy(1, filesize) >= 7.4 and none of ($not*)
 }
 
 rule normal_elf_high_entropy_footer_7_4: high {
diff --git a/rules/anti-static/obfuscation/bitwise.yara b/rules/anti-static/obfuscation/bitwise.yara
index 96a08b146..a40b71e8b 100644
--- a/rules/anti-static/obfuscation/bitwise.yara
+++ b/rules/anti-static/obfuscation/bitwise.yara
@@ -32,6 +32,7 @@ rule excessive_bitwise_math: high {
     $not_effective_bits = "effective bits"
     $not_bit_offsets    = "bit offsets"
     $not_uuid           = "uuid" fullword
+    $not_webpack        = "webpack-api-runtime.js" fullword
 
   condition:
     filesize < 192KB and #x > 64 and none of ($not*)
@@ -132,8 +133,10 @@ rule unsigned_bitwise_math_excess: high {
     $left  = /[a-z]\>\>\>\d{1,3}/
     $right = /[a-z]\>\>\>\d{1,3}/
 
+    $not_webpack = "webpack-api-runtime.js" fullword
+
   condition:
-    filesize < 5MB and $function and $charAt and (#left > 50 or #right > 50)
+    filesize < 5MB and $function and $charAt and (#left > 50 or #right > 50) and none of ($not*)
 }
 
 rule charAtBitwise: high {
diff --git a/rules/anti-static/obfuscation/python.yara b/rules/anti-static/obfuscation/python.yara
index b06a6f2b9..8eb7e5a54 100644
--- a/rules/anti-static/obfuscation/python.yara
+++ b/rules/anti-static/obfuscation/python.yara
@@ -1,13 +1,11 @@
 private rule probably_python {
   strings:
-    $f_function = "import" fullword
-    $f_for      = "for x in" fullword
-    $f_return   = "return self."
-    $f_def      = "def _"
-    $f_ord      = " ord("
+    $import   = "import "
+    $f_common = /\s(def|if|with|else:) /
+    $f_exotic = /exec\(|b64decode|bytes\(/
 
   condition:
-    filesize < 10MB and any of ($f*)
+    filesize < 10MB and $import in (1..1024) and any of ($f*)
 }
 
 rule py_indirect_builtins: suspicious {
@@ -282,7 +280,7 @@ rule multi_decode_3: high {
     $decode_or_b64decode = /\.[b64]{0,3}decode\(.{0,256}\.[b64]{0,3}decode\(.{0,256}\.[b64]{0,3}decode/
 
   condition:
-    filesize < 10MB and all of them
+    probably_python and filesize < 10MB and all of them
 }
 
 rule multi_decode: medium {
@@ -311,13 +309,13 @@ rule rename_requests: medium {
 
 rule rename_requests_2char: high {
   meta:
-    description = "imports 'requests' library and gives it a two-letter name"
+    description = "imports 'requests' library and gives it a shorter name"
 
   strings:
-    $ref = /import requests as \w{2}/
+    $ref = /import requests as \w{1,2}/ fullword
 
   condition:
-    filesize < 65535 and all of them
+    filesize < 32KB and all of them
 }
 
 rule rename_os: high {
diff --git a/rules/anti-static/xor/xor-commands.yara b/rules/anti-static/xor/xor-commands.yara
index b7b482967..31350d540 100644
--- a/rules/anti-static/xor/xor-commands.yara
+++ b/rules/anti-static/xor/xor-commands.yara
@@ -3,34 +3,31 @@ rule xor_commands: high {
     description = "commands obfuscated using xor"
 
   strings:
-    $b_chmod           = "chmod " xor(1-31)
-    $b_curl            = "curl -" xor(1-31)
-    $b_bin_sh          = "/bin/sh" xor(1-31)
-    $b_bin_bash        = "/bin/bash" xor(1-31)
-    $b_openssl         = "openssl" xor(1-31)
-    $b_screen_dm       = "screen -" xor(1-31)
-    $b_zmodload        = "zmodload" xor(1-31)
-    $b_dev_tcp         = "/dev/tcp" xor(1-31)
-    $b_bash_i          = "bash -i" xor(1-31)
-    $b_bash_c          = "bash -c" xor(1-31)
-    $b_base64          = "base64" xor(1-31)
-    $b_eval            = "eval(" xor(1-31)
-    $b_chmod2          = "chmod " xor(33-255)
-    $b_curl2           = "curl -" xor(33-255)
-    $b_bin_sh2         = "/bin/sh" xor(33-255)
-    $b_bin_bash2       = "/bin/bash" xor(33-255)
-    $b_openssl2        = "openssl" xor(33-255)
-    $b_screen_dm2      = "screen -" xor(33-255)
-    $b_zmodload2       = "zmodload" xor(33-255)
-    $b_dev_tcp2        = "/dev/tcp" xor(33-255)
-    $b_bash_i2         = "bash -i" xor(33-255)
-    $b_bash_c2         = "bash -c" xor(33-255)
-    $b_base642         = "base64" xor(33-255)
-    $b_eval2           = "eval(" xor(33-255)
-    $b_xterm           = "TERM=xterm" xor(1-31)
-    $b_xterm2          = "TERM=xterm" xor(33-255)
-    $not_password_list = "qwer1234"
+    $b_chmod      = "chmod " xor(1-31)
+    $b_curl       = "curl -" xor(1-31)
+    $b_bin_sh     = "/bin/sh" xor(1-31)
+    $b_bin_bash   = "/bin/bash" xor(1-31)
+    $b_openssl    = "openssl" xor(1-31)
+    $b_screen_dm  = "screen -" xor(1-31)
+    $b_zmodload   = "zmodload" xor(1-31)
+    $b_dev_tcp    = "/dev/tcp" xor(1-31)
+    $b_bash_i     = "bash -i" xor(1-31)
+    $b_bash_c     = "bash -c" xor(1-31)
+    $b_base64     = "base64" xor(1-31)
+    $b_chmod2     = "chmod " xor(33-255)
+    $b_curl2      = "curl -" xor(33-255)
+    $b_bin_sh2    = "/bin/sh" xor(33-255)
+    $b_bin_bash2  = "/bin/bash" xor(33-255)
+    $b_openssl2   = "openssl" xor(33-255)
+    $b_screen_dm2 = "screen -" xor(33-255)
+    $b_zmodload2  = "zmodload" xor(33-255)
+    $b_dev_tcp2   = "/dev/tcp" xor(33-255)
+    $b_bash_i2    = "bash -i" xor(33-255)
+    $b_bash_c2    = "bash -c" xor(33-255)
+    $b_base642    = "base64" xor(33-255)
+    $b_xterm      = "TERM=xterm" xor(1-31)
+    $b_xterm2     = "TERM=xterm" xor(33-255)
 
   condition:
-    any of ($b_*) and not ($b_eval and $not_password_list)
+    any of them
 }
diff --git a/rules/anti-static/xor/xor-functions.yara b/rules/anti-static/xor/xor-functions.yara
new file mode 100644
index 000000000..0b7bd62ca
--- /dev/null
+++ b/rules/anti-static/xor/xor-functions.yara
@@ -0,0 +1,11 @@
+rule xor_eval: medium {
+  meta:
+    description = "eval( xor'd"
+
+  strings:
+    $b_eval  = "eval(" xor(1-31)
+    $b_eval2 = "eval(" xor(33-255)
+
+  condition:
+    any of ($b_*)
+}
diff --git a/rules/c2/addr/ip.yara b/rules/c2/addr/ip.yara
index 870821c50..d2e074f92 100644
--- a/rules/c2/addr/ip.yara
+++ b/rules/c2/addr/ip.yara
@@ -43,6 +43,8 @@ rule bin_hardcoded_ip: high {
     $not_10_11_12_13       = "10.11.12.13"
     $not_libebt_among_init = "libebt_among_init"
     $not_send_att          = "3.2.5.7"
+    $not_192_168           = "192.168."
+    $not_2345              = "23.45.67.89"
 
   condition:
     filesize < 12MB and ip_elf_or_macho and 1 of ($sus_ip*) and none of ($not*)
diff --git a/rules/c2/addr/url.yara b/rules/c2/addr/url.yara
index 99d7c80c7..898c0fd9e 100644
--- a/rules/c2/addr/url.yara
+++ b/rules/c2/addr/url.yara
@@ -95,6 +95,7 @@ rule binary_url_with_question: high {
     $not_msdn        = "msdn.microsoft.com/"
     $not_codeproject = "www.codeproject.com/"
     $not_wiki        = "index.php?title="
+    $not_mesibo      = "https://api.mesibo.com/api.php?"
 
   condition:
     filesize < 150MB and elf_or_macho and $ref and none of ($not*)
diff --git a/rules/c2/tool_transfer/exe_url.yara b/rules/c2/tool_transfer/exe_url.yara
index 87dda5c72..077fcb394 100644
--- a/rules/c2/tool_transfer/exe_url.yara
+++ b/rules/c2/tool_transfer/exe_url.yara
@@ -3,10 +3,11 @@ rule http_url_with_exe: high {
     description = "accesses hardcoded executable endpoint"
 
   strings:
-    $exe_url = /https*:\/\/[\w\.]{0,160}[:\/\w\_\-\?\@=]{6,160}\.exe/ fullword
+    $exe_url         = /https*:\/\/[\w\.]{0,160}[:\/\w\_\-\?\@=]{6,160}\.exe/
+    $not_mongodb_404 = "https://docs.mongodb.com/manual/reference/method/Bulk.exe"
 
   condition:
-    any of ($exe*)
+    any of ($exe*) and none of ($not*)
 }
 
 rule http_ip_url_with_exe: critical {
@@ -14,7 +15,7 @@ rule http_ip_url_with_exe: critical {
     description = "accesses hardcoded executable endpoint via IP"
 
   strings:
-    $exe_url = /https*:\/\/[\d\.\:\[\]]{8,64}[:\/\w\_\-\?\@=]{6,160}\.exe/ fullword
+    $exe_url = /https*:\/\/[\d\.\:\[\]]{8,64}[:\/\w\_\-\?\@=]{6,160}\.exe/
 
   condition:
     any of ($exe*)
@@ -25,7 +26,7 @@ rule http_url_with_msi: high {
     description = "accesses hardcoded install file endpoint"
 
   strings:
-    $exe_url = /https*:\/\/[\w\.]{0,160}[:\/\w\_\-\?\@=]{6,160}\.(msi|pkg)/ fullword
+    $exe_url = /https*:\/\/[\w\.]{0,160}[:\/\w\_\-\?\@=]{6,160}\.msi/
 
   condition:
     any of ($exe*)
@@ -36,7 +37,7 @@ rule http_ip_url_with_msi: critical {
     description = "accesses hardcoded install file endpoint via IP"
 
   strings:
-    $exe_url = /https*:\/\/[\d\.\:\[\]]{8,64}[:\/\w\_\-\?\@=]{6,160}\.(msi|pkg)/ fullword
+    $exe_url = /https*:\/\/[\d\.\:\[\]]{8,64}[:\/\w\_\-\?\@=]{6,160}\.msi/
 
   condition:
     any of ($exe*)
diff --git a/rules/c2/tool_transfer/grayware.yara b/rules/c2/tool_transfer/grayware.yara
index f91f65a82..5615f67a4 100644
--- a/rules/c2/tool_transfer/grayware.yara
+++ b/rules/c2/tool_transfer/grayware.yara
@@ -22,7 +22,6 @@ rule grayware_sites: high {
     $ = "packetstormsecurity"
     $ = "pentestmonkey.net"
     $ = "phpjiami.com"
-    $ = "shodan.io"
     $ = "github.com/b374k/b374k"
     $ = "mumaasp.com"
 
diff --git a/rules/c2/tool_transfer/python.yara b/rules/c2/tool_transfer/python.yara
index 9b3df8104..8d19547b1 100644
--- a/rules/c2/tool_transfer/python.yara
+++ b/rules/c2/tool_transfer/python.yara
@@ -1,3 +1,13 @@
+private rule probably_python_tt {
+  strings:
+    $import   = "import "
+    $f_common = /\s(def|if|with|else:) /
+    $f_exotic = /exec\(|b64decode|bytes\(/
+
+  condition:
+    filesize < 10MB and $import in (1..1024) and any of ($f*)
+}
+
 private rule py_fetcher: medium {
   meta:
     description = "fetches content"
@@ -12,7 +22,7 @@ private rule py_fetcher: medium {
     $http_wget          = "wget" fullword
 
   condition:
-    any of them
+    probably_python_tt and any of them
 }
 
 private rule py_runner {
@@ -27,7 +37,7 @@ private rule py_runner {
     $system       = /system\([\"\'\w\ \-\)\/]{0,64}/
 
   condition:
-    any of them
+    probably_python_tt and any of them
 }
 
 rule py_dropper: medium {
diff --git a/rules/credential/shell/bash_history.yara b/rules/credential/shell/bash_history.yara
index 903ca2eb1..b26ef8d31 100644
--- a/rules/credential/shell/bash_history.yara
+++ b/rules/credential/shell/bash_history.yara
@@ -1,23 +1,25 @@
-rule bash_history: high {
+rule bash_history: medium {
   meta:
     description = "accesses bash shell history"
 
   strings:
-    $ref = ".bash_history" fullword
+    $ref = ".bash_history"
 
   condition:
     all of them
 }
 
-rule bash: override {
+rule bash_history_high: high {
   meta:
-    description  = "bash"
-    bash_history = "medium"
+    description = "accesses bash shell history"
 
   strings:
-    $posix  = "POSIXLY_CORRECT"
-    $source = "BASH_SOURCE"
+    $ref        = ".bash_history"
+    $not_posix  = "POSIXLY_CORRECT"
+    $not_source = "BASH_SOURCE"
+    $not_cshrc  = ".cshrc"
 
   condition:
-    filesize > 100KB and filesize < 2MB and all of them
+    $ref and none of ($not*)
 }
+
diff --git a/rules/credential/ssh/ssh.yara b/rules/credential/ssh/ssh.yara
index a508d8381..214581b98 100644
--- a/rules/credential/ssh/ssh.yara
+++ b/rules/credential/ssh/ssh.yara
@@ -29,13 +29,14 @@ rule id_rsa_not_ssh: high {
     description = "non-SSH client accessing SSH private keys"
 
   strings:
-    $id_rsa            = "id_rsa"
-    $not_ssh_newkeys   = "SSH_MSG"
-    $not_ssh_userauth  = "SSH_USERAUTH"
-    $not_ssh_20        = "SSH-2.0"
-    $not_openssh       = "OpenSSH"
-    $not_ssh2          = "SSH2" fullword
-    $not_SSH_AUTH_SOCK = "SSH_AUTH_SOCK"
+    $id_rsa             = "id_rsa"
+    $not_ssh_newkeys    = "SSH_MSG"
+    $not_ssh_userauth   = "SSH_USERAUTH"
+    $not_ssh_20         = "SSH-2.0"
+    $not_openssh        = "OpenSSH"
+    $not_ssh2           = "SSH2" fullword
+    $not_SSH_AUTH_SOCK  = "SSH_AUTH_SOCK"
+    $not_host_key_check = "host_key_check"
 
   condition:
     filesize < 10MB and ssh_folder and $id_rsa and none of ($not*)
diff --git a/rules/crypto/xor.yara b/rules/crypto/xor.yara
index 737c66dfb..4473db845 100644
--- a/rules/crypto/xor.yara
+++ b/rules/crypto/xor.yara
@@ -3,14 +3,16 @@ rule xor_decode_encode: high {
     description = "decodes/encodes XOR content"
 
   strings:
-    $decode  = /\w{0,16}XorDecode[\w]{0,32}/
-    $encode  = /\w{0,16}XorEncode[\w]{0,32}/
-    $file    = /\w{0,16}XorFile[\w]{0,32}/
-    $decode_ = /\w{0,16}xor_decode[\w]{0,32}/
-    $encode_ = /\w{0,16}xor_encode[\w]{0,32}/
-    $file_   = /\w{0,16}xor_file[\w]{0,32}/
-    $crypt   = /\w{0,16}XorCrypt[\w]{0,32}/
+    $x_decode  = /\w{0,16}XorDecode[\w]{0,32}/
+    $x_encode  = /\w{0,16}XorEncode[\w]{0,32}/
+    $x_file    = /\w{0,16}XorFile[\w]{0,32}/
+    $x_decode_ = /\w{0,16}xor_decode[\w]{0,32}/
+    $x_encode_ = /\w{0,16}xor_encode[\w]{0,32}/
+    $x_file_   = /\w{0,16}xor_file[\w]{0,32}/
+    $x_crypt   = /\w{0,16}XorCrypt[\w]{0,32}/
+
+    $not_qemu = "Opcode_xor_encode"
 
   condition:
-    any of them
+    any of ($x*) and none of ($not*)
 }
diff --git a/rules/data/embedded/embedded-base64-gzip.yara b/rules/data/embedded/embedded-base64-gzip.yara
index 57913296e..8749826e2 100644
--- a/rules/data/embedded/embedded-base64-gzip.yara
+++ b/rules/data/embedded/embedded-base64-gzip.yara
@@ -18,6 +18,7 @@ rule base64_gz_high_entropy: high {
   strings:
     $header        = "H4sIA"
     $not_cloudinit = "cloudinit" fullword
+    $not_webpack   = "webpack-api-runtime.js" fullword
 
   condition:
     filesize < 2MB and math.entropy(1, filesize) >= 6.5 and $header and none of ($not*)
@@ -28,12 +29,13 @@ rule base64_obfuscated_js: high {
     description = "Contains base64 gzip content within high-entropy javascript"
 
   strings:
-    $f_header   = "H4sIA"
-    $f_char_at  = "charAt("
-    $f_substr   = "substr("
-    $f_join     = "join("
-    $f_function = "function("
+    $f_header    = "H4sIA"
+    $f_char_at   = "charAt("
+    $f_substr    = "substr("
+    $f_join      = "join("
+    $f_function  = "function("
+    $not_webpack = "webpack-api-runtime.js" fullword
 
   condition:
-    filesize < 2MB and all of ($f*) and math.entropy(1, filesize) >= 5.0
+    filesize < 2MB and all of ($f*) and math.entropy(1, filesize) >= 5.0 and none of ($not*)
 }
diff --git a/rules/discover/ip/public_ip.yara b/rules/discover/ip/public_ip.yara
index 5d0a5f4f9..7c08db4ec 100644
--- a/rules/discover/ip/public_ip.yara
+++ b/rules/discover/ip/public_ip.yara
@@ -3,7 +3,7 @@ rule iplookup_website: high {
     description = "public service to discover external IP address"
 
   strings:
-    $ipify       = "ipify.or"
+    $ipify       = /ipify\.org{0,1}/
     $wtfismyip   = "wtfismyip"
     $iplogger    = "iplogger.org"
     $getjsonip   = "getjsonip"
diff --git a/rules/evasion/file/location/x11-unix.yara b/rules/evasion/file/location/x11-unix.yara
index bf2697fe7..1a04c6526 100644
--- a/rules/evasion/file/location/x11-unix.yara
+++ b/rules/evasion/file/location/x11-unix.yara
@@ -1,4 +1,4 @@
-rule hidden_x11: high {
+rule hidden_x11: medium {
   meta:
     description = "references content in /tmp/.X11-unix"
     ref         = "https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/"
@@ -10,18 +10,24 @@ rule hidden_x11: high {
     filesize < 10MB and all of them
 }
 
-rule X11: override {
+rule hidden_x11_unexpected: high {
   meta:
-    hidden_x11 = "low"
+    description = "references content in /tmp/.X11-unix"
+    ref         = "https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/"
 
   strings:
-    $usr_share   = "/usr/share/X11"
-    $X11Gray     = "X11Gray"
-    $X11_space   = "/etc/X11/"
-    $X11R6       = "X11R6/share"
-    $XForwarding = "X11 forwarding"
-    $X           = "/tmp/.X11-unix/X" fullword
+    $x11 = /\/tmp\/\.X11-unix\/[\.\w\%\$\{\}\/\-]{1,16}/
+
+    $not_usr_share   = "/usr/share/X11"
+    $not_X11Gray     = "X11Gray"
+    $not_etc         = "/etc/X11/"
+    $not_X11R6       = "X11R6/share"
+    $not_XForwarding = "X11 forwarding"
+    $not_X           = "/tmp/.X11-unix/X" fullword
+    $not_libx11      = "libX11.so.6"
+    $not_XAUTHORITY  = "XAUTHORITY"
 
   condition:
-    filesize < 10MB and any of them
+    filesize < 10MB and $x11 and none of ($not*)
 }
+
diff --git a/rules/evasion/process_injection/ptrace.yara b/rules/evasion/process_injection/ptrace.yara
index 783c1b4e4..d2fa730d1 100644
--- a/rules/evasion/process_injection/ptrace.yara
+++ b/rules/evasion/process_injection/ptrace.yara
@@ -10,7 +10,7 @@ rule ptrace: medium {
     any of them
 }
 
-rule ptrace_injector: high {
+rule ptrace_injector: medium {
   meta:
     description = "may inject code into other processes"
 
@@ -22,3 +22,19 @@ rule ptrace_injector: high {
   condition:
     filesize < 67108864 and $maps and $ptrace and $proc
 }
+
+rule ptrace_injector_unknown: high {
+  meta:
+    description = "may inject code into other processes"
+
+  strings:
+    $maps   = /\/{0,1}proc\/[%{][%}\w]{0,1}\/maps/
+    $ptrace = "ptrace" fullword
+    $proc   = "process" fullword
+
+    $not_bpftool = "bpftool" fullword
+    $not_libdw   = "invalid DWARF"
+
+  condition:
+    filesize < 67108864 and $maps and $ptrace and $proc and none of ($not*)
+}
diff --git a/rules/exec/remote_commands/code_eval.yara b/rules/exec/remote_commands/code_eval.yara
index 2ae150a6a..2930a1265 100644
--- a/rules/exec/remote_commands/code_eval.yara
+++ b/rules/exec/remote_commands/code_eval.yara
@@ -92,6 +92,7 @@ rule python_exec_complex: high {
     $exec           = /exec\([\w\. =]{1,32}\(.{0,8192}\)\)/ fullword
     $not_javascript = "function("
     $not_pyparser   = "exec(compile(open(self.parsedef).read(), self.parsedef, 'exec'))"
+    $not_versioneer = "exec(VERSIONEER.decode(), globals())"
 
   condition:
     filesize < 512KB and $exec and none of ($not*)
diff --git a/rules/exec/shell/tmp_semicolon.yara b/rules/exec/shell/tmp_semicolon.yara
index aa22d8033..05e398728 100644
--- a/rules/exec/shell/tmp_semicolon.yara
+++ b/rules/exec/shell/tmp_semicolon.yara
@@ -6,8 +6,10 @@ rule semicolon_short_tmp: high {
     $tmp_before = /[\w\/ \-\;]{0,32} \/tmp\/[a-z]{1,5} {0,2};/
     $tmp_after  = /[\w\/ \-]{0,32}; {0,2}\/tmp\/[a-z]{1,5}[\w\/ \-\&\;]{0,32}/
 
+    $not_dashes = "--;/tmp"
+
   condition:
-    any of them
+    filesize < 1MB and any of ($tmp*) and none of ($not*)
 }
 
 rule semicolon_short_var_tmp: high {
@@ -17,7 +19,9 @@ rule semicolon_short_var_tmp: high {
   strings:
     $var_tmp_before = /[\w\/ \-\;]{0,32} \/var\/tmp\/[a-z]{1,5} {0,2};/
     $var_tmp_after  = /[\w\/ \-]{0,32}; {0,2}\/var\/tmp\/[a-z]{1,5}[\w\/ \-\&\;]{0,32}/
+    $not_dashes     = "--;/var/tmp"
 
   condition:
-    any of them
+    filesize < 1MB and any of ($var*) and none of ($not*)
+
 }
diff --git a/rules/false_positives/acme.yara b/rules/false_positives/acme.yara
new file mode 100644
index 000000000..77d42d8e7
--- /dev/null
+++ b/rules/false_positives/acme.yara
@@ -0,0 +1,14 @@
+rule acme_sh: override {
+  meta:
+    description               = "acme.sh"
+    echo_decode_bash_probable = "medium"
+    iplookup_website          = "medium"
+    sys_net_recon_exfil       = "medium"
+    cmd_dev_null_quoted       = "medium"
+
+  strings:
+    $ref = "https://github.com/acmesh-official"
+
+  condition:
+    $ref
+}
diff --git a/rules/false_positives/ap_compiler.yara b/rules/false_positives/ap_compiler.yara
new file mode 100644
index 000000000..41d7e332d
--- /dev/null
+++ b/rules/false_positives/ap_compiler.yara
@@ -0,0 +1,11 @@
+rule ap_compiler_override: override {
+  meta:
+    description                          = "https://github.com/avdaredevil/AP-Compiler"
+    Base64_Encoded_Powershell_Directives = "medium"
+
+  strings:
+    $ref = "https://github.com/avdaredevil/AP-Compiler"
+
+  condition:
+    $ref
+}
diff --git a/rules/false_positives/flatpak.yara b/rules/false_positives/flatpak.yara
index fa802be29..63698d8f2 100644
--- a/rules/false_positives/flatpak.yara
+++ b/rules/false_positives/flatpak.yara
@@ -1,7 +1,7 @@
 rule flatpak: override {
   meta:
-    description = "flatpak"
-    hidden_x11  = "medium"
+    description           = "flatpak"
+    hidden_x11_unexpected = "medium"
 
   strings:
     $flatpak = "FLATPAK_BINARY" fullword
diff --git a/rules/false_positives/kibana.yara b/rules/false_positives/kibana.yara
index 5c5f22173..8718bcfcc 100644
--- a/rules/false_positives/kibana.yara
+++ b/rules/false_positives/kibana.yara
@@ -15,6 +15,12 @@ rule kibana_powershell_evasion_rule: override {
 rule security_solution_plugin: override {
   meta:
     linux_rootkit_terms = "low"
+    masscan             = "low"
+    reverse_shell       = "low"
+    grayware_sites      = "low"
+    http_url_with_exe   = "Low"
+    exotic_tld          = "low"
+    download_sites      = "low"
     description         = "securitySolution.chunk.9.js, securitySolution.chunk.22.js"
 
   strings:
diff --git a/rules/false_positives/libdw.yara b/rules/false_positives/libdw.yara
deleted file mode 100644
index 17fc183d8..000000000
--- a/rules/false_positives/libdw.yara
+++ /dev/null
@@ -1,11 +0,0 @@
-rule libdw_override: override {
-  meta:
-    description     = "libdw.so"
-    ptrace_injector = "medium"
-
-  strings:
-    $dward = "invalid DWARF"
-
-  condition:
-    filesize < 2MB and any of them
-}
diff --git a/rules/false_positives/nmap.yara b/rules/false_positives/nmap.yara
index c233668c3..224aae827 100644
--- a/rules/false_positives/nmap.yara
+++ b/rules/false_positives/nmap.yara
@@ -2,6 +2,8 @@ rule nmap_fingerprints: override {
   meta:
     description                                 = "http-fingerprints.lua"
     SIGNATURE_BASE_Hacktool_Strings_P0Wnedshell = "medium"
+    meterpreter                                 = "medium"
+    grayware_sites                              = "medium"
 
   strings:
     $description = "---HTTP Fingerprint files"
diff --git a/rules/false_positives/prisma_client_js.yara b/rules/false_positives/prisma_client_js.yara
new file mode 100644
index 000000000..8b1378917
--- /dev/null
+++ b/rules/false_positives/prisma_client_js.yara
@@ -0,0 +1 @@
+
diff --git a/rules/false_positives/qemu.yara b/rules/false_positives/qemu.yara
index 181834a73..6268ea83a 100644
--- a/rules/false_positives/qemu.yara
+++ b/rules/false_positives/qemu.yara
@@ -1,10 +1,12 @@
 rule qemu: override {
   meta:
-    description = "QEMU"
+    description    = "QEMU"
+    proc_d_cmdline = "medium"
 
   strings:
-    $module = "QEMU_MODULE"
+    $module  = "QEMU_MODULE"
+    $aligned = "QEMU_IS_ALIGNED"
 
   condition:
-    filesize < 5MB and all of them
+    filesize < 30MB and any of them
 }
diff --git a/rules/false_positives/snapd.yara b/rules/false_positives/snapd.yara
index ffc913462..615e544a6 100644
--- a/rules/false_positives/snapd.yara
+++ b/rules/false_positives/snapd.yara
@@ -7,7 +7,7 @@ rule snapd: override linux {
     dev_mmc               = "medium"
     busybox_runner        = "medium"
     system_log_references = "medium"
-    hidden_x11            = "medium"
+    hidden_x11_unexpected = "medium"
     filetypes             = "elf,so"
 
   strings:
diff --git a/rules/false_positives/trufflehog.yara b/rules/false_positives/trufflehog.yara
new file mode 100644
index 000000000..adcae5da9
--- /dev/null
+++ b/rules/false_positives/trufflehog.yara
@@ -0,0 +1,15 @@
+rule trufflehog_override: override {
+  meta:
+    description            = "github.com/trufflesecurity/trufflehog"
+    suspected_data_stealer = "medium"
+    discord_bot            = "medium"
+    iplookup_website       = "medium"
+    download_sites         = "medium"
+    file_io_uploader       = "medium"
+
+  strings:
+    $ref = "github.com/trufflesecurity/trufflehog"
+
+  condition:
+    filesize > 50MB and filesize < 200MB and any of them
+}
diff --git a/rules/fs/proc/pid-fd.yara b/rules/fs/proc/pid-fd.yara
index 0e5a2751d..9e7438e1d 100644
--- a/rules/fs/proc/pid-fd.yara
+++ b/rules/fs/proc/pid-fd.yara
@@ -36,6 +36,8 @@ rule inspects_opened_sockets: high {
     $ref  = "socket:[" fullword
     $ref2 = /\/proc\/[%{$][\w\}]{0,12}\/fd/
 
+    $not_busybox = "BusyBox" fullword
+
   condition:
-    all of them
+    all of ($ref*) and none of ($not*)
 }
diff --git a/rules/impact/cryptojacking/nicehash_pool.yara b/rules/impact/cryptojacking/nicehash_pool.yara
index 2ddd7b8af..60c073a9a 100644
--- a/rules/impact/cryptojacking/nicehash_pool.yara
+++ b/rules/impact/cryptojacking/nicehash_pool.yara
@@ -3,7 +3,7 @@ rule nicehash_pool: high {
     description = "References Nicehash and mining pools"
 
   strings:
-    $ref  = "nicehash"
+    $ref  = "nicehash" fullword
     $ref2 = "pool"
 
   condition:
diff --git a/rules/impact/exploit/overflow-shellcode.yara b/rules/impact/exploit/overflow-shellcode.yara
index 654622b92..a07760a73 100644
--- a/rules/impact/exploit/overflow-shellcode.yara
+++ b/rules/impact/exploit/overflow-shellcode.yara
@@ -3,13 +3,16 @@ rule exploit: high {
     description = "Buffer overflow exploit"
 
   strings:
-    $padding   = "padding"
-    $address   = "address"
-    $offset    = "offset"
-    $shellcode = "shellcode"
+    $n_padding = "padding" fullword
+    $n_address = "address" fullword
+    $n_offset  = "offset" fullword
+    $shellcode = "shellcode" fullword
+
+    $not_fishshell  = "fishshell"
+    $not_powershell = "powershell"
 
   condition:
-    $shellcode and 3 of them
+    filesize < 3MB and $shellcode and 2 of ($n*) and none of ($not*)
 }
 
 rule execute_shellcode: high {
diff --git a/rules/impact/remote_access/backdoor.yara b/rules/impact/remote_access/backdoor.yara
index a7d35cbae..20628e427 100644
--- a/rules/impact/remote_access/backdoor.yara
+++ b/rules/impact/remote_access/backdoor.yara
@@ -15,7 +15,7 @@ rule backdoor: medium {
     description = "References a 'backdoor'"
 
   strings:
-    $ref = /[a-zA-Z\-_ \']{0,16}[bB]ackdoor[a-zA-Z\-_ ]{0,16}/ fullword
+    $ref = /[\/a-zA-Z\-_ \']{0,16}[bB]ackdoor[\/a-zA-Z\-_ ]{0,48}/
 
     $not_vcpu    = "VCPUInfoBackdoor"
     $not_vmware  = "gGuestBackdoorOps"
@@ -38,7 +38,7 @@ rule backdoor_shell: high {
 
 rule backdoor_likely: high {
   meta:
-    description = "References a 'backdoor'"
+    description = "References a 'backdoor', uses sensitive Linux functions"
 
   strings:
     $backdoor                     = "backdoor" fullword
@@ -55,14 +55,17 @@ rule backdoor_likely: high {
 
 rule backdoor_high: high {
   meta:
-    description = "references a backdoor"
+    description = "suspicious backdoor reference"
 
   strings:
     $lower_prefix = /(hidden|hide|icmp|pam|ssh|sshd)[ _]backdoor/
     $lower_sufifx = /backdoor[_ ](task|process|up|method|user|shell|login|pass)/
 
+    $not_falco_dev_null        = "/dev/null is a backdoor method"
+    $not_falco_backdoor_insert = "backdoor method for inserting special events"
+
   condition:
-    filesize < 10MB and any of them
+    filesize < 10MB and any of ($lower*) and none of ($not*)
 }
 
 rule backdoor_caps: high {
diff --git a/rules/impact/remote_access/socket_filter_exec.yara b/rules/impact/remote_access/socket_filter_exec.yara
index 21bfd8000..efc755785 100644
--- a/rules/impact/remote_access/socket_filter_exec.yara
+++ b/rules/impact/remote_access/socket_filter_exec.yara
@@ -12,6 +12,8 @@ rule linux_network_filter_exec: high {
     $e_bin_sh        = "/bin/sh"
     $e_bin_bash      = "/bin/bash"
     $not_cilium_node = "CILIUM_SOCK"
+    $not_tcp_ipv6    = "tcp[ipv6]"
+    $not_keycode     = "keycode=0x"
 
   condition:
     $0x and any of ($p*) and any of ($e*) and none of ($not*)
diff --git a/rules/net/ip/host_port.yara b/rules/net/ip/host_port.yara
index c5c5ee765..9d9c5a0c9 100644
--- a/rules/net/ip/host_port.yara
+++ b/rules/net/ip/host_port.yara
@@ -69,6 +69,13 @@ rule hardcoded_host_port_over_10k: high {
     $host_domain_tld     = /[a-z]{3,64}\.[a-z]{3,64}\.[a-z]{2,3}:\d{4,5}/ fullword
     $host_domain_sld_tld = /[a-z]{3,64}\.[a-z]{3,64}\.[a-z]{2,3}\.[a-z]{2,3}:\d{4,5}/ fullword
 
+    $not_roughtime_cloudflare = "roughtime.cloudflare.com:2003"
+    $not_roughtime_google     = "sandbox.google.com:2002"
+    $not_foo_bar              = "foo.bar:"
+    $not_example_com          = "example.com:"
+    $not_mygateway            = "mygateway.com:"
+    $not_mymachine            = "mymachine.com:"
+
   condition:
-    any of ($h*)
+    any of ($h*) and none of ($not*)
 }
diff --git a/rules/persist/shell/bash.yara b/rules/persist/shell/bash.yara
index e0186bb70..83b895b91 100644
--- a/rules/persist/shell/bash.yara
+++ b/rules/persist/shell/bash.yara
@@ -27,6 +27,8 @@ rule bash_persist_persistent: high {
     $ref4 = ".bashrc"
 
     $not_bash = "POSIXLY_CORRECT"
+    $not_csh  = ".cshrc" fullword
+    $not_tcsh = "tcsh" fullword
 
   condition:
     3 of them and none of ($not*)
@@ -54,6 +56,7 @@ rule bash_logout_persist: high {
     $not_bash    = "POSIXLY_CORRECT"
     $not_comment = "# ~/.bash_logout"
     $not_clear   = "/usr/bin/clear_console"
+    $not_csh     = ".cshrc" fullword
 
   condition:
     filesize < 2097152 and any of ($ref*) and none of ($not*)
diff --git a/rules/persist/shell/zsh.yara b/rules/persist/shell/zsh.yara
index 1356cfcf5..195e7ae58 100644
--- a/rules/persist/shell/zsh.yara
+++ b/rules/persist/shell/zsh.yara
@@ -30,21 +30,11 @@ rule zsh_logout_persist: high {
     description = "Writes to zsh configuration files to persist"
 
   strings:
-    $ref  = ".zlogout"
-    $ref2 = "/etc/zlogout"
+    $ref       = ".zlogout"
+    $ref2      = "/etc/zlogout"
+    $not_cshrc = ".cshrc"
+    $not_zsh   = "ZSH_DEBUG_CMD"
 
   condition:
-    filesize < 2097152 and any of ($ref*)
-}
-
-rule zsh: override {
-  meta:
-    description        = "zsh"
-    zsh_logout_persist = "medium"
-
-  strings:
-    $debug = "ZSH_DEBUG_CMD"
-
-  condition:
-    filesize > 100KB and filesize < 2MB and all of them
+    filesize < 2097152 and any of ($ref*) and none of ($not*)
 }
diff --git a/rules/sus/compiler.yara b/rules/sus/compiler.yara
index 45ba70901..3cc659682 100644
--- a/rules/sus/compiler.yara
+++ b/rules/sus/compiler.yara
@@ -32,7 +32,18 @@ private rule binary {
     filesize < 40MB and (uint32(0) == 1179403647 or uint32(0) == 4277009102 or uint32(0) == 3472551422 or uint32(0) == 4277009103 or uint32(0) == 3489328638 or uint32(0) == 3405691582 or uint32(0) == 3199925962)
 }
 
-rule multiple_gcc: high {
+rule multiple_gcc: medium {
+  meta:
+    description = "built with multiple versions of GCC"
+
+  strings:
+    $gcc = /GCC: \([\w \.\-\~\(\)]{8,64}/ fullword
+
+  condition:
+    binary and #gcc > 1 and !gcc[1] != !gcc[2]
+}
+
+rule multiple_gcc_high: high {
   meta:
     description = "built with multiple versions of GCC"
 
@@ -40,6 +51,7 @@ rule multiple_gcc: high {
     $gcc                        = /GCC: \([\w \.\-\~\(\)]{8,64}/ fullword
     $not_go_testdata_ranges_elf = "/home/iant/foo4.c"
     $not_go_testdata            = "dwarf/testdata"
+    $not_java                   = "JAVA_HOME"
 
   condition:
     binary and #gcc > 1 and !gcc[1] != !gcc[2] and none of ($not*)
diff --git a/tests/c/clean/falco/filter_compiler.ut.cpp.simple b/tests/c/clean/falco/filter_compiler.ut.cpp.simple
new file mode 100644
index 000000000..b144d9416
--- /dev/null
+++ b/tests/c/clean/falco/filter_compiler.ut.cpp.simple
@@ -0,0 +1,10 @@
+# c/clean/falco/filter_compiler.ut.cpp: medium
+credential/shell/bash_history: medium
+exec/plugin: low
+fs/path/etc: low
+fs/path/home: low
+fs/path/var: low
+net/url/embedded: low
+persist/shell/bash: medium
+persist/shell/init_files: low
+persist/shell/zsh: medium
diff --git a/tests/c/clean/falco/ppm_events.c.simple b/tests/c/clean/falco/ppm_events.c.simple
new file mode 100644
index 000000000..9e33fc281
--- /dev/null
+++ b/tests/c/clean/falco/ppm_events.c.simple
@@ -0,0 +1,8 @@
+# c/clean/falco/ppm_events.c: medium
+discover/multiple: medium
+impact/remote_access/backdoor: medium
+net/http/post: medium
+net/socket/connect: medium
+net/socket/send: low
+net/url/embedded: low
+persist/kernel_module/symbol_lookup: low
diff --git a/tests/c/clean/falco/string_visitor.ut.cpp.simple b/tests/c/clean/falco/string_visitor.ut.cpp.simple
new file mode 100644
index 000000000..0b125b98d
--- /dev/null
+++ b/tests/c/clean/falco/string_visitor.ut.cpp.simple
@@ -0,0 +1,8 @@
+# c/clean/falco/string_visitor.ut.cpp: medium
+credential/shell/bash_history: medium
+fs/path/etc: low
+fs/path/var: low
+net/url/embedded: low
+persist/shell/bash: medium
+persist/shell/init_files: low
+persist/shell/zsh: medium
diff --git a/tests/does-nothing/does-nothing.go.simple b/tests/does-nothing/does-nothing.go.simple
new file mode 100644
index 000000000..e69de29bb
diff --git a/tests/find-missing-testdata.sh b/tests/find-missing-testdata.sh
old mode 100644
new mode 100755
index f8b036a12..0f70cf0f6
--- a/tests/find-missing-testdata.sh
+++ b/tests/find-missing-testdata.sh
@@ -6,7 +6,10 @@
 #
 
 set -e -u -o pipefail
-SAMPLE_DIR=${1:-"$(dirname $0)/../../malcontent-samples"}
+samples_rel_path="$(dirname $0)"
+cd "${samples_rel_path}"
+# assumes sample repo is checked out in directory above malcontent
+SAMPLE_DIR=${1:-"../../malcontent-samples"}
 
 # number of days to look back for missing testdata
 AGE_IN_DAYS=30
@@ -18,7 +21,12 @@ if [[ ! -d "${SAMPLE_DIR}/does-nothing" ]]; then
 	exit 1
 fi
 
-for sample_path in $(find "${SAMPLE_DIR}/" -type f -mtime -"${AGE_IN_DAYS}" -size +100c); do
+if [[ ! -f "does-nothing/does-nothing.simple" ]]; then
+	echo "working directory $(pwd) does not appear to be a valid tests directory; missing does-nothing/does-nothing.simple"
+	exit 1
+fi
+
+for sample_path in $(find "${SAMPLE_DIR}" -type f -mtime -"${AGE_IN_DAYS}" -size +100c); do
 	if [[ "${sample_path}" =~ ".git" ]]; then
 		continue
 	fi
@@ -37,18 +45,20 @@ for sample_path in $(find "${SAMPLE_DIR}/" -type f -mtime -"${AGE_IN_DAYS}" -siz
 
 	basename="${sample_path/${SAMPLE_DIR}\//}"
 	basename="${basename%\.xz}"
-	relative="./${basename}"
 	found=0
-	for test_path in "${relative}".*; do
+	for test_path in "${basename}".*; do
 		if [[ -f "${test_path}" ]]; then
 			found=1
 		fi
 	done
 
+	relative="${samples_rel_path}/${basename}"
+
 	if [[ "${found}" -eq 0 ]]; then
-		dir=$(dirname ${relative})
-		if [[ ! -d "${dir}" ]]; then
-			echo "mkdir -p ${dir} && touch ${relative}.simple"
+		real_dir=$(dirname ${basename})
+		if [[ ! -d "${real_dir}" ]]; then
+			rel_dir=$(dirname ${relative})
+			echo "mkdir -p "${rel_dir}" && touch ${relative}.simple"
 		else
 			echo "touch ${relative}.simple"
 		fi
diff --git a/tests/javascript/2024.STRRAT/f252f6e0d8f9f687751843dbc0be03d4f2ceb468e8453a4940d b/tests/javascript/2024.STRRAT/f252f6e0d8f9f687751843dbc0be03d4f2ceb468e8453a4940d
new file mode 100644
index 000000000..e69de29bb
diff --git a/tests/javascript/2024.lottie-player/lottie-player.min.js.mdiff b/tests/javascript/2024.lottie-player/lottie-player.min.js.mdiff
index 1492dfeb5..1f771890d 100644
--- a/tests/javascript/2024.lottie-player/lottie-player.min.js.mdiff
+++ b/tests/javascript/2024.lottie-player/lottie-player.min.js.mdiff
@@ -7,10 +7,10 @@
 | +CRITICAL | **[anti-static/obfuscation/js](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/obfuscation/js.yara#ebe)** | highly obfuscated javascript (eBe) | [charCodeAt](https://github.com/search?q=charCodeAt&type=code)<br>[eBe(-1)](https://github.com/search?q=eBe%28-1%29&type=code)<br>[eBe(-10)](https://github.com/search?q=eBe%28-10%29&type=code)<br>[eBe(-11)](https://github.com/search?q=eBe%28-11%29&type=code)<br>[eBe(-12)](https://github.com/search?q=eBe%28-12%29&type=code)<br>[eBe(-13)](https://github.com/search?q=eBe%28-13%29&type=code)<br>[eBe(-14)](https://github.com/search?q=eBe%28-14%29&type=code)<br>[eBe(-15)](https://github.com/search?q=eBe%28-15%29&type=code)<br>[eBe(-16)](https://github.com/search?q=eBe%28-16%29&type=code)<br>[eBe(-17)](https://github.com/search?q=eBe%28-17%29&type=code)<br>[eBe(-18)](https://github.com/search?q=eBe%28-18%29&type=code)<br>[eBe(-19)](https://github.com/search?q=eBe%28-19%29&type=code)<br>[eBe(-2)](https://github.com/search?q=eBe%28-2%29&type=code)<br>[eBe(-20)](https://github.com/search?q=eBe%28-20%29&type=code)<br>[eBe(-21)](https://github.com/search?q=eBe%28-21%29&type=code)<br>[eBe(-22)](https://github.com/search?q=eBe%28-22%29&type=code)<br>[eBe(-23)](https://github.com/search?q=eBe%28-23%29&type=code)<br>[eBe(-24)](https://github.com/search?q=eBe%28-24%29&type=code)<br>[eBe(-25)](https://github.com/search?q=eBe%28-25%29&type=code)<br>[eBe(-26)](https://github.com/search?q=eBe%28-26%29&type=code)<br>[eBe(-27)](https://github.com/search?q=eBe%28-27%29&type=code)<br>[eBe(-28)](https://github.com/search?q=eBe%28-28%29&type=code)<br>[eBe(-29)](https://github.com/search?q=eBe%28-29%29&type=code)<br>[eBe(-3)](https://github.com/search?q=eBe%28-3%29&type=code)<br>[eBe(-30)](https://github.com/search?q=eBe%28-30%29&type=code)<br>[eBe(-31)](https://github.com/search?q=eBe%28-31%29&type=code)<br>[eBe(-32)](https://github.com/search?q=eBe%28-32%29&type=code)<br>[eBe(-4)](https://github.com/search?q=eBe%28-4%29&type=code)<br>[eBe(-5)](https://github.com/search?q=eBe%28-5%29&type=code)<br>[eBe(-6)](https://github.com/search?q=eBe%28-6%29&type=code)<br>[eBe(-7)](https://github.com/search?q=eBe%28-7%29&type=code)<br>[eBe(-8)](https://github.com/search?q=eBe%28-8%29&type=code)<br>[eBe(-9)](https://github.com/search?q=eBe%28-9%29&type=code)<br>[function(](https://github.com/search?q=function%28&type=code) |
 | +CRITICAL | **[exfil/stealer/wallet](https://github.com/chainguard-dev/malcontent/blob/main/rules/exfil/stealer/wallet.yara#crypto_stealer_names)** | makes HTTPS connections and references multiple wallets by name | [BraveWallet](https://github.com/search?q=BraveWallet&type=code)<br>[CoinbaseBrowser](https://github.com/search?q=CoinbaseBrowser&type=code)<br>[CoinbaseConnector](https://github.com/search?q=CoinbaseConnector&type=code)<br>[CoinbaseInjectedProvider](https://github.com/search?q=CoinbaseInjectedProvider&type=code)<br>[CoinbaseInjectedSigner](https://github.com/search?q=CoinbaseInjectedSigner&type=code)<br>[CoinbaseOnRampURL](https://github.com/search?q=CoinbaseOnRampURL&type=code)<br>[CoinbaseTransactions](https://github.com/search?q=CoinbaseTransactions&type=code)<br>[CoinbaseWalletDeeplink](https://github.com/search?q=CoinbaseWalletDeeplink&type=code)<br>[CoinbaseWalletLogo](https://github.com/search?q=CoinbaseWalletLogo&type=code)<br>[CoinbaseWalletProvider](https://github.com/search?q=CoinbaseWalletProvider&type=code)<br>[CoinbaseWalletRound](https://github.com/search?q=CoinbaseWalletRound&type=code)<br>[CoinbaseWalletSDK](https://github.com/search?q=CoinbaseWalletSDK&type=code)<br>[CoinbaseWalletSteps](https://github.com/search?q=CoinbaseWalletSteps&type=code)<br>[Coinbase_Wordmark_SubBrands_ALL](https://github.com/search?q=Coinbase_Wordmark_SubBrands_ALL&type=code)<br>[Ronin](https://github.com/search?q=Ronin&type=code)<br>[http](https://github.com/search?q=http&type=code) |
 | +HIGH | **[anti-static/obfuscation/bitwise](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/obfuscation/bitwise.yara#unsigned_bitwise_math_excess)** | [uses an excessive amount of unsigned bitwise math](https://www.reversinglabs.com/blog/python-downloader-highlights-noise-problem-in-open-source-threat-detection) | [a>>>0](https://github.com/search?q=a%3E%3E%3E0&type=code)<br>[a>>>11](https://github.com/search?q=a%3E%3E%3E11&type=code)<br>[a>>>13](https://github.com/search?q=a%3E%3E%3E13&type=code)<br>[a>>>15](https://github.com/search?q=a%3E%3E%3E15&type=code)<br>[a>>>16](https://github.com/search?q=a%3E%3E%3E16&type=code)<br>[a>>>22](https://github.com/search?q=a%3E%3E%3E22&type=code)<br>[a>>>24](https://github.com/search?q=a%3E%3E%3E24&type=code)<br>[a>>>25](https://github.com/search?q=a%3E%3E%3E25&type=code)<br>[a>>>26](https://github.com/search?q=a%3E%3E%3E26&type=code)<br>[a>>>31](https://github.com/search?q=a%3E%3E%3E31&type=code)<br>[a>>>32](https://github.com/search?q=a%3E%3E%3E32&type=code)<br>[a>>>6](https://github.com/search?q=a%3E%3E%3E6&type=code)<br>[a>>>8](https://github.com/search?q=a%3E%3E%3E8&type=code)<br>[b>>>0](https://github.com/search?q=b%3E%3E%3E0&type=code)<br>[b>>>29](https://github.com/search?q=b%3E%3E%3E29&type=code)<br>[b>>>31](https://github.com/search?q=b%3E%3E%3E31&type=code)<br>[c>>>0](https://github.com/search?q=c%3E%3E%3E0&type=code)<br>[c>>>16](https://github.com/search?q=c%3E%3E%3E16&type=code)<br>[c>>>24](https://github.com/search?q=c%3E%3E%3E24&type=code)<br>[c>>>31](https://github.com/search?q=c%3E%3E%3E31&type=code)<br>[c>>>5](https://github.com/search?q=c%3E%3E%3E5&type=code)<br>[c>>>8](https://github.com/search?q=c%3E%3E%3E8&type=code)<br>[charAt(a](https://github.com/search?q=charAt%28a&type=code)<br>[charAt(c](https://github.com/search?q=charAt%28c&type=code)<br>[charAt(n](https://github.com/search?q=charAt%28n&type=code)<br>[charAt(s](https://github.com/search?q=charAt%28s&type=code)<br>[charAt(t](https://github.com/search?q=charAt%28t&type=code)<br>[charAt(u](https://github.com/search?q=charAt%28u&type=code)<br>[charAt(w](https://github.com/search?q=charAt%28w&type=code)<br>[d>>>16](https://github.com/search?q=d%3E%3E%3E16&type=code)<br>[d>>>24](https://github.com/search?q=d%3E%3E%3E24&type=code)<br>[d>>>26](https://github.com/search?q=d%3E%3E%3E26&type=code)<br>[d>>>29](https://github.com/search?q=d%3E%3E%3E29&type=code)<br>[d>>>31](https://github.com/search?q=d%3E%3E%3E31&type=code)<br>[d>>>6](https://github.com/search?q=d%3E%3E%3E6&type=code)<br>[d>>>7](https://github.com/search?q=d%3E%3E%3E7&type=code)<br>[d>>>8](https://github.com/search?q=d%3E%3E%3E8&type=code)<br>[e>>>0](https://github.com/search?q=e%3E%3E%3E0&type=code)<br>[e>>>10](https://github.com/search?q=e%3E%3E%3E10&type=code)<br>[e>>>11](https://github.com/search?q=e%3E%3E%3E11&type=code)<br>[e>>>12](https://github.com/search?q=e%3E%3E%3E12&type=code)<br>[e>>>13](https://github.com/search?q=e%3E%3E%3E13&type=code)<br>[e>>>14](https://github.com/search?q=e%3E%3E%3E14&type=code)<br>[e>>>16](https://github.com/search?q=e%3E%3E%3E16&type=code)<br>[e>>>17](https://github.com/search?q=e%3E%3E%3E17&type=code)<br>[e>>>18](https://github.com/search?q=e%3E%3E%3E18&type=code)<br>[e>>>19](https://github.com/search?q=e%3E%3E%3E19&type=code)<br>[e>>>22](https://github.com/search?q=e%3E%3E%3E22&type=code)<br>[e>>>24](https://github.com/search?q=e%3E%3E%3E24&type=code)<br>[e>>>25](https://github.com/search?q=e%3E%3E%3E25&type=code)<br>[e>>>26](https://github.com/search?q=e%3E%3E%3E26&type=code)<br>[e>>>27](https://github.com/search?q=e%3E%3E%3E27&type=code)<br>[e>>>28](https://github.com/search?q=e%3E%3E%3E28&type=code)<br>[e>>>29](https://github.com/search?q=e%3E%3E%3E29&type=code)<br>[e>>>31](https://github.com/search?q=e%3E%3E%3E31&type=code)<br>[e>>>32](https://github.com/search?q=e%3E%3E%3E32&type=code)<br>[e>>>4](https://github.com/search?q=e%3E%3E%3E4&type=code)<br>[e>>>5](https://github.com/search?q=e%3E%3E%3E5&type=code)<br>[e>>>64](https://github.com/search?q=e%3E%3E%3E64&type=code)<br>[e>>>7](https://github.com/search?q=e%3E%3E%3E7&type=code)<br>[e>>>8](https://github.com/search?q=e%3E%3E%3E8&type=code)<br>[f>>>13](https://github.com/search?q=f%3E%3E%3E13&type=code)<br>[f>>>24](https://github.com/search?q=f%3E%3E%3E24&type=code)<br>[f>>>31](https://github.com/search?q=f%3E%3E%3E31&type=code)<br>[f>>>8](https://github.com/search?q=f%3E%3E%3E8&type=code)<br>[function(](https://github.com/search?q=function%28&type=code)<br>[g>>>16](https://github.com/search?q=g%3E%3E%3E16&type=code)<br>[h>>>11](https://github.com/search?q=h%3E%3E%3E11&type=code)<br>[h>>>16](https://github.com/search?q=h%3E%3E%3E16&type=code)<br>[h>>>19](https://github.com/search?q=h%3E%3E%3E19&type=code)<br>[h>>>24](https://github.com/search?q=h%3E%3E%3E24&type=code)<br>[h>>>25](https://github.com/search?q=h%3E%3E%3E25&type=code)<br>[h>>>29](https://github.com/search?q=h%3E%3E%3E29&type=code)<br>[h>>>31](https://github.com/search?q=h%3E%3E%3E31&type=code)<br>[h>>>6](https://github.com/search?q=h%3E%3E%3E6&type=code)<br>[h>>>7](https://github.com/search?q=h%3E%3E%3E7&type=code)<br>[h>>>8](https://github.com/search?q=h%3E%3E%3E8&type=code)<br>[i>>>0](https://github.com/search?q=i%3E%3E%3E0&type=code)<br>[i>>>10](https://github.com/search?q=i%3E%3E%3E10&type=code)<br>[i>>>13](https://github.com/search?q=i%3E%3E%3E13&type=code)<br>[i>>>16](https://github.com/search?q=i%3E%3E%3E16&type=code)<br>[i>>>22](https://github.com/search?q=i%3E%3E%3E22&type=code)<br>[i>>>27](https://github.com/search?q=i%3E%3E%3E27&type=code)<br>[i>>>31](https://github.com/search?q=i%3E%3E%3E31&type=code)<br>[i>>>5](https://github.com/search?q=i%3E%3E%3E5&type=code)<br>[j>>>21](https://github.com/search?q=j%3E%3E%3E21&type=code)<br>[k>>>20](https://github.com/search?q=k%3E%3E%3E20&type=code)<br>[k>>>4](https://github.com/search?q=k%3E%3E%3E4&type=code)<br>[l>>>0](https://github.com/search?q=l%3E%3E%3E0&type=code)<br>[l>>>26](https://github.com/search?q=l%3E%3E%3E26&type=code)<br>[l>>>31](https://github.com/search?q=l%3E%3E%3E31&type=code)<br>[l>>>8](https://github.com/search?q=l%3E%3E%3E8&type=code)<br>[m>>>0](https://github.com/search?q=m%3E%3E%3E0&type=code)<br>[m>>>10](https://github.com/search?q=m%3E%3E%3E10&type=code)<br>[m>>>13](https://github.com/search?q=m%3E%3E%3E13&type=code)<br>[m>>>17](https://github.com/search?q=m%3E%3E%3E17&type=code)<br>[m>>>19](https://github.com/search?q=m%3E%3E%3E19&type=code)<br>[n>>>0](https://github.com/search?q=n%3E%3E%3E0&type=code)<br>[n>>>13](https://github.com/search?q=n%3E%3E%3E13&type=code)<br>[n>>>16](https://github.com/search?q=n%3E%3E%3E16&type=code)<br>[n>>>17](https://github.com/search?q=n%3E%3E%3E17&type=code)<br>[n>>>24](https://github.com/search?q=n%3E%3E%3E24&type=code)<br>[n>>>26](https://github.com/search?q=n%3E%3E%3E26&type=code)<br>[n>>>31](https://github.com/search?q=n%3E%3E%3E31&type=code)<br>[n>>>5](https://github.com/search?q=n%3E%3E%3E5&type=code)<br>[n>>>7](https://github.com/search?q=n%3E%3E%3E7&type=code)<br>[n>>>8](https://github.com/search?q=n%3E%3E%3E8&type=code)<br>[o>>>0](https://github.com/search?q=o%3E%3E%3E0&type=code)<br>[o>>>10](https://github.com/search?q=o%3E%3E%3E10&type=code)<br>[o>>>16](https://github.com/search?q=o%3E%3E%3E16&type=code)<br>[o>>>22](https://github.com/search?q=o%3E%3E%3E22&type=code)<br>[o>>>24](https://github.com/search?q=o%3E%3E%3E24&type=code)<br>[o>>>31](https://github.com/search?q=o%3E%3E%3E31&type=code)<br>[o>>>4](https://github.com/search?q=o%3E%3E%3E4&type=code)<br>[o>>>5](https://github.com/search?q=o%3E%3E%3E5&type=code)<br>[o>>>8](https://github.com/search?q=o%3E%3E%3E8&type=code)<br>[p>>>0](https://github.com/search?q=p%3E%3E%3E0&type=code)<br>[p>>>18](https://github.com/search?q=p%3E%3E%3E18&type=code)<br>[p>>>31](https://github.com/search?q=p%3E%3E%3E31&type=code)<br>[p>>>7](https://github.com/search?q=p%3E%3E%3E7&type=code)<br>[p>>>8](https://github.com/search?q=p%3E%3E%3E8&type=code)<br>[q>>>0](https://github.com/search?q=q%3E%3E%3E0&type=code)<br>[q>>>3](https://github.com/search?q=q%3E%3E%3E3&type=code)<br>[r>>>0](https://github.com/search?q=r%3E%3E%3E0&type=code)<br>[r>>>10](https://github.com/search?q=r%3E%3E%3E10&type=code)<br>[r>>>13](https://github.com/search?q=r%3E%3E%3E13&type=code)<br>[r>>>24](https://github.com/search?q=r%3E%3E%3E24&type=code)<br>[r>>>8](https://github.com/search?q=r%3E%3E%3E8&type=code)<br>[s>>>0](https://github.com/search?q=s%3E%3E%3E0&type=code)<br>[s>>>14](https://github.com/search?q=s%3E%3E%3E14&type=code)<br>[s>>>24](https://github.com/search?q=s%3E%3E%3E24&type=code)<br>[s>>>26](https://github.com/search?q=s%3E%3E%3E26&type=code)<br>[s>>>31](https://github.com/search?q=s%3E%3E%3E31&type=code)<br>[s>>>6](https://github.com/search?q=s%3E%3E%3E6&type=code)<br>[s>>>8](https://github.com/search?q=s%3E%3E%3E8&type=code)<br>[t>>>0](https://github.com/search?q=t%3E%3E%3E0&type=code)<br>[t>>>16](https://github.com/search?q=t%3E%3E%3E16&type=code)<br>[t>>>26](https://github.com/search?q=t%3E%3E%3E26&type=code)<br>[t>>>29](https://github.com/search?q=t%3E%3E%3E29&type=code)<br>[t>>>32](https://github.com/search?q=t%3E%3E%3E32&type=code)<br>[t>>>64](https://github.com/search?q=t%3E%3E%3E64&type=code)<br>[t>>>7](https://github.com/search?q=t%3E%3E%3E7&type=code)<br>[t>>>9](https://github.com/search?q=t%3E%3E%3E9&type=code)<br>[u>>>13](https://github.com/search?q=u%3E%3E%3E13&type=code)<br>[u>>>16](https://github.com/search?q=u%3E%3E%3E16&type=code)<br>[u>>>24](https://github.com/search?q=u%3E%3E%3E24&type=code)<br>[u>>>31](https://github.com/search?q=u%3E%3E%3E31&type=code)<br>[u>>>8](https://github.com/search?q=u%3E%3E%3E8&type=code)<br>[v>>>0](https://github.com/search?q=v%3E%3E%3E0&type=code)<br>[v>>>16](https://github.com/search?q=v%3E%3E%3E16&type=code)<br>[v>>>24](https://github.com/search?q=v%3E%3E%3E24&type=code)<br>[v>>>28](https://github.com/search?q=v%3E%3E%3E28&type=code)<br>[v>>>8](https://github.com/search?q=v%3E%3E%3E8&type=code)<br>[w>>>10](https://github.com/search?q=w%3E%3E%3E10&type=code)<br>[w>>>17](https://github.com/search?q=w%3E%3E%3E17&type=code)<br>[w>>>18](https://github.com/search?q=w%3E%3E%3E18&type=code)<br>[w>>>19](https://github.com/search?q=w%3E%3E%3E19&type=code)<br>[w>>>28](https://github.com/search?q=w%3E%3E%3E28&type=code)<br>[w>>>3](https://github.com/search?q=w%3E%3E%3E3&type=code)<br>[w>>>7](https://github.com/search?q=w%3E%3E%3E7&type=code)<br>[x>>>14](https://github.com/search?q=x%3E%3E%3E14&type=code)<br>[x>>>18](https://github.com/search?q=x%3E%3E%3E18&type=code)<br>[x>>>23](https://github.com/search?q=x%3E%3E%3E23&type=code)<br>[x>>>9](https://github.com/search?q=x%3E%3E%3E9&type=code)<br>[y>>>13](https://github.com/search?q=y%3E%3E%3E13&type=code)<br>[y>>>29](https://github.com/search?q=y%3E%3E%3E29&type=code)<br>[y>>>31](https://github.com/search?q=y%3E%3E%3E31&type=code)<br>[z>>>0](https://github.com/search?q=z%3E%3E%3E0&type=code)<br>[z>>>17](https://github.com/search?q=z%3E%3E%3E17&type=code) |
-| +HIGH | **[anti-static/obfuscation/python](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/obfuscation/python.yara#multi_decode_3)** | multiple (3+) levels of decoding | [.decode(n);return o._baseCache.set(i,t),o}},jE=(e,t)=>{switch(e[0]){case"Q":{let r=t||N_;return[N_.prefix,r.decode(`${N_.prefix}${e}`)]}case N_.prefix:{let r=t||N_;return[N_.prefix,r.decode(e)]}case y_.prefix:{let r=t||y_;return[y_.prefix,r.decode(e)]}default:if(null==t)throw Error("To parse non base32 or base58btc encoded CID multibase decoder must be provided");return[e[0],t.decode](https://github.com/search?q=.decode%28n%29%3Breturn+o._baseCache.set%28i%2Ct%29%2Co%7D%7D%2CjE%3D%28e%2Ct%29%3D%3E%7Bswitch%28e%5B0%5D%29%7Bcase%22Q%22%3A%7Blet+r%3Dt%7C%7CN_%3Breturn%5BN_.prefix%2Cr.decode%28%60%24%7BN_.prefix%7D%24%7Be%7D%60%29%5D%7Dcase+N_.prefix%3A%7Blet+r%3Dt%7C%7CN_%3Breturn%5BN_.prefix%2Cr.decode%28e%29%5D%7Dcase+y_.prefix%3A%7Blet+r%3Dt%7C%7Cy_%3Breturn%5By_.prefix%2Cr.decode%28e%29%5D%7Ddefault%3Aif%28null%3D%3Dt%29throw+Error%28%22To+parse+non+base32+or+base58btc+encoded+CID+multibase+decoder+must+be+provided%22%29%3Breturn%5Be%5B0%5D%2Ct.decode&type=code)<br>[.decode(n);return o._baseCache.set(i,t),o}},vB=(e,t)=>{switch(e[0]){case"Q":{let r=t||fN;return[fN.prefix,r.decode(`${fN.prefix}${e}`)]}case fN.prefix:{let r=t||fN;return[fN.prefix,r.decode(e)]}case JO.prefix:{let r=t||JO;return[JO.prefix,r.decode(e)]}default:if(null==t)throw Error("To parse non base32 or base58btc encoded CID multibase decoder must be provided");return[e[0],t.decode](https://github.com/search?q=.decode%28n%29%3Breturn+o._baseCache.set%28i%2Ct%29%2Co%7D%7D%2CvB%3D%28e%2Ct%29%3D%3E%7Bswitch%28e%5B0%5D%29%7Bcase%22Q%22%3A%7Blet+r%3Dt%7C%7CfN%3Breturn%5BfN.prefix%2Cr.decode%28%60%24%7BfN.prefix%7D%24%7Be%7D%60%29%5D%7Dcase+fN.prefix%3A%7Blet+r%3Dt%7C%7CfN%3Breturn%5BfN.prefix%2Cr.decode%28e%29%5D%7Dcase+JO.prefix%3A%7Blet+r%3Dt%7C%7CJO%3Breturn%5BJO.prefix%2Cr.decode%28e%29%5D%7Ddefault%3Aif%28null%3D%3Dt%29throw+Error%28%22To+parse+non+base32+or+base58btc+encoded+CID+multibase+decoder+must+be+provided%22%29%3Breturn%5Be%5B0%5D%2Ct.decode&type=code) |
 | +HIGH | **[c2/addr/url](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/addr/url.yara#exotic_tld)** | Contains HTTP hostname with unusual top-level domain | [https://api.mantlescan.xyz/](https://api.mantlescan.xyz/)<br>[https://mantlescan.xyz/](https://mantlescan.xyz/)<br>[https://openchain.xyz/](https://openchain.xyz/) |
 | +HIGH | **[data/builtin/appkit](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/builtin/appkit.yara#appkit)** | Includes AppKit, a web3 blockchain library | [Price impact reflects the change in market price due to your trade](https://github.com/search?q=Price+impact+reflects+the+change+in+market+price+due+to+your+trade&type=code)<br>[Select which chain to connect to your multi](https://github.com/search?q=Select+which+chain+to+connect+to+your+multi&type=code) |
 | +MEDIUM | **[anti-static/obfuscation/hex](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/obfuscation/hex.yara#hex_parse)** | converts hex data to ASCII | [toString("hex");](https://github.com/search?q=toString%28%22hex%22%29%3B&type=code) |
+| +MEDIUM | **[anti-static/obfuscation/python](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/obfuscation/python.yara#python_long_hex)** | contains a large hexadecimal string variable | [="0x608060405234801561001057600080fd5b506040516102c03803806102c083398101604081905261002f916101e6565b836001600160a01b03163b6000036100e457600080836001600160a01b03168360405161005c9190610270565b6000604051808303816000865af19150503d8060008114610099576040519150601f19603f3d011682016040523d82523d6000602084013e61009e565b606091505b50915091508115806100b857506001600160a01b0386163b155b156100e1578060405163101bb98d60e01b81526004016100d8919061028c565b60405180910390fd5b50505b6000808451602086016000885af16040513d6000823e816101](https://github.com/search?q=%3D%220x608060405234801561001057600080fd5b506040516102c03803806102c083398101604081905261002f916101e6565b836001600160a01b03163b6000036100e457600080836001600160a01b03168360405161005c9190610270565b6000604051808303816000865af19150503d8060008114610099576040519150601f19603f3d011682016040523d82523d6000602084013e61009e565b606091505b50915091508115806100b857506001600160a01b0386163b155b156100e1578060405163101bb98d60e01b81526004016100d8919061028c565b60405180910390fd5b50505b6000808451602086016000885af16040513d6000823e816101&type=code)<br>[Zc="0x608060405234801561001057600080fd5b506040516102c03803806102c083398101604081905261002f916101e6565b836001600160a01b03163b6000036100e457600080836001600160a01b03168360405161005c9190610270565b6000604051808303816000865af19150503d8060008114610099576040519150601f19603f3d011682016040523d82523d6000602084013e61009e565b606091505b50915091508115806100b857506001600160a01b0386163b155b156100e1578060405163101bb98d60e01b81526004016100d8919061028c565b60405180910390fd5b50505b6000808451602086016000885af16040513d6000823e8161](https://github.com/search?q=Zc%3D%220x608060405234801561001057600080fd5b506040516102c03803806102c083398101604081905261002f916101e6565b836001600160a01b03163b6000036100e457600080836001600160a01b03168360405161005c9190610270565b6000604051808303816000865af19150503d8060008114610099576040519150601f19603f3d011682016040523d82523d6000602084013e61009e565b606091505b50915091508115806100b857506001600160a01b0386163b155b156100e1578060405163101bb98d60e01b81526004016100d8919061028c565b60405180910390fd5b50505b6000808451602086016000885af16040513d6000823e8161&type=code)<br>[c="0x608060405234801561001057600080fd5b506040516102c03803806102c083398101604081905261002f916101e6565b836001600160a01b03163b6000036100e457600080836001600160a01b03168360405161005c9190610270565b6000604051808303816000865af19150503d8060008114610099576040519150601f19603f3d011682016040523d82523d6000602084013e61009e565b606091505b50915091508115806100b857506001600160a01b0386163b155b156100e1578060405163101bb98d60e01b81526004016100d8919061028c565b60405180910390fd5b50505b6000808451602086016000885af16040513d6000823e81610](https://github.com/search?q=c%3D%220x608060405234801561001057600080fd5b506040516102c03803806102c083398101604081905261002f916101e6565b836001600160a01b03163b6000036100e457600080836001600160a01b03168360405161005c9190610270565b6000604051808303816000865af19150503d8060008114610099576040519150601f19603f3d011682016040523d82523d6000602084013e61009e565b606091505b50915091508115806100b857506001600160a01b0386163b155b156100e1578060405163101bb98d60e01b81526004016100d8919061028c565b60405180910390fd5b50505b6000808451602086016000885af16040513d6000823e81610&type=code) |
 | +MEDIUM | **[c2/addr/discord](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/addr/discord.yara#discord)** | may report back to 'Discord' | [Discord](https://github.com/search?q=Discord&type=code) |
 | +MEDIUM | **[c2/client](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/client.yara#clientID)** | contains a client ID | [clientId](https://github.com/search?q=clientId&type=code)<br>[client_id](https://github.com/search?q=client_id&type=code) |
 | +MEDIUM | **[c2/tool_transfer/os](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/tool_transfer/os.yara#multiple_os_ref)** | references multiple operating systems | [Linux](https://github.com/search?q=Linux&type=code)<br>[Windows](https://github.com/search?q=Windows&type=code)<br>[http://](http://)<br>[https://](https://) |
diff --git a/tests/javascript/clean/bash.js.simple b/tests/javascript/clean/bash.js.simple
index a5c423022..24bb4679f 100644
--- a/tests/javascript/clean/bash.js.simple
+++ b/tests/javascript/clean/bash.js.simple
@@ -1,5 +1,4 @@
-# javascript/clean/bash.js: high
-anti-behavior/process_check: high
+# javascript/clean/bash.js: medium
 data/compression/bzip2: low
 data/compression/gzip: low
 discover/multiple: medium
diff --git a/tests/javascript/clean/faker.js.simple b/tests/javascript/clean/faker.js.simple
index 09e9fdde2..4235e5e37 100644
--- a/tests/javascript/clean/faker.js.simple
+++ b/tests/javascript/clean/faker.js.simple
@@ -1,7 +1,5 @@
-# javascript/clean/faker.js: high
+# javascript/clean/faker.js: medium
 anti-behavior/blocklist/user: low
-anti-static/base64/exec: high
-anti-static/base64/http_agent: high
 anti-static/obfuscation/obfuscate: low
 c2/addr/ip: medium
 c2/tool_transfer/arch: low
diff --git a/tests/javascript/clean/frequency_lists.js.simple b/tests/javascript/clean/frequency_lists.js.simple
index 311980061..8f6d60c4f 100644
--- a/tests/javascript/clean/frequency_lists.js.simple
+++ b/tests/javascript/clean/frequency_lists.js.simple
@@ -1,4 +1,5 @@
 # javascript/clean/frequency_lists.js: medium
+anti-static/xor/functions: medium
 c2/tool_transfer/dropper: medium
 collect/databases/mysql: medium
 credential/gaming/minecraft: medium
diff --git a/tests/javascript/clean/mode-php.js.simple b/tests/javascript/clean/mode-php.js.simple
index 6fe24e926..856a0d541 100644
--- a/tests/javascript/clean/mode-php.js.simple
+++ b/tests/javascript/clean/mode-php.js.simple
@@ -1,7 +1,6 @@
-# javascript/clean/mode-php.js: high
+# javascript/clean/mode-php.js: medium
 c2/addr/ip: medium
 c2/client: medium
-c2/tool_transfer/python: high
 collect/databases/mysql: medium
 collect/databases/sqlite: medium
 credential/password: low
diff --git a/tests/javascript/clean/mode-php_laravel_blade.js.simple b/tests/javascript/clean/mode-php_laravel_blade.js.simple
index 8e9ebdffe..46e2f437e 100644
--- a/tests/javascript/clean/mode-php_laravel_blade.js.simple
+++ b/tests/javascript/clean/mode-php_laravel_blade.js.simple
@@ -1,7 +1,6 @@
-# javascript/clean/mode-php_laravel_blade.js: high
+# javascript/clean/mode-php_laravel_blade.js: medium
 c2/addr/ip: medium
 c2/client: medium
-c2/tool_transfer/python: high
 collect/databases/mysql: medium
 collect/databases/sqlite: medium
 credential/password: low
diff --git a/tests/javascript/clean/php.js.simple b/tests/javascript/clean/php.js.simple
index 6d65f9383..721ebdf9f 100644
--- a/tests/javascript/clean/php.js.simple
+++ b/tests/javascript/clean/php.js.simple
@@ -1,7 +1,6 @@
-# javascript/clean/php.js: high
+# javascript/clean/php.js: medium
 c2/addr/ip: medium
 c2/client: medium
-c2/tool_transfer/python: high
 collect/databases/mysql: medium
 collect/databases/sqlite: medium
 credential/password: low
diff --git a/tests/javascript/clean/prism-bash.js.simple b/tests/javascript/clean/prism-bash.js.simple
index 0bc59517e..1a1b9e721 100644
--- a/tests/javascript/clean/prism-bash.js.simple
+++ b/tests/javascript/clean/prism-bash.js.simple
@@ -1,5 +1,4 @@
-# javascript/clean/prism-bash.js: high
-anti-behavior/process_check: high
+# javascript/clean/prism-bash.js: medium
 data/compression/bzip2: low
 data/compression/gzip: low
 discover/multiple: medium
diff --git a/tests/javascript/clean/prism-bash.min.js.simple b/tests/javascript/clean/prism-bash.min.js.simple
index 34e42e07a..5c39c2897 100644
--- a/tests/javascript/clean/prism-bash.min.js.simple
+++ b/tests/javascript/clean/prism-bash.min.js.simple
@@ -1,5 +1,4 @@
-# javascript/clean/prism-bash.min.js: high
-anti-behavior/process_check: high
+# javascript/clean/prism-bash.min.js: medium
 data/compression/bzip2: low
 data/compression/gzip: low
 discover/multiple: medium
diff --git a/tests/javascript/clean/securityDashboards.plugin.js.simple b/tests/javascript/clean/securityDashboards.plugin.js.simple
index d27de09e7..23ab066b8 100644
--- a/tests/javascript/clean/securityDashboards.plugin.js.simple
+++ b/tests/javascript/clean/securityDashboards.plugin.js.simple
@@ -2,6 +2,7 @@
 anti-static/obfuscation/bitwise: medium
 anti-static/obfuscation/js: medium
 anti-static/obfuscation/reverse: medium
+anti-static/xor/functions: medium
 c2/tool_transfer/dropper: medium
 c2/tool_transfer/os: low
 collect/databases/mysql: medium
diff --git a/tests/javascript/clean/zxcvbn.js.simple b/tests/javascript/clean/zxcvbn.js.simple
index befaaecb7..9f9bbf4cc 100644
--- a/tests/javascript/clean/zxcvbn.js.simple
+++ b/tests/javascript/clean/zxcvbn.js.simple
@@ -1,5 +1,6 @@
 # javascript/clean/zxcvbn.js: medium
 anti-static/obfuscation/reverse: medium
+anti-static/xor/functions: medium
 c2/tool_transfer/dropper: medium
 collect/databases/mysql: medium
 credential/gaming/minecraft: medium
diff --git a/tests/linux/2021.FontOnLake/45E9.elf.simple b/tests/linux/2021.FontOnLake/45E9.elf.simple
index 6cf7cf53c..13fb94ef3 100644
--- a/tests/linux/2021.FontOnLake/45E9.elf.simple
+++ b/tests/linux/2021.FontOnLake/45E9.elf.simple
@@ -25,7 +25,7 @@ discover/system/dmesg: low
 discover/system/hostname: low
 discover/user/HOME: low
 discover/user/USER: low
-evasion/file/location/x11_unix: low
+evasion/file/location/x11_unix: medium
 evasion/file/prefix: medium
 evasion/file/prefix/proc: high
 evasion/logging/acct: low
diff --git a/tests/linux/2021.XMR-Stak/1b1a56.elf.simple b/tests/linux/2021.XMR-Stak/1b1a56.elf.simple
index 2cbf045ba..f451d15db 100644
--- a/tests/linux/2021.XMR-Stak/1b1a56.elf.simple
+++ b/tests/linux/2021.XMR-Stak/1b1a56.elf.simple
@@ -78,7 +78,7 @@ net/http/cookies: medium
 net/http/form_upload: medium
 net/http/post: medium
 net/http/request: low
-net/ip/host_port: high
+net/ip/host_port: medium
 net/ip/icmp: medium
 net/ip/parse: medium
 net/ip/string: medium
diff --git a/tests/linux/2024.kubo_injector/injector.json b/tests/linux/2024.kubo_injector/injector.json
index 54d87c62d..f09a0cc19 100644
--- a/tests/linux/2024.kubo_injector/injector.json
+++ b/tests/linux/2024.kubo_injector/injector.json
@@ -70,9 +70,9 @@
                     ],
                     "RiskScore": 3,
                     "RiskLevel": "HIGH",
-                    "RuleURL": "https://github.com/chainguard-dev/malcontent/blob/main/rules/evasion/process_injection/ptrace.yara#ptrace_injector",
+                    "RuleURL": "https://github.com/chainguard-dev/malcontent/blob/main/rules/evasion/process_injection/ptrace.yara#ptrace_injector_unknown",
                     "ID": "evasion/process_injection/ptrace",
-                    "RuleName": "ptrace_injector"
+                    "RuleName": "ptrace_injector_unknown"
                 },
                 {
                     "Description": "get the address of a symbol",
diff --git a/tests/linux/2024.kworker_pretenders/emp3r0r.agent.simple b/tests/linux/2024.kworker_pretenders/emp3r0r.agent.simple
index 00225be29..e2f9da111 100644
--- a/tests/linux/2024.kworker_pretenders/emp3r0r.agent.simple
+++ b/tests/linux/2024.kworker_pretenders/emp3r0r.agent.simple
@@ -108,7 +108,6 @@ fs/tempfile: low
 hw/cpu: medium
 impact/exploit: high
 impact/exploit/GCONV_PATH: high
-impact/exploit/overflow_shellcode: high
 impact/exploit/pwnkit: critical
 impact/remote_access/heartbeat: medium
 impact/remote_access/kill_rm: medium
diff --git a/tests/linux/2024.sshdoor/dd98ee5273a02829167b255baf9979759f84a0a6b7769a67ecbf6c0c9100c38d.elf.simple b/tests/linux/2024.sshdoor/dd98ee5273a02829167b255baf9979759f84a0a6b7769a67ecbf6c0c9100c38d.elf.simple
index 03ec8de4e..dd7d6e7eb 100644
--- a/tests/linux/2024.sshdoor/dd98ee5273a02829167b255baf9979759f84a0a6b7769a67ecbf6c0c9100c38d.elf.simple
+++ b/tests/linux/2024.sshdoor/dd98ee5273a02829167b255baf9979759f84a0a6b7769a67ecbf6c0c9100c38d.elf.simple
@@ -23,7 +23,6 @@ discover/user/HOME: low
 evasion/file/location/system_directory: medium
 evasion/file/location/var: high
 evasion/file/location/var_tmp: high
-evasion/file/location/x11_unix: low
 evasion/file/prefix: medium
 evasion/logging/failed_logins: medium
 evasion/logging/historical_logins: medium
diff --git a/tests/linux/clean/acme.sh.simple b/tests/linux/clean/acme.sh.simple
new file mode 100644
index 000000000..302639749
--- /dev/null
+++ b/tests/linux/clean/acme.sh.simple
@@ -0,0 +1,51 @@
+# linux/clean/acme.sh: medium
+c2/tool_transfer/os: medium
+collect/code/github_api: low
+credential/password: low
+crypto/encrypt: medium
+crypto/openssl: medium
+crypto/public_key: low
+data/base64/encode: medium
+data/base64/external: medium
+data/embedded/pem_certificate: low
+data/encoding/base64: low
+discover/multiple: medium
+discover/network/netstat: medium
+discover/system/platform: medium
+discover/user/name_get: medium
+evasion/file/prefix: medium
+exec/remote_commands/code_eval: medium
+exec/shell/SHELL: low
+exec/shell/arbitrary_command_dev_null: medium
+exec/shell/ignore_output: medium
+fs/directory/create: low
+fs/file/copy: medium
+fs/file/delete_forcibly: medium
+fs/file/make_executable: medium
+fs/file/times_set: medium
+fs/link_create: low
+fs/link_read: low
+fs/path/bin_su: low
+fs/path/etc: low
+fs/path/home: low
+fs/path/tmp: medium
+fs/path/usr_bin: low
+fs/permission/modify: medium
+fs/tempfile: low
+net/dns/over_https: medium
+net/dns/txt: low
+net/download: medium
+net/download/fetch: medium
+net/http/form_upload: medium
+net/http/post: medium
+net/http/request: low
+net/ip/host_port: medium
+net/socket/listen: medium
+net/socket/send: low
+net/url/embedded: low
+os/time/tzinfo: low
+persist/cron/tab: medium
+persist/shell/bash: medium
+persist/shell/zsh: medium
+privesc/sudo: medium
+process/chdir: low
diff --git a/tests/linux/clean/aws-c-io/aws-c-io-0.14.10-r0.spdx.json.simple b/tests/linux/clean/aws-c-io/aws-c-io-0.14.10-r0.spdx.json.simple
new file mode 100644
index 000000000..e69de29bb
diff --git a/tests/linux/clean/aws-c-io/aws-c-io-0.14.11-r0.spdx.json.simple b/tests/linux/clean/aws-c-io/aws-c-io-0.14.11-r0.spdx.json.simple
new file mode 100644
index 000000000..e69de29bb
diff --git a/tests/linux/clean/bat.simple b/tests/linux/clean/bat.simple
new file mode 100644
index 000000000..87258ee8d
--- /dev/null
+++ b/tests/linux/clean/bat.simple
@@ -0,0 +1,73 @@
+# linux/clean/bat: medium
+anti-static/elf/multiple: medium
+c2/addr/ip: medium
+c2/addr/url: low
+c2/tool_transfer/arch: low
+credential/password: low
+credential/server/htpasswd: medium
+credential/ssh: medium
+credential/ssh/authorized_hosts: medium
+credential/ssh/d: medium
+crypto/public_key: low
+crypto/rc4: low
+data/compression/zlib: low
+data/embedded/pem_private_key: medium
+data/encoding/base64: low
+data/random/insecure: low
+discover/group/lookup: medium
+discover/process/parent: low
+discover/system/hostname: low
+discover/user/APPDATA: low
+discover/user/HOME: low
+discover/user/USER: low
+discover/user/name_get: low
+evasion/file/prefix: medium
+exec/dylib/iterate: low
+exec/program: medium
+exec/program/background: low
+exec/script/osa: medium
+exec/shell/SHELL: low
+exec/shell/power: medium
+exec/system_controls/systemd: low
+exfil/stealer/ssh: medium
+fs/directory/create: low
+fs/directory/remove: low
+fs/file/delete: low
+fs/file/times_set: medium
+fs/link_read: low
+fs/lock_update: low
+fs/mount: low
+fs/path/etc: low
+fs/path/home_config: low
+fs/path/var: low
+fs/permission/modify: medium
+fs/proc/self_exe: medium
+fs/symlink_resolve: low
+fs/tempdir/TEMP: low
+fs/tempfile: low
+lateral/scan/tool: medium
+net/dns/servers: low
+net/dns/txt: low
+net/download: medium
+net/http/post: medium
+net/ip/resolve: low
+net/resolve/hostname: low
+net/socket/listen: medium
+net/socket/local_addr: low
+net/socket/pair: medium
+net/socket/peer_address: low
+net/socket/receive: low
+net/socket/send: low
+net/tcp/ssh: medium
+net/url/embedded: low
+net/url/encode: medium
+persist/cron/tab: medium
+persist/kernel_module/unload: medium
+persist/pid_file: medium
+persist/shell/init_files: low
+persist/ssh_authorized_keys: medium
+privesc/setuid: low
+process/chroot: low
+process/groupid_set: low
+process/groups_set: low
+sus/leetspeak: medium
diff --git a/tests/linux/clean/bazel.simple b/tests/linux/clean/bazel.simple
new file mode 100644
index 000000000..9c0664b89
--- /dev/null
+++ b/tests/linux/clean/bazel.simple
@@ -0,0 +1,89 @@
+# linux/clean/bazel: medium
+anti-static/elf/entropy: medium
+anti-static/obfuscation/obfuscate: low
+anti-static/xor/functions: medium
+c2/addr/ip: medium
+c2/addr/server: medium
+c2/addr/url: low
+c2/client: medium
+c2/tool_transfer/arch: low
+c2/tool_transfer/os: low
+crypto/aes: low
+data/base64/decode: medium
+data/base64/encode: medium
+data/compression/gzip: low
+data/compression/zlib: low
+data/encoding/base64: low
+data/hash/md5: low
+discover/network/interface: low
+discover/network/interface_list: medium
+discover/system/hostname: low
+discover/system/platform: low
+discover/system/sysinfo: medium
+discover/user/HOME: low
+discover/user/USER: low
+evasion/bypass_security/linux/ufw: medium
+exec/cmd: medium
+exec/conditional/LANG: low
+exec/plugin: low
+exec/program: medium
+exec/program/background: low
+exec/shell/SHELL: low
+exec/shell/TERM: low
+exec/shell/command: medium
+exec/shell/exec: medium
+exec/tty/pathname: medium
+exfil/collection: medium
+fs/directory/create: low
+fs/directory/remove: low
+fs/file/copy: medium
+fs/file/create: medium
+fs/file/delete: low
+fs/file/read: low
+fs/file/times_set: medium
+fs/file/truncate: low
+fs/file/write: low
+fs/link_read: low
+fs/path/etc: low
+fs/path/etc_hosts: medium
+fs/path/etc_resolv.conf: low
+fs/permission/modify: medium
+fs/proc/self_exe: medium
+fs/symlink_resolve: low
+fs/tempdir: low
+fs/tempdir/TEMP: low
+fs/tempdir/TMPDIR: low
+fs/tempdir/create: low
+hw/cpu: medium
+lateral/scan/tool: medium
+net/dns/servers: low
+net/dns/txt: low
+net/download: medium
+net/http/2: low
+net/http/auth: low
+net/http/post: medium
+net/http/proxy: low
+net/http/request: low
+net/ip/host_port: medium
+net/ip/icmp: medium
+net/ip/parse: medium
+net/ip/resolve: low
+net/ip/string: medium
+net/resolve/hostname: low
+net/resolve/hostport_parse: low
+net/socket/listen: medium
+net/socket/local_addr: low
+net/socket/pair: medium
+net/socket/peer_address: low
+net/socket/receive: low
+net/socket/reuseport: medium
+net/socket/send: low
+net/tcp/grpc: low
+net/url/embedded: low
+os/fd/epoll: low
+os/fd/print: low
+persist/pid_file: medium
+process/chdir: low
+process/multithreaded: low
+sus/compiler: medium
+sus/intercept: medium
diff --git a/tests/linux/clean/botan.simple b/tests/linux/clean/botan.simple
new file mode 100644
index 000000000..8938ad925
--- /dev/null
+++ b/tests/linux/clean/botan.simple
@@ -0,0 +1,35 @@
+# linux/clean/botan: medium
+credential/password: low
+credential/ssl/private_key: low
+crypto/aes: low
+crypto/cipher: medium
+crypto/decrypt: low
+crypto/ed25519: low
+crypto/public_key: low
+crypto/rc4: low
+crypto/tls: low
+data/base64/decode: medium
+data/base64/encode: medium
+data/compression/gzip: low
+data/compression/zlib: low
+data/encoding/base64: low
+discover/network/interface: low
+exec/shell/echo: medium
+exfil/stealer/credit_card: medium
+net/http/accept_encoding: low
+net/http/auth: low
+net/http/cookies: medium
+net/http/post: medium
+net/http/proxy: low
+net/http/request: low
+net/http/websocket: medium
+net/ip/host_port: medium
+net/ip/parse: medium
+net/ip/string: medium
+net/resolve/hostport_parse: low
+net/socket/listen: medium
+net/socket/peer_address: low
+net/socket/receive: low
+net/socket/send: low
+os/fd/epoll: low
+process/multithreaded: low
diff --git a/tests/linux/clean/bpftool.simple b/tests/linux/clean/bpftool.simple
new file mode 100644
index 000000000..5b0b10d16
--- /dev/null
+++ b/tests/linux/clean/bpftool.simple
@@ -0,0 +1,40 @@
+# linux/clean/bpftool: medium
+anti-static/elf/multiple: medium
+anti-static/obfuscation/js: medium
+credential/sniffer/bpf: medium
+crypto/rc4: low
+discover/network/interface: low
+discover/system/platform: low
+discover/user/USER: low
+evasion/hijack_execution/LD_LIBRARY_PATH: low
+evasion/logging/acct: low
+evasion/process_injection/ptrace: medium
+exec/program: medium
+fs/directory/create: low
+fs/directory/remove: low
+fs/file/delete: low
+fs/file/delete_forcibly: low
+fs/file/open: low
+fs/file/times_set: medium
+fs/link_read: low
+fs/mount: low
+fs/mounts_read: medium
+fs/path/boot: medium
+fs/proc/arbitrary_pid: medium
+fs/proc/mounts: medium
+fs/proc/pid_fd: medium
+fs/proc/pid_maps: medium
+fs/symlink_resolve: low
+hw/cpu: medium
+net/ip/syncookie: medium
+net/socket/local_addr: low
+net/socket/peer_address: low
+net/socket/receive: low
+net/socket/send: low
+os/fd/epoll: low
+os/kernel/netlink: low
+os/kernel/perfmon: low
+os/kernel/seccomp: low
+persist/kernel_module/symbol_lookup: medium
+process/create: low
+process/executable_path: low
diff --git a/tests/linux/clean/buildkitd.simple b/tests/linux/clean/buildkitd.simple
new file mode 100644
index 000000000..b0efb5b9c
--- /dev/null
+++ b/tests/linux/clean/buildkitd.simple
@@ -0,0 +1,132 @@
+# linux/clean/buildkitd: medium
+c2/addr/http_dynamic: medium
+c2/addr/ip: medium
+c2/addr/url: low
+c2/client: medium
+c2/discovery/ip_dns_resolver: medium
+c2/tool_transfer/arch: low
+c2/tool_transfer/os: medium
+collect/archives/zip: medium
+collect/code/github_api: low
+credential/password: low
+credential/sniffer/pcap: medium
+credential/ssl/private_key: low
+crypto/aes: low
+crypto/cipher: medium
+crypto/decrypt: low
+crypto/ecdsa: low
+crypto/ed25519: low
+crypto/public_key: low
+crypto/tls: low
+data/compression/bzip2: low
+data/compression/gzip: low
+data/compression/zstd: low
+data/embedded/html: medium
+data/embedded/zstd: medium
+data/encoding/base64: low
+data/encoding/json: low
+data/encoding/json_decode: low
+data/hash/md5: low
+discover/network/mac_address: medium
+discover/network/netstat: medium
+discover/process/name: medium
+discover/system/cpu: low
+discover/system/hostname: low
+discover/system/platform: medium
+discover/system/sysinfo: medium
+discover/user/HOME: low
+discover/user/USER: low
+evasion/file/location/dev_mqueue: medium
+evasion/file/prefix: medium
+evasion/process_injection/ptrace: medium
+exec/cmd: medium
+exec/plugin: low
+exec/program: medium
+exec/reconfigure/hostname_set: low
+exec/shell/SHELL: low
+exec/shell/exec: medium
+exec/system_controls/apparmor: medium
+exec/system_controls/systemd: low
+fs/attributes/set: medium
+fs/directory/create: low
+fs/directory/list: low
+fs/directory/remove: low
+fs/event_monitoring: low
+fs/file/copy: medium
+fs/file/delete: low
+fs/file/open: low
+fs/file/read: low
+fs/file/rename: low
+fs/file/stat: low
+fs/file/times_set: medium
+fs/file/write: low
+fs/link_create: low
+fs/link_read: low
+fs/lock_update: low
+fs/loopback: medium
+fs/mount: low
+fs/node_create: low
+fs/path/etc: low
+fs/path/etc_hosts: medium
+fs/path/etc_resolv.conf: low
+fs/path/usr_local: medium
+fs/path/var: low
+fs/path/windows_root: low
+fs/permission/chown: medium
+fs/permission/modify: medium
+fs/proc/arbitrary_pid: medium
+fs/proc/self_mountinfo: medium
+fs/tempdir/TEMP: low
+fs/tempdir/create: low
+fs/tempfile: low
+fs/watch: low
+impact/remote_access/heartbeat: medium
+impact/remote_access/iptables: medium
+impact/remote_access/pseudo_terminal: medium
+net/dns: low
+net/dns/reverse: medium
+net/dns/servers: low
+net/dns/txt: low
+net/download: medium
+net/http/2: low
+net/http/accept: medium
+net/http/accept_encoding: low
+net/http/auth: low
+net/http/content_length: medium
+net/http/cookies: medium
+net/http/form_upload: medium
+net/http/oauth2: low
+net/http/post: medium
+net/http/proxy: low
+net/http/request: low
+net/ip: low
+net/ip/host_port: medium
+net/ip/icmp: medium
+net/ip/multicast_send: low
+net/ip/parse: medium
+net/resolve/hostname: low
+net/socket/listen: medium
+net/socket/local_addr: low
+net/socket/pair: medium
+net/socket/peer_address: low
+net/socket/receive: low
+net/socket/send: low
+net/tcp/connect: medium
+net/tcp/grpc: low
+net/tcp/ssh: medium
+net/udp/receive: low
+net/udp/send: low
+net/url/embedded: low
+net/url/encode: medium
+net/url/parse: low
+net/url/request: medium
+os/fd/sendfile: low
+os/kernel/kcore: low
+os/kernel/netlink: low
+os/kernel/seccomp: low
+persist/pid_file: medium
+persist/service/start: low
+process/chroot: low
+process/unshare: low
+sus/intercept: medium
+sus/leetspeak: medium
diff --git a/tests/linux/clean/busybox.simple b/tests/linux/clean/busybox.simple
index 36ad08b12..24f80b46c 100644
--- a/tests/linux/clean/busybox.simple
+++ b/tests/linux/clean/busybox.simple
@@ -1,4 +1,4 @@
-# linux/clean/busybox: high
+# linux/clean/busybox: medium
 c2/addr/ip: medium
 c2/addr/url: low
 c2/tool_transfer/os: low
@@ -60,7 +60,6 @@ fs/permission/modify: medium
 fs/proc/arbitrary_pid: medium
 fs/proc/meminfo: medium
 fs/proc/mounts: medium
-fs/proc/pid_fd: high
 fs/proc/stat: medium
 fs/symlink_resolve: low
 fs/tempdir: low
diff --git a/tests/linux/clean/chezmoi.simple b/tests/linux/clean/chezmoi.simple
index 22b81a609..3340aff74 100644
--- a/tests/linux/clean/chezmoi.simple
+++ b/tests/linux/clean/chezmoi.simple
@@ -1,4 +1,5 @@
 # linux/clean/chezmoi: medium
+anti-static/xor/functions: medium
 c2/addr/discord: medium
 c2/addr/http_dynamic: medium
 c2/addr/ip: medium
diff --git a/tests/linux/clean/clickhouse.simple b/tests/linux/clean/clickhouse.simple
index 75be78df1..1d49e3f55 100644
--- a/tests/linux/clean/clickhouse.simple
+++ b/tests/linux/clean/clickhouse.simple
@@ -1,4 +1,4 @@
-# linux/clean/clickhouse: high
+# linux/clean/clickhouse: medium
 anti-static/elf/multiple: medium
 anti-static/obfuscation/obfuscate: low
 c2/addr/http_dynamic: medium
@@ -9,7 +9,7 @@ c2/discovery/dyndns: medium
 c2/tool_transfer/arch: low
 c2/tool_transfer/download: medium
 c2/tool_transfer/dropper: medium
-c2/tool_transfer/grayware: high
+c2/tool_transfer/grayware: medium
 c2/tool_transfer/os: medium
 collect/databases/leveldb: medium
 collect/databases/mysql: medium
diff --git a/tests/linux/clean/http-fingerprints.lua.simple b/tests/linux/clean/http-fingerprints.lua.simple
index 63fe30f18..3f5253e9a 100644
--- a/tests/linux/clean/http-fingerprints.lua.simple
+++ b/tests/linux/clean/http-fingerprints.lua.simple
@@ -1,6 +1,6 @@
-# linux/clean/http-fingerprints.lua: high
+# linux/clean/http-fingerprints.lua: medium
 3P/sig_base/hacktool_strings_p0wnedshell: medium
-c2/tool_transfer/grayware: high
+c2/tool_transfer/grayware: medium
 c2/tool_transfer/os: medium
 collect/archives/zip: medium
 collect/databases/mysql: medium
@@ -21,4 +21,4 @@ net/http/request: low
 net/tcp/ssh: medium
 net/url/embedded: medium
 sec-tool/net/nmap: medium
-sec-tool/vulncheck/metasploit: high
+sec-tool/vulncheck/metasploit: medium
diff --git a/tests/linux/clean/kibana/securitySolution.chunk.22.js.simple b/tests/linux/clean/kibana/securitySolution.chunk.22.js.simple
index 1519652c0..a78a1d8a9 100644
--- a/tests/linux/clean/kibana/securitySolution.chunk.22.js.simple
+++ b/tests/linux/clean/kibana/securitySolution.chunk.22.js.simple
@@ -1,11 +1,11 @@
-# linux/clean/kibana/securitySolution.chunk.22.js: critical
-c2/addr/url: high
+# linux/clean/kibana/securitySolution.chunk.22.js: medium
+c2/addr/url: low
 c2/discovery/dyndns: medium
 c2/tool_transfer/arch: low
-c2/tool_transfer/download: high
+c2/tool_transfer/download: low
 c2/tool_transfer/dropper: medium
-c2/tool_transfer/exe_url: high
-c2/tool_transfer/grayware: high
+c2/tool_transfer/exe_url: low
+c2/tool_transfer/grayware: low
 c2/tool_transfer/os: medium
 collect/databases/mysql: medium
 credential/keylogger: medium
@@ -30,7 +30,7 @@ impact/infection/infected: medium
 impact/infection/worm: medium
 impact/remote_access/backdoor: medium
 impact/remote_access/iptables: medium
-impact/remote_access/reverse_shell: high
+impact/remote_access/reverse_shell: low
 impact/remote_access/trojan: medium
 lateral/scan/brute_force: low
 malware/ref: medium
@@ -41,7 +41,7 @@ net/url/embedded: medium
 net/url/parse: low
 persist/daemon: medium
 process/chroot: low
-sec-tool/net/masscan: high
+sec-tool/net/masscan: low
 sec-tool/net/nmap: medium
 sec-tool/pentest/metasploit_ref: medium
 sus/leetspeak: medium
diff --git a/tests/linux/clean/kibana/securitySolution.chunk.9.js.simple b/tests/linux/clean/kibana/securitySolution.chunk.9.js.simple
index 9a1d76345..3478ac9b6 100644
--- a/tests/linux/clean/kibana/securitySolution.chunk.9.js.simple
+++ b/tests/linux/clean/kibana/securitySolution.chunk.9.js.simple
@@ -1,14 +1,14 @@
-# linux/clean/kibana/securitySolution.chunk.9.js: critical
+# linux/clean/kibana/securitySolution.chunk.9.js: medium
 anti-static/obfuscation/js: medium
 anti-static/obfuscation/reverse: medium
 c2/addr/ip: medium
-c2/addr/url: high
+c2/addr/url: low
 c2/discovery/dyndns: medium
 c2/tool_transfer/arch: low
-c2/tool_transfer/download: high
+c2/tool_transfer/download: low
 c2/tool_transfer/dropper: medium
-c2/tool_transfer/exe_url: high
-c2/tool_transfer/grayware: high
+c2/tool_transfer/exe_url: low
+c2/tool_transfer/grayware: low
 c2/tool_transfer/os: medium
 collect/databases/mysql: medium
 credential/keylogger: medium
@@ -40,12 +40,11 @@ impact/ddos: medium
 impact/exploit: medium
 impact/exploit/cve: medium
 impact/exploit/known_s: medium
-impact/exploit/overflow_shellcode: high
 impact/infection/infected: medium
 impact/infection/worm: medium
 impact/remote_access/backdoor: medium
 impact/remote_access/iptables: medium
-impact/remote_access/reverse_shell: high
+impact/remote_access/reverse_shell: low
 impact/remote_access/trojan: medium
 lateral/scan/brute_force: low
 malware/ref: medium
@@ -64,7 +63,7 @@ net/url/request: medium
 os/kernel/seccomp: low
 persist/daemon: medium
 process/chroot: low
-sec-tool/net/masscan: high
+sec-tool/net/masscan: low
 sec-tool/net/nmap: medium
 sec-tool/pentest/metasploit_ref: medium
 sus/leetspeak: medium
diff --git a/tests/linux/clean/nvim.simple b/tests/linux/clean/nvim.simple
index e5f53b526..04a232ae4 100644
--- a/tests/linux/clean/nvim.simple
+++ b/tests/linux/clean/nvim.simple
@@ -21,7 +21,6 @@ discover/processes/pgrep: medium
 discover/system/platform: low
 discover/user/HOME: low
 discover/user/USER: low
-evasion/file/location/x11_unix: low
 evasion/file/prefix: medium
 exec/conditional/LANG: low
 exec/dylib/symbol_address: medium
diff --git a/tests/linux/clean/pandoc.md b/tests/linux/clean/pandoc.md
index e4f1cb3c9..064d08aba 100644
--- a/tests/linux/clean/pandoc.md
+++ b/tests/linux/clean/pandoc.md
@@ -1,9 +1,7 @@
-## linux/clean/pandoc [🛑 HIGH]
+## linux/clean/pandoc [🟡 MEDIUM]
 
 | RISK | KEY | DESCRIPTION | EVIDENCE |
 |--|--|--|--|
-| HIGH | [impact/exploit/overflow_shellcode](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/exploit/overflow-shellcode.yara#exploit) | Buffer overflow exploit | [address](https://github.com/search?q=address&type=code)<br>[offset](https://github.com/search?q=offset&type=code)<br>[padding](https://github.com/search?q=padding&type=code)<br>[shellcode](https://github.com/search?q=shellcode&type=code) |
-| HIGH | [persist/shell/bash](https://github.com/chainguard-dev/malcontent/blob/main/rules/persist/shell/bash.yara#bash_persist_persistent) | acccesses multiple bash startup files | [.bash_login](https://github.com/search?q=.bash_login&type=code)<br>[.bash_profile](https://github.com/search?q=.bash_profile&type=code)<br>[.bashrc](https://github.com/search?q=.bashrc&type=code)<br>[.profile](https://github.com/search?q=.profile&type=code) |
 | MEDIUM | [anti-static/elf/multiple](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/elf/multiple.yara#multiple_elf) | multiple ELF binaries within an ELF binary | $elf_head |
 | MEDIUM | [c2/addr/ip](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/addr/ip.yara#ip_port_mention) | mentions an IP and port | [IP](https://github.com/search?q=IP&type=code)<br>[bindPort](https://github.com/search?q=bindPort&type=code)<br>[blIp](https://github.com/search?q=blIp&type=code)<br>[client_ip](https://github.com/search?q=client_ip&type=code)<br>[client_port](https://github.com/search?q=client_port&type=code)<br>[config_port](https://github.com/search?q=config_port&type=code)<br>[curlopt_port](https://github.com/search?q=curlopt_port&type=code)<br>[defaultPort](https://github.com/search?q=defaultPort&type=code)<br>[domain_port](https://github.com/search?q=domain_port&type=code)<br>[eIp](https://github.com/search?q=eIp&type=code)<br>[ereghet_ip](https://github.com/search?q=ereghet_ip&type=code)<br>[framed_ip](https://github.com/search?q=framed_ip&type=code)<br>[ftp_port](https://github.com/search?q=ftp_port&type=code)<br>[gamhet_ip](https://github.com/search?q=gamhet_ip&type=code)<br>[getPort](https://github.com/search?q=getPort&type=code)<br>[get_port](https://github.com/search?q=get_port&type=code)<br>[gomphet_ip](https://github.com/search?q=gomphet_ip&type=code)<br>[host_ip](https://github.com/search?q=host_ip&type=code)<br>[http_port](https://github.com/search?q=http_port&type=code)<br>[internal_ip](https://github.com/search?q=internal_ip&type=code)<br>[ipproto_ip](https://github.com/search?q=ipproto_ip&type=code)<br>[is_port](https://github.com/search?q=is_port&type=code)<br>[lat_port](https://github.com/search?q=lat_port&type=code)<br>[lloghet_ip](https://github.com/search?q=lloghet_ip&type=code)<br>[lnormhet_ip](https://github.com/search?q=lnormhet_ip&type=code)<br>[local_ip](https://github.com/search?q=local_ip&type=code)<br>[local_port](https://github.com/search?q=local_port&type=code)<br>[login_ip](https://github.com/search?q=login_ip&type=code)<br>[mIp](https://github.com/search?q=mIp&type=code)<br>[nas_ip](https://github.com/search?q=nas_ip&type=code)<br>[nas_port](https://github.com/search?q=nas_port&type=code)<br>[open_port](https://github.com/search?q=open_port&type=code)<br>[pg_port](https://github.com/search?q=pg_port&type=code)<br>[primary_ip](https://github.com/search?q=primary_ip&type=code)<br>[primary_port](https://github.com/search?q=primary_port&type=code)<br>[proxyPort](https://github.com/search?q=proxyPort&type=code)<br>[radius_port](https://github.com/search?q=radius_port&type=code)<br>[sam_port](https://github.com/search?q=sam_port&type=code)<br>[serverPort](https://github.com/search?q=serverPort&type=code)<br>[server_port](https://github.com/search?q=server_port&type=code)<br>[setPort](https://github.com/search?q=setPort&type=code)<br>[socketPort](https://github.com/search?q=socketPort&type=code)<br>[tcp_port](https://github.com/search?q=tcp_port&type=code)<br>[uriPort](https://github.com/search?q=uriPort&type=code)<br>[url_port](https://github.com/search?q=url_port&type=code)<br>[validate_ip](https://github.com/search?q=validate_ip&type=code)<br>[weibhet_ip](https://github.com/search?q=weibhet_ip&type=code)<br>[xIp](https://github.com/search?q=xIp&type=code) |
 | MEDIUM | [c2/addr/server](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/addr/server.yara#server_address) | references a 'server address', possible C2 client | [inet_server_addr](https://github.com/search?q=inet_server_addr&type=code) |
diff --git a/tests/linux/clean/qemu-system-xtensa.md b/tests/linux/clean/qemu-system-xtensa.md
index f24a1df59..c5d2a7b16 100644
--- a/tests/linux/clean/qemu-system-xtensa.md
+++ b/tests/linux/clean/qemu-system-xtensa.md
@@ -1,9 +1,7 @@
-## linux/clean/qemu-system-xtensa [🛑 HIGH]
+## linux/clean/qemu-system-xtensa [🟡 MEDIUM]
 
 | RISK | KEY | DESCRIPTION | EVIDENCE |
 |--|--|--|--|
-| HIGH | [crypto/xor](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/xor.yara#xor_decode_encode) | decodes/encodes XOR content | [Opcode_xor_encode_fns](https://github.com/search?q=Opcode_xor_encode_fns&type=code) |
-| HIGH | [fs/proc/pid_cmdline](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/proc/pid-cmdline.yara#proc_d_cmdline) | access command-line of other processes | [/proc/%d/cmdline](https://github.com/search?q=%2Fproc%2F%25d%2Fcmdline&type=code) |
 | MEDIUM | [anti-static/elf/multiple](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/elf/multiple.yara#multiple_elf) | multiple ELF binaries within an ELF binary | $elf_head |
 | MEDIUM | [c2/addr/ip](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/addr/ip.yara#ip_port_mention) | mentions an IP and port | [IP](https://github.com/search?q=IP&type=code)<br>[Ip](https://github.com/search?q=Ip&type=code)<br>[Port](https://github.com/search?q=Port&type=code)<br>[add_port](https://github.com/search?q=add_port&type=code)<br>[ahci_port](https://github.com/search?q=ahci_port&type=code)<br>[and_port](https://github.com/search?q=and_port&type=code)<br>[be_port](https://github.com/search?q=be_port&type=code)<br>[claim_port](https://github.com/search?q=claim_port&type=code)<br>[clear_port](https://github.com/search?q=clear_port&type=code)<br>[compare_ip](https://github.com/search?q=compare_ip&type=code)<br>[ehci_port](https://github.com/search?q=ehci_port&type=code)<br>[extract_ip](https://github.com/search?q=extract_ip&type=code)<br>[find_port](https://github.com/search?q=find_port&type=code)<br>[fix_port](https://github.com/search?q=fix_port&type=code)<br>[get_ip](https://github.com/search?q=get_ip&type=code)<br>[get_port](https://github.com/search?q=get_port&type=code)<br>[handle_port](https://github.com/search?q=handle_port&type=code)<br>[host_port](https://github.com/search?q=host_port&type=code)<br>[hub_port](https://github.com/search?q=hub_port&type=code)<br>[megasas_port](https://github.com/search?q=megasas_port&type=code)<br>[mem_port](https://github.com/search?q=mem_port&type=code)<br>[message_port](https://github.com/search?q=message_port&type=code)<br>[metadata_ip](https://github.com/search?q=metadata_ip&type=code)<br>[mmio_port](https://github.com/search?q=mmio_port&type=code)<br>[mptsas_port](https://github.com/search?q=mptsas_port&type=code)<br>[ohci_port](https://github.com/search?q=ohci_port&type=code)<br>[pcie_port](https://github.com/search?q=pcie_port&type=code)<br>[register_port](https://github.com/search?q=register_port&type=code)<br>[release_port](https://github.com/search?q=release_port&type=code)<br>[remove_port](https://github.com/search?q=remove_port&type=code)<br>[reset_port](https://github.com/search?q=reset_port&type=code)<br>[serial_port](https://github.com/search?q=serial_port&type=code)<br>[spdm_port](https://github.com/search?q=spdm_port&type=code)<br>[state_port](https://github.com/search?q=state_port&type=code)<br>[throttle_port](https://github.com/search?q=throttle_port&type=code)<br>[uhci_port](https://github.com/search?q=uhci_port&type=code)<br>[update_ip](https://github.com/search?q=update_ip&type=code)<br>[upstream_port](https://github.com/search?q=upstream_port&type=code)<br>[usb_port](https://github.com/search?q=usb_port&type=code)<br>[virtser_port](https://github.com/search?q=virtser_port&type=code)<br>[write_port](https://github.com/search?q=write_port&type=code)<br>[xhci_port](https://github.com/search?q=xhci_port&type=code) |
 | MEDIUM | [c2/addr/server](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/addr/server.yara#server_address) | references a 'server address', possible C2 client | [vnc_init_basic_info_from_server_addr](https://github.com/search?q=vnc_init_basic_info_from_server_addr&type=code) |
@@ -29,6 +27,7 @@
 | MEDIUM | [fs/path/tmp](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/tmp.yara#tmp_path) | path reference within /tmp | [/tmp/perf-%d.map](https://github.com/search?q=%2Ftmp%2Fperf-%25d.map&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/block/block-gen.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Fblock%2Fblock-gen.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/hw/usb/hcd-ehci.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Fhw%2Fusb%2Fhcd-ehci.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/authz/base.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fauthz%2Fbase.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/authz/list.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fauthz%2Flist.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/authz/listfile.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fauthz%2Flistfile.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/authz/simple.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fauthz%2Fsimple.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/block/throttle-gro](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fblock%2Fthrottle-gro&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/chardev/char-fd.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fchardev%2Fchar-fd.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/chardev/char-socke](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fchardev%2Fchar-socke&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/chardev/char.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fchardev%2Fchar.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/crypto/secret.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fcrypto%2Fsecret.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/crypto/secret_comm](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fcrypto%2Fsecret_comm&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/crypto/secret_keyr](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fcrypto%2Fsecret_keyr&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/crypto/tls-cipher-](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fcrypto%2Ftls-cipher-&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/crypto/tlscreds.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fcrypto%2Ftlscreds.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/crypto/tlscredsano](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fcrypto%2Ftlscredsano&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/crypto/tlscredspsk](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fcrypto%2Ftlscredspsk&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/crypto/tlscredsx50](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fcrypto%2Ftlscredsx50&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/exec/memory.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fexec%2Fmemory.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/exec/memory_ldst_c](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fexec%2Fmemory_ldst_c&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/exec/ram_addr.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fexec%2Fram_addr.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/acpi/acpi_aml_i](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Facpi%2Facpi_aml_i&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/acpi/acpi_dev_i](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Facpi%2Facpi_dev_i&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/acpi/vmgenid.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Facpi%2Fvmgenid.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/block/flash.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fblock%2Fflash.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/boards.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fboards.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/char/serial.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fchar%2Fserial.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/clock.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fclock.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/core/cpu.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fcore%2Fcpu.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/core/generic-lo](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fcore%2Fgeneric-lo&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/core/resetconta](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fcore%2Fresetconta&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/cpu/cluster.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fcpu%2Fcluster.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/cpu/core.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fcpu%2Fcore.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/display/i2c-ddc](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fdisplay%2Fi2c-ddc&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/elf_ops.h.inc](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Felf_ops.h.inc&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/fw-path-provide](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Ffw-path-provide&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/hotplug.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fhotplug.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/i2c/i2c.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fi2c%2Fi2c.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/ide/ahci-pci.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fide%2Fahci-pci.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/ide/ahci-sysbus](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fide%2Fahci-sysbus&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/ide/ide-bus.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fide%2Fide-bus.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/ide/ide-dev.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fide%2Fide-dev.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/intc/intc.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fintc%2Fintc.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/ipack/ipack.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fipack%2Fipack.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/misc/vmcoreinfo](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fmisc%2Fvmcoreinfo&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/nmi.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fnmi.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/nvram/fw_cfg.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fnvram%2Ffw_cfg.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/pci-host/gpex.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fpci-host%2Fgpex.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/pci/pci.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fpci%2Fpci.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/pci/pci_bridge.](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fpci%2Fpci_bridge.&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/pci/pci_device.](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fpci%2Fpci_device.&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/pci/pci_host.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fpci%2Fpci_host.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/pci/pcie_host.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fpci%2Fpcie_host.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/pci/pcie_port.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fpci%2Fpcie_port.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/qdev-core.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fqdev-core.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/resettable.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fresettable.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/scsi/esp.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fscsi%2Fesp.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/scsi/scsi.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fscsi%2Fscsi.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/sd/sd.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fsd%2Fsd.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/sd/sdhci.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fsd%2Fsdhci.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/sysbus.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fsysbus.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/usb.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fusb.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/usb/imx-usb-phy](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fusb%2Fimx-usb-phy&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/usb/msd.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fusb%2Fmsd.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/vfio/vfio-commo](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fvfio%2Fvfio-commo&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/vfio/vfio-conta](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fvfio%2Fvfio-conta&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/virtio/vdpa-dev](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fvirtio%2Fvdpa-dev&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/virtio/vhost-sc](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fvirtio%2Fvhost-sc&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/virtio/vhost-us](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fvirtio%2Fvhost-us&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/virtio/vhost-vs](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fvirtio%2Fvhost-vs&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/virtio/virtio-b](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fvirtio%2Fvirtio-b&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/virtio/virtio-c](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fvirtio%2Fvirtio-c&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/virtio/virtio-g](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fvirtio%2Fvirtio-g&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/virtio/virtio-i](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fvirtio%2Fvirtio-i&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/virtio/virtio-n](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fvirtio%2Fvirtio-n&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/virtio/virtio-p](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fvirtio%2Fvirtio-p&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/virtio/virtio-r](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fvirtio%2Fvirtio-r&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/virtio/virtio-s](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fvirtio%2Fvirtio-s&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/virtio/virtio.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fvirtio%2Fvirtio.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/hw/vmstate-if.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fhw%2Fvmstate-if.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/io/channel-buffer.](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fio%2Fchannel-buffer.&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/io/channel-command](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fio%2Fchannel-command&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/io/channel-file.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fio%2Fchannel-file.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/io/channel-null.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fio%2Fchannel-null.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/io/channel-socket.](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fio%2Fchannel-socket.&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/io/channel-tls.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fio%2Fchannel-tls.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/io/channel-websock](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fio%2Fchannel-websock&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/io/channel.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fio%2Fchannel.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/io/dns-resolver.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fio%2Fdns-resolver.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/io/net-listener.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fio%2Fnet-listener.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/net/can_host.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fnet%2Fcan_host.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/net/filter.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fnet%2Ffilter.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/qapi/qmp/qobject.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fqapi%2Fqmp%2Fqobject.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/qemu/bitops.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fqemu%2Fbitops.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/qemu/bswap.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fqemu%2Fbswap.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/qemu/coroutine.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fqemu%2Fcoroutine.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/qemu/int128.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fqemu%2Fint128.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/qemu/iov.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fqemu%2Fiov.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/qemu/lockable.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fqemu%2Flockable.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/qemu/main-loop.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fqemu%2Fmain-loop.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/qemu/range.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fqemu%2Frange.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/qemu/ratelimit.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fqemu%2Fratelimit.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/qemu/rcu.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fqemu%2Frcu.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/qemu/thread-contex](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fqemu%2Fthread-contex&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/qom/object_interfa](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fqom%2Fobject_interfa&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/scsi/pr-manager.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fscsi%2Fpr-manager.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/sysemu/accel-ops.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fsysemu%2Faccel-ops.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/sysemu/cryptodev.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fsysemu%2Fcryptodev.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/sysemu/event-loop-](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fsysemu%2Fevent-loop-&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/sysemu/host_iommu_](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fsysemu%2Fhost_iommu_&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/sysemu/hostmem.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fsysemu%2Fhostmem.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/sysemu/iothread.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fsysemu%2Fiothread.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/sysemu/rng-random.](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fsysemu%2Frng-random.&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/sysemu/rng.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fsysemu%2Frng.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/sysemu/tpm.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fsysemu%2Ftpm.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/sysemu/tpm_backend](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fsysemu%2Ftpm_backend&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/sysemu/vhost-user-](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fsysemu%2Fvhost-user-&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/ui/console.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fui%2Fconsole.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/ui/dbus-display.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fui%2Fdbus-display.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/include/ui/qemu-spice.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Finclude%2Fui%2Fqemu-spice.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/migration/channel-block.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Fmigration%2Fchannel-block.h&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/tcg/i386/tcg-target.c.inc](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Ftcg%2Fi386%2Ftcg-target.c.inc&type=code)<br>[/tmp/qemu-20240904-24095-51glkd/qemu-9.1.0/trace/control-internal.h](https://github.com/search?q=%2Ftmp%2Fqemu-20240904-24095-51glkd%2Fqemu-9.1.0%2Ftrace%2Fcontrol-internal.h&type=code) |
 | MEDIUM | [fs/permission/modify](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/permission/permission-modify.yara#chmod) | [modifies file permissions](https://linux.die.net/man/1/chmod) | [chmod](https://github.com/search?q=chmod&type=code) |
 | MEDIUM | [fs/proc/arbitrary_pid](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/proc/arbitrary-pid.yara#proc_arbitrary) | access /proc for arbitrary pids | [/proc/%d/cmdline](https://github.com/search?q=%2Fproc%2F%25d%2Fcmdline&type=code) |
+| MEDIUM | [fs/proc/pid_cmdline](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/proc/pid-cmdline.yara#proc_d_cmdline) | access command-line of other processes | [/proc/%d/cmdline](https://github.com/search?q=%2Fproc%2F%25d%2Fcmdline&type=code) |
 | MEDIUM | [fs/proc/self_exe](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/proc/self-exe.yara#proc_self_exe) | gets executable associated to this process | [/proc/self/exe](https://github.com/search?q=%2Fproc%2Fself%2Fexe&type=code) |
 | MEDIUM | [hw/dev/block_ice](https://github.com/chainguard-dev/malcontent/blob/main/rules/hw/dev/block-device.yara#block_devices) | works with block devices | [/dev/block/%u](https://github.com/search?q=%2Fdev%2Fblock%2F%25u&type=code)<br>[/sys/dev/block](https://github.com/search?q=%2Fsys%2Fdev%2Fblock&type=code) |
 | MEDIUM | [impact/remote_access/agent](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/remote_access/agent.yara#agent) | references an 'agent' | [vdagent](https://github.com/search?q=vdagent&type=code) |
diff --git a/tests/linux/clean/sshd.simple b/tests/linux/clean/sshd.simple
index 0f440871f..685efa644 100644
--- a/tests/linux/clean/sshd.simple
+++ b/tests/linux/clean/sshd.simple
@@ -17,7 +17,6 @@ discover/process/parent: low
 discover/system/hostname: low
 discover/user/HOME: low
 discover/user/USER: low
-evasion/file/location/x11_unix: low
 evasion/file/prefix: medium
 evasion/logging/acct: low
 evasion/logging/failed_logins: medium
diff --git a/tests/linux/clean/tree-sitter.md b/tests/linux/clean/tree-sitter.md
index 9daab6155..d49287bc8 100644
--- a/tests/linux/clean/tree-sitter.md
+++ b/tests/linux/clean/tree-sitter.md
@@ -1,8 +1,7 @@
-## linux/clean/tree-sitter [🛑 HIGH]
+## linux/clean/tree-sitter [🟡 MEDIUM]
 
 | RISK | KEY | DESCRIPTION | EVIDENCE |
 |--|--|--|--|
-| HIGH | [exec/shell/tmp_semicolon](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/shell/tmp_semicolon.yara#semicolon_short_tmp) | unusual one-liners involving /tmp | [--;/tmp/rust-20241004-6494-uljaw4/rustc-1](https://github.com/search?q=--%3B%2Ftmp%2Frust-20241004-6494-uljaw4%2Frustc-1&type=code) |
 | MEDIUM | [anti-static/elf/multiple](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/elf/multiple.yara#multiple_elf) | multiple ELF binaries within an ELF binary | $elf_head |
 | MEDIUM | [c2/tool_transfer/dropper](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/tool_transfer/dropper.yara#dropper) | References a 'dropper' | [Dropper](https://github.com/search?q=Dropper&type=code) |
 | MEDIUM | [c2/tool_transfer/os](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/tool_transfer/os.yara#multiple_os_ref) | references multiple operating systems | [Darwin](https://github.com/search?q=Darwin&type=code)<br>[Windows](https://github.com/search?q=Windows&type=code)<br>[http://](http://)<br>[https://](https://)<br>[macOS](https://github.com/search?q=macOS&type=code) |
diff --git a/tests/linux/clean/trufflehog.md b/tests/linux/clean/trufflehog.md
index ad6c6c17e..547b61558 100644
--- a/tests/linux/clean/trufflehog.md
+++ b/tests/linux/clean/trufflehog.md
@@ -1,14 +1,7 @@
-## linux/clean/trufflehog [😈 CRITICAL]
+## linux/clean/trufflehog [🟡 MEDIUM]
 
 | RISK | KEY | DESCRIPTION | EVIDENCE |
 |--|--|--|--|
-| HIGH | [c2/addr/url](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/addr/url.yara#binary_url_with_question) | binary contains hardcoded URL with question mark | [https://api.mesibo.com/api.php?op=useradd&token=https](https://api.mesibo.com/api.php?op=useradd&token=https)<br>[https://api.route4me.com/api.v4/address_book.php?api_key=https](https://api.route4me.com/api.v4/address_book.php?api_key=https)<br>[https://api.websitepulse.com/textserver.php?method=GetContacts&username=](https://api.websitepulse.com/textserver.php?method=GetContacts&username=)<br>[https://us1.locationiq.com/v1/reverse.php?key=https](https://us1.locationiq.com/v1/reverse.php?key=https) |
-| HIGH | [c2/tool_transfer/download](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/tool_transfer/download.yara#download_sites) | [References known file hosting site](https://github.com/ditekshen/detection/blob/e6579590779f62cbe7f5e14b5be7d77b2280f516/yara/indicator_high.yar#L1001) | [pastebin.Scanner](https://github.com/search?q=pastebin.Scanner&type=code)<br>[pastebin.com/api/api_post](https://github.com/search?q=pastebin.com%2Fapi%2Fapi_post&type=code)<br>[pastebin.go](https://github.com/search?q=pastebin.go&type=code)<br>[pastebin.init](https://github.com/search?q=pastebin.init&type=code) |
-| HIGH | [c2/tool_transfer/grayware](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/tool_transfer/grayware.yara#grayware_sites) | References websites that host code that can be used maliciously | [shodan.io](https://github.com/search?q=shodan.io&type=code) |
-| HIGH | [discover/ip/public](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/ip/public_ip.yara#iplookup_website) | public service to discover external IP address | [ipify.or](https://github.com/search?q=ipify.or&type=code) |
-| HIGH | [exfil/discord](https://github.com/chainguard-dev/malcontent/blob/main/rules/exfil/discord.yara#discord_bot) | [Uses the Discord webhooks API](https://github.com/bartblaze/community/blob/3f3997f8c79c3605ae6d5324c8578cb12c452512/data/yara/binaries/indicator_high.yar#L706) | [discord.com/api/webhooks/](https://github.com/search?q=discord.com%2Fapi%2Fwebhooks%2F&type=code) |
-| HIGH | [exfil/stealer/creds](https://github.com/chainguard-dev/malcontent/blob/main/rules/exfil/stealer/creds.yara#suspected_data_stealer) | suspected data stealer | [Atomic](https://github.com/search?q=Atomic&type=code)<br>[Binance](https://github.com/search?q=Binance&type=code)<br>[Chrome](https://github.com/search?q=Chrome&type=code)<br>[Discord](https://github.com/search?q=Discord&type=code)<br>[Firefox](https://github.com/search?q=Firefox&type=code)<br>[History](https://github.com/search?q=History&type=code)<br>[OpenVPN](https://github.com/search?q=OpenVPN&type=code)<br>[Snowflake](https://github.com/search?q=Snowflake&type=code)<br>[Telegram](https://github.com/search?q=Telegram&type=code) |
-| HIGH | [exfil/upload](https://github.com/chainguard-dev/malcontent/blob/main/rules/exfil/upload.yara#file_io_uploader) | uploads content to file.io | [POST](https://github.com/search?q=POST&type=code)<br>[file.io](https://github.com/search?q=file.io&type=code)<br>[post](https://github.com/search?q=post&type=code) |
 | MEDIUM | [anti-behavior/vm_check](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-behavior/vm-check.yara#vm_checker) | Checks to see if it is running with a VM | [GenuineIntel](https://github.com/search?q=GenuineIntel&type=code)<br>[VMware](https://github.com/search?q=VMware&type=code) |
 | MEDIUM | [anti-static/elf/multiple](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/elf/multiple.yara#multiple_elf) | multiple ELF binaries within an ELF binary | $elf_head |
 | MEDIUM | [c2/addr/discord](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/addr/discord.yara#discord) | may report back to 'Discord' | [Discord](https://github.com/search?q=Discord&type=code) |
@@ -19,6 +12,8 @@
 | MEDIUM | [c2/client](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/client.yara#clientID) | contains a client ID | [clientID](https://github.com/search?q=clientID&type=code)<br>[clientId](https://github.com/search?q=clientId&type=code)<br>[client_id](https://github.com/search?q=client_id&type=code) |
 | MEDIUM | [c2/discovery/ip_dns_resolver](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/discovery/ip-dns_resolver.yara#google_dns_ip) | contains Google Public DNS resolver IP | [8.8.8.8](https://github.com/search?q=8.8.8.8&type=code) |
 | MEDIUM | [c2/refs](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/refs.yara#download_ref) | downloads files | [download file](https://github.com/search?q=download+file&type=code) |
+| MEDIUM | [c2/tool_transfer/download](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/tool_transfer/download.yara#download_sites) | [References known file hosting site](https://github.com/ditekshen/detection/blob/e6579590779f62cbe7f5e14b5be7d77b2280f516/yara/indicator_high.yar#L1001) | [pastebin.Scanner](https://github.com/search?q=pastebin.Scanner&type=code)<br>[pastebin.com/api/api_post](https://github.com/search?q=pastebin.com%2Fapi%2Fapi_post&type=code)<br>[pastebin.go](https://github.com/search?q=pastebin.go&type=code)<br>[pastebin.init](https://github.com/search?q=pastebin.init&type=code) |
+| MEDIUM | [c2/tool_transfer/grayware](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/tool_transfer/grayware.yara#shodan_io) | References shodan.io | [shodan.io](https://github.com/search?q=shodan.io&type=code) |
 | MEDIUM | [c2/tool_transfer/os](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/tool_transfer/os.yara#multiple_os_ref) | references multiple operating systems | [Darwin](https://github.com/search?q=Darwin&type=code)<br>[Linux](https://github.com/search?q=Linux&type=code)<br>[Windows](https://github.com/search?q=Windows&type=code)<br>[http://](http://)<br>[https://](https://) |
 | MEDIUM | [collect/archives/unarchive](https://github.com/chainguard-dev/malcontent/blob/main/rules/collect/archives/unarchive.yara#unarchive) | unarchives files | [UnarchiveProject](https://github.com/search?q=UnarchiveProject&type=code)<br>[unarchiveadmin](https://github.com/search?q=unarchiveadmin&type=code)<br>[unarchiveapp_configurations](https://github.com/search?q=unarchiveapp_configurations&type=code) |
 | MEDIUM | [collect/archives/zip](https://github.com/chainguard-dev/malcontent/blob/main/rules/collect/archives/zip.yara#zip) | Works with zip files | [archive/zip](https://github.com/search?q=archive%2Fzip&type=code) |
@@ -38,6 +33,7 @@
 | MEDIUM | [data/embedded/pem_private_key](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/embedded/embedded-pem-private_key.yara#begin_private_key) | Contains RSA PRIVATE KEY directive | [PRIVATE KEY--](https://github.com/search?q=PRIVATE+KEY--&type=code) |
 | MEDIUM | [data/embedded/ssh_signature](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/embedded/embedded-ssh-signature.yara#ssh_signature) | Contains embedded SSH signature | [--BEGIN SSH SIGNATURE--](https://github.com/search?q=--BEGIN+SSH+SIGNATURE--&type=code) |
 | MEDIUM | [discover/group/lookup](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/group/lookup.yara#getgrent) | get entry from group database | [endgrent](https://github.com/search?q=endgrent&type=code)<br>[getgrent](https://github.com/search?q=getgrent&type=code)<br>[setgrent](https://github.com/search?q=setgrent&type=code) |
+| MEDIUM | [discover/ip/public](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/ip/public_ip.yara#iplookup_website) | public service to discover external IP address | [ipify.org](https://github.com/search?q=ipify.org&type=code) |
 | MEDIUM | [discover/network/mac_address](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/network/mac-address.yara#macaddr) | Retrieves network MAC address | [MAC address](https://github.com/search?q=MAC+address&type=code)<br>[macAddress](https://github.com/search?q=macAddress&type=code) |
 | MEDIUM | [discover/network/netstat](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/network/netstat.yara#netstat) | Uses 'netstat' for network information | [netstat](https://github.com/search?q=netstat&type=code) |
 | MEDIUM | [discover/system/sysinfo](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/system/sysinfo.yara#sysinfo) | [get system information (load, swap)](https://man7.org/linux/man-pages/man2/sysinfo.2.html) | [sysinfo](https://github.com/search?q=sysinfo&type=code)<br>[systeminfo](https://github.com/search?q=systeminfo&type=code) |
@@ -48,7 +44,10 @@
 | MEDIUM | [exec/program](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/program/program.yara#exec_cmd_run) | executes external programs | [).CombinedOutput](https://github.com/search?q=%29.CombinedOutput&type=code)<br>[exec.(*Cmd).Run](https://github.com/search?q=exec.%28%2ACmd%29.Run&type=code) |
 | MEDIUM | [exec/script/osa](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/script/osascript.yara#osascript_caller) | runs osascript | [display dialog](https://github.com/search?q=display+dialog&type=code) |
 | MEDIUM | [exec/shell/power](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/shell/powershell.yara#powershell) | runs powershell scripts | [powershell](https://github.com/search?q=powershell&type=code) |
+| MEDIUM | [exfil/discord](https://github.com/chainguard-dev/malcontent/blob/main/rules/exfil/discord.yara#discord_bot) | [Uses the Discord webhooks API](https://github.com/bartblaze/community/blob/3f3997f8c79c3605ae6d5324c8578cb12c452512/data/yara/binaries/indicator_high.yar#L706) | [discord.com/api/webhooks/](https://github.com/search?q=discord.com%2Fapi%2Fwebhooks%2F&type=code) |
 | MEDIUM | [exfil/office_file_ext](https://github.com/chainguard-dev/malcontent/blob/main/rules/exfil/office_file_ext.yara#office_extensions) | References multiple Office file extensions (possible exfil) | [docx](https://github.com/search?q=docx&type=code)<br>[ppt](https://github.com/search?q=ppt&type=code)<br>[pst](https://github.com/search?q=pst&type=code)<br>[xlsx](https://github.com/search?q=xlsx&type=code) |
+| MEDIUM | [exfil/stealer/creds](https://github.com/chainguard-dev/malcontent/blob/main/rules/exfil/stealer/creds.yara#suspected_data_stealer) | suspected data stealer | [Atomic](https://github.com/search?q=Atomic&type=code)<br>[Binance](https://github.com/search?q=Binance&type=code)<br>[Chrome](https://github.com/search?q=Chrome&type=code)<br>[Discord](https://github.com/search?q=Discord&type=code)<br>[Firefox](https://github.com/search?q=Firefox&type=code)<br>[History](https://github.com/search?q=History&type=code)<br>[OpenVPN](https://github.com/search?q=OpenVPN&type=code)<br>[Snowflake](https://github.com/search?q=Snowflake&type=code)<br>[Telegram](https://github.com/search?q=Telegram&type=code) |
+| MEDIUM | [exfil/upload](https://github.com/chainguard-dev/malcontent/blob/main/rules/exfil/upload.yara#file_io_uploader) | uploads content to file.io | [POST](https://github.com/search?q=POST&type=code)<br>[file.io](https://github.com/search?q=file.io&type=code)<br>[post](https://github.com/search?q=post&type=code) |
 | MEDIUM | [fs/file/copy](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-copy.yara#file_copy_cp) | copy files using cp | [cp](https://github.com/search?q=cp&type=code) |
 | MEDIUM | [fs/file/create](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-create.yara#CreateFile) | create a new file | [CreateFileProperty](https://github.com/search?q=CreateFileProperty&type=code) |
 | MEDIUM | [fs/file/delete](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-delete.yara#DeleteFile) | delete a file | [DeleteFile](https://github.com/search?q=DeleteFile&type=code) |
@@ -92,6 +91,7 @@
 | MEDIUM | [privesc/sudo](https://github.com/chainguard-dev/malcontent/blob/main/rules/privesc/sudo.yara#sudo) | calls sudo | [sudo](https://github.com/search?q=sudo&type=code) |
 | MEDIUM | [sus/intercept](https://github.com/chainguard-dev/malcontent/blob/main/rules/sus/intercept.yara#interceptor) | References interception | [intercepted](https://github.com/search?q=intercepted&type=code)<br>[interceptor](https://github.com/search?q=interceptor&type=code) |
 | MEDIUM | [sus/malicious](https://github.com/chainguard-dev/malcontent/blob/main/rules/sus/malicious.yara#malicious) | References 'malicious' | [other kinds of malicious content](https://github.com/search?q=other+kinds+of+malicious+content&type=code) |
+| LOW | [c2/addr/url](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/addr/url.yara#binary_with_url) | binary contains hardcoded URL | [http://169.254.169.254/latest/api/tokennonce](http://169.254.169.254/latest/api/tokennonce)<br>[http://169.254.169.254/latest/meta](http://169.254.169.254/latest/meta)<br>[http://169.254.169.254/latestProcessProviderExecutionErrorfailed](http://169.254.169.254/latestProcessProviderExecutionErrorfailed)<br>[http://169.254.169.254/metadata/identity/oauth2/token](http://169.254.169.254/metadata/identity/oauth2/token)<br>[http://169.254.169.254BalancerAttributes](http://169.254.169.254BalancerAttributes)<br>[http://169.254.170.2/redis](http://169.254.170.2/redis)<br>[http://169.254.170.2RequestLimitExceededinvalid](http://169.254.170.2RequestLimitExceededinvalid)<br>[http://Descriptionrelatively](http://Descriptionrelatively)<br>[http://according](http://according)<br>[http://addEventListenerresponsible](http://addEventListenerresponsible)<br>[http://applicationslink](http://applicationslink)<br>[http://chunkednosniffCreatedIM](http://chunkednosniffCreatedIM)<br>[http://dictionaryperceptionrevolutionfoundationpx](http://dictionaryperceptionrevolutionfoundationpx)<br>[http://earth.google.com/kml/2.0](http://earth.google.com/kml/2.0)<br>[http://earth.google.com/kml/2.1](http://earth.google.com/kml/2.1)<br>[http://earth.google.com/kml/2.2](http://earth.google.com/kml/2.2)<br>[http://encoding=](http://encoding=)<br>[http://familiar](http://familiar)<br>[http://google.com](http://google.com)<br>[http://html4/loose.dtd](http://html4/loose.dtd)<br>[http://imEnglish](http://imEnglish)<br>[http://interested](http://interested)<br>[http://interpreted](http://interpreted)<br>[http://iparticipation](http://iparticipation)<br>[http://localhost/truncate](http://localhost/truncate)<br>[http://mathematicsmargin](http://mathematicsmargin)<br>[http://metadata/computeMetadata/v1/instance/service](http://metadata/computeMetadata/v1/instance/service)<br>[http://navigation](http://navigation)<br>[http://ns.adobe.com/xfdf/](http://ns.adobe.com/xfdf/)<br>[http://ocsp.snowflakecomputing.comFailed](http://ocsp.snowflakecomputing.comFailed)<br>[http://portal.microsoftazure.de/https](http://portal.microsoftazure.de/https)<br>[http://s3.amazonaws.com/doc/2006](http://s3.amazonaws.com/doc/2006)<br>[http://schemas.microsoft.com/3dmanufacturing/core/2015/02](http://schemas.microsoft.com/3dmanufacturing/core/2015/02)<br>[http://site_name](http://site_name)<br>[http://staticsuggested](http://staticsuggested)<br>[http://www./div](http://www./div)<br>[http://www.C//DTD](http://www.C//DTD)<br>[http://www.collada.org/2005/11/COLLADASchema](http://www.collada.org/2005/11/COLLADASchema)<br>[http://www.garmin.com/xmlschemas/TrainingCenterDatabase/v2](http://www.garmin.com/xmlschemas/TrainingCenterDatabase/v2)<br>[http://www.hortcut](http://www.hortcut)<br>[http://www.icon](http://www.icon)<br>[http://www.interpretation](http://www.interpretation)<br>[http://www.language=](http://www.language=)<br>[http://www.opengis.net/gml/3.2](http://www.opengis.net/gml/3.2)<br>[http://www.opengis.net/gml/3.3/exr](http://www.opengis.net/gml/3.3/exr)<br>[http://www.opengis.net/kml/2.2](http://www.opengis.net/kml/2.2)<br>[http://www.style=](http://www.style=)<br>[http://www.text](http://www.text)<br>[http://www.topografix.com/GPX/1/1](http://www.topografix.com/GPX/1/1)<br>[http://www.w3.org/2000/svg](http://www.w3.org/2000/svg)<br>[http://www.w3.org/2001/XMLSchema](http://www.w3.org/2001/XMLSchema)<br>[http://www.w3.org/2002/07/owl](http://www.w3.org/2002/07/owl)<br>[http://www.w3.org/2005/Atom](http://www.w3.org/2005/Atom)<br>[http://www.w3.org/TR/2001/REC](http://www.w3.org/TR/2001/REC)<br>[http://www.w3.org/XML/1998/namespacexml](http://www.w3.org/XML/1998/namespacexml)<br>[http://www.w3.org/shortcut](http://www.w3.org/shortcut)<br>[http://www.wencodeURIComponent](http://www.wencodeURIComponent)<br>[http://www.years](http://www.years)<br>[https://a.klaviyo.com/api/profileshttps](https://a.klaviyo.com/api/profileshttps)<br>[https://accounts.google.com/o/oauth2/authhttps](https://accounts.google.com/o/oauth2/authhttps)<br>[https://amplitude.com/api/2/taxonomy/categoryhttps](https://amplitude.com/api/2/taxonomy/categoryhttps)<br>[https://anypoint.mulesoft.com/apiplatform/repository/v2/organizations/](https://anypoint.mulesoft.com/apiplatform/repository/v2/organizations/)<br>[https://anypointapi2cartapiflashBasic](https://anypointapi2cartapiflashBasic)<br>[https://api.abuseipdb.com/api/v2/check](https://api.abuseipdb.com/api/v2/check)<br>[https://api.abyssale.com/ready](https://api.abyssale.com/ready)<br>[https://api.adzuna.com](https://api.adzuna.com)<br>[https://api.aeroworkflow.com/api/unexpected](https://api.aeroworkflow.com/api/unexpected)<br>[https://api.agora.io/dev/v1/projectshttps](https://api.agora.io/dev/v1/projectshttps)<br>[https://api.airbrake.io/api/v4/projects/grant_type=client_credentials&client_id=ht](https://api.airbrake.io/api/v4/projects/grant_type=client_credentials&client_id=ht)<br>[https://api.airtable.com/v0/AWS](https://api.airtable.com/v0/AWS)<br>[https://api.airvisual.com/v2/countries](https://api.airvisual.com/v2/countries)<br>[https://api.aiven.io/v1/project](https://api.aiven.io/v1/project)<br>[https://api.alegra.com/api/v1/users](https://api.alegra.com/api/v1/users)<br>[https://api.aletheiaapi.com/StockData](https://api.aletheiaapi.com/StockData)<br>[https://api.ambeedata.com/latest/by](https://api.ambeedata.com/latest/by)<br>[https://api.anthropic.com/v1/messageshttps](https://api.anthropic.com/v1/messageshttps)<br>[https://api.api2cart.com/v1.1/account.cart.list.json](https://api.api2cart.com/v1.1/account.cart.list.json)<br>[https://api.apiflash.com/v1/urltoimage](https://api.apiflash.com/v1/urltoimage)<br>[https://api.apifonica.com/v2/accounts&my=true&offset=10&limit=99&desc](https://api.apifonica.com/v2/accounts&my=true&offset=10&limit=99&desc)<br>[https://api.apify.com/v2/acts](https://api.apify.com/v2/acts)<br>[https://api.apilayer.com/number_verification/countrieshttps](https://api.apilayer.com/number_verification/countrieshttps)<br>[https://api.apiscience.com/v1/monitorshttps](https://api.apiscience.com/v1/monitorshttps)<br>[https://api.apitemplate.io/v1/list](https://api.apitemplate.io/v1/list)<br>[https://api.app.shortcut.com/api/v3/member](https://api.app.shortcut.com/api/v3/member)<br>[https://api.appcues.com/v2/accounts/](https://api.appcues.com/v2/accounts/)<br>[https://api.appfollow.io/api/v2/account/usershttps](https://api.appfollow.io/api/v2/account/usershttps)<br>[https://api.appointedd.com/v1/availability/slots](https://api.appointedd.com/v1/availability/slots)<br>[https://api.appoptics.com/v1/metricshost](https://api.appoptics.com/v1/metricshost)<br>[https://api.apptivo.com/app/dao/v6/leads](https://api.apptivo.com/app/dao/v6/leads)<br>[https://api.artsy.net/api/tokens/xapp_token](https://api.artsy.net/api/tokens/xapp_token)<br>[https://api.assemblyai.com/v2/transcripthttps](https://api.assemblyai.com/v2/transcripthttps)<br>[https://api.atlassian.com/admin/v1/orgshttps](https://api.atlassian.com/admin/v1/orgshttps)<br>[https://api.audd.io/setCallbackUrl/](https://api.audd.io/setCallbackUrl/)<br>[https://api.autoklose.com/api/campaigns/](https://api.autoklose.com/api/campaigns/)<br>[https://api.avaza.com/api/Account.blob.core.windows.net/](https://api.avaza.com/api/Account.blob.core.windows.net/)<br>[https://api.aviationstack.com/v1/flights](https://api.aviationstack.com/v1/flights)<br>[https://api.aylien.com/news/stories](https://api.aylien.com/news/stories)<br>[https://api.bannerbear.com/v2/authhttps](https://api.bannerbear.com/v2/authhttps)<br>[https://api.baremetrics.com/v1/accounthttps](https://api.baremetrics.com/v1/accounthttps)<br>[https://api.bitbucket.org/2.0/repositoriesMake](https://api.bitbucket.org/2.0/repositoriesMake)<br>[https://api.blocknative.com/gasprices/blockpriceshttps](https://api.blocknative.com/gasprices/blockpriceshttps)<br>[https://api.bombbomb.com/v2/lists/https](https://api.bombbomb.com/v2/lists/https)<br>[https://api.borgbase.com/graphqlhttps](https://api.borgbase.com/graphqlhttps)<br>[https://api.brandfetch.io/v1/color](https://api.brandfetch.io/v1/color)<br>[https://api.browshot.com/api/v1/instance/list](https://api.browshot.com/api/v1/instance/list)<br>[https://api.bscscan.com/api](https://api.bscscan.com/api)<br>[https://api.bugsnag.com/user/organizations](https://api.bugsnag.com/user/organizations)<br>[https://api.buildkite.com/v2/access](https://api.buildkite.com/v2/access)<br>[https://api.bulksms.com/v1/messageshttps](https://api.bulksms.com/v1/messageshttps)<br>[https://api.buttercms.com/v2/posts/](https://api.buttercms.com/v2/posts/)<br>[https://api.calendly.com/users/mehttps](https://api.calendly.com/users/mehttps)<br>[https://api.calorieninjas.com/v1/nutrition](https://api.calorieninjas.com/v1/nutrition)<br>[https://api.capsulecrm.com/api/v2/usershttps](https://api.capsulecrm.com/api/v2/usershttps)<br>[https://api.captaindata.co/v2/https](https://api.captaindata.co/v2/https)<br>[https://api.cashboardapp.com/account.xmlhttps](https://api.cashboardapp.com/account.xmlhttps)<br>[https://api.centralstationcrm.net/api/users.jsonhttps](https://api.centralstationcrm.net/api/users.jsonhttps)<br>[https://api.chartmogul.com/v1/pinghttps](https://api.chartmogul.com/v1/pinghttps)<br>[https://api.chatbot.com/storieshttps](https://api.chatbot.com/storieshttps)<br>[https://api.chec.io/v1/categorieshttps](https://api.chec.io/v1/categorieshttps)<br>[https://api.chec.io/v1/products](https://api.chec.io/v1/products)<br>[https://api.checklyhq.com/v1/checks](https://api.checklyhq.com/v1/checks)<br>[https://api.clarifai.com/v2/inputshttps](https://api.clarifai.com/v2/inputshttps)<br>[https://api.clarifai.com/v2/users/mehttps](https://api.clarifai.com/v2/users/mehttps)<br>[https://api.clickup.com/api/v2/userhttps](https://api.clickup.com/api/v2/userhttps)<br>[https://api.cliengo.com/1.0/account](https://api.cliengo.com/1.0/account)<br>[https://api.clockify.me/api/v1/userhttps](https://api.clockify.me/api/v1/userhttps)<br>[https://api.close.com/api/v1/me/https](https://api.close.com/api/v1/me/https)<br>[https://api.cloudconvert.com/v2/users/mehttps](https://api.cloudconvert.com/v2/users/mehttps)<br>[https://api.cloudflare.com/client/v4/certificates](https://api.cloudflare.com/client/v4/certificates)<br>[https://api.cloudflare.com/client/v4/user/tokens/verify](https://api.cloudflare.com/client/v4/user/tokens/verify)<br>[https://api.cloudflare.com/client/v4/userhttps](https://api.cloudflare.com/client/v4/userhttps)<br>[https://api.cloudimage.com/invalidatehttps](https://api.cloudimage.com/invalidatehttps)<br>[https://api.cloudmersive.com/validate/address/parsehttps](https://api.cloudmersive.com/validate/address/parsehttps)<br>[https://api.cloudplan.biz/api/user/me](https://api.cloudplan.biz/api/user/me)<br>[https://api.cloudsmith.io/v1/user/self/https](https://api.cloudsmith.io/v1/user/self/https)<br>[https://api.cloverly.com/2019](https://api.cloverly.com/2019)<br>[https://api.cloze.com/v1/profile](https://api.cloze.com/v1/profile)<br>[https://api.codeclimate.com/v1/userhttps](https://api.codeclimate.com/v1/userhttps)<br>[https://api.codemagic.io/appsunexpected](https://api.codemagic.io/appsunexpected)<br>[https://api.coinbase.com/v2/userhttps](https://api.coinbase.com/v2/userhttps)<br>[https://api.coinlayer.com/api/livelive](https://api.coinlayer.com/api/livelive)<br>[https://api.column.com/entities](https://api.column.com/entities)<br>[https://api.companyhub.com/v1/me](https://api.companyhub.com/v1/me)<br>[https://api.confluent.cloud/iam/v2/api](https://api.confluent.cloud/iam/v2/api)<br>[https://api.contentful.com/organizationshttps](https://api.contentful.com/organizationshttps)<br>[https://api.conversiontools.io/v1/taskshttps](https://api.conversiontools.io/v1/taskshttps)<br>[https://api.convertkit.com/v3/forms](https://api.convertkit.com/v3/forms)<br>[https://api.copper.com/developer_api/v1/tasks/searchhttps](https://api.copper.com/developer_api/v1/tasks/searchhttps)<br>[https://api.countrylayer.com/v2/all](https://api.countrylayer.com/v2/all)<br>[https://api.courier.com/preferences](https://api.courier.com/preferences)<br>[https://api.craftmypdf.com/v1/get](https://api.craftmypdf.com/v1/get)<br>[https://api.crowdin.com/api/v2/storageshttps](https://api.crowdin.com/api/v2/storageshttps)<br>[https://api.currencyfreaks.com/latest](https://api.currencyfreaks.com/latest)<br>[https://api.currencylayer.com/live](https://api.currencylayer.com/live)<br>[https://api.currencyscoop.com/v1/latest](https://api.currencyscoop.com/v1/latest)<br>[https://api.currentsapi.services/v1/latest](https://api.currentsapi.services/v1/latest)<br>[https://api.dandelion.eu/datatxt/li/v1/](https://api.dandelion.eu/datatxt/li/v1/)<br>[https://api.dareboost.com/0.8/confighttps](https://api.dareboost.com/0.8/confighttps)<br>[https://api.datadoghq.comhttps](https://api.datadoghq.comhttps)<br>[https://api.deepai.org/api/text](https://api.deepai.org/api/text)<br>[https://api.deepgram.com/v1/projects](https://api.deepgram.com/v1/projects)<br>[https://api.delighted.com/v1/people.jsonapplication/vnd.docusign](https://api.delighted.com/v1/people.jsonapplication/vnd.docusign)<br>[https://api.deno.com/user](https://api.deno.com/user)<br>[https://api.detectify.com/rest/v2/assets/https](https://api.detectify.com/rest/v2/assets/https)<br>[https://api.developer.coinbase.com/waas/pools/protoc](https://api.developer.coinbase.com/waas/pools/protoc)<br>[https://api.developer.coinbase.com/waas/poolsquery](https://api.developer.coinbase.com/waas/poolsquery)<br>[https://api.diffbot.com/v4/account](https://api.diffbot.com/v4/account)<br>[https://api.digitalocean.com/v2/accounthttps](https://api.digitalocean.com/v2/accounthttps)<br>[https://api.dittowords.com/variantshttps](https://api.dittowords.com/variantshttps)<br>[https://api.docparser.com/v1/parsers](https://api.docparser.com/v1/parsers)<br>[https://api.documo.com/v1/me](https://api.documo.com/v1/me)<br>[https://api.doppler.com/v3/mehttps](https://api.doppler.com/v3/mehttps)<br>[https://api.dovico.com/Employees/](https://api.dovico.com/Employees/)<br>[https://api.dropboxapi.com/2/users/get_current_account](https://api.dropboxapi.com/2/users/get_current_account)<br>[https://api.dyspatch.io/templateshttps](https://api.dyspatch.io/templateshttps)<br>[https://api.ecostruxureit.com/rest/v1/organizationshttps](https://api.ecostruxureit.com/rest/v1/organizationshttps)<br>[https://api.edamam.com/auto](https://api.edamam.com/auto)<br>[https://api.edenai.run/v1/automl/text/projecthttps](https://api.edenai.run/v1/automl/text/projecthttps)<br>[https://api.elasticemail.com/v2/account/profileoverview](https://api.elasticemail.com/v2/account/profileoverview)<br>[https://api.elevenlabs.io/v1/user](https://api.elevenlabs.io/v1/user)<br>[https://api.enablex.io/voice/v1/call/api/access](https://api.enablex.io/voice/v1/call/api/access)<br>[https://api.endorlabs.com/v1/auth/api](https://api.endorlabs.com/v1/auth/api)<br>[https://api.enigma.com/businesses/matchhttps](https://api.enigma.com/businesses/matchhttps)<br>[https://api.envoy.com/v1/locations](https://api.envoy.com/v1/locations)<br>[https://api.ers.usda.gov/data/arms/state](https://api.ers.usda.gov/data/arms/state)<br>[https://api.etherscan.io/api](https://api.etherscan.io/api)<br>[https://api.eu.newrelic.com/v2/users.jsonapplication/vnd.onesignal](https://api.eu.newrelic.com/v2/users.jsonapplication/vnd.onesignal)<br>[https://api.eu.sendgrid.comtag](https://api.eu.sendgrid.comtag)<br>[https://api.everhour.com/clientshttps](https://api.everhour.com/clientshttps)<br>[https://api.exchangeratesapi.io/v1/latest](https://api.exchangeratesapi.io/v1/latest)<br>[https://api.exportsdk.com/v1/pdfhttps](https://api.exportsdk.com/v1/pdfhttps)<br>[https://api.fastforex.io/fetch](https://api.fastforex.io/fetch)<br>[https://api.fastly.com/current_userhttps](https://api.fastly.com/current_userhttps)<br>[https://api.feedier.com/v1/carriers](https://api.feedier.com/v1/carriers)<br>[https://api.figma.com/v1/me](https://api.figma.com/v1/me)<br>[https://api.finage.co.uk/symbol](https://api.finage.co.uk/symbol)<br>[https://api.findl.com/v1.0/query](https://api.findl.com/v1.0/query)<br>[https://api.flat.io/v2/meapplication](https://api.flat.io/v2/meapplication)<br>[https://api.fleetbase.io/v1/contacts/](https://api.fleetbase.io/v1/contacts/)<br>[https://api.flightapi.io/iata/](https://api.flightapi.io/iata/)<br>[https://api.flightstats.com/flex/aircraft/rest/v1/json/availableFields](https://api.flightstats.com/flex/aircraft/rest/v1/json/availableFields)<br>[https://api.float.com/v3/people](https://api.float.com/v3/people)<br>[https://api.flutterwave.com/v3/subaccountshttps](https://api.flutterwave.com/v3/subaccountshttps)<br>[https://api.fmfw.io/api/3/spot/balancegithub](https://api.fmfw.io/api/3/spot/balancegithub)<br>[https://api.foursquare.com/v2/venues/trending](https://api.foursquare.com/v2/venues/trending)<br>[https://api.frame.io/v2/mehttps](https://api.frame.io/v2/mehttps)<br>[https://api.fulcrumapp.com/api/v2/forms.jsonhttps](https://api.fulcrumapp.com/api/v2/forms.jsonhttps)<br>[https://api.fullstory.com/operations/v1https](https://api.fullstory.com/operations/v1https)<br>[https://api.fullstory.com/v2/users](https://api.fullstory.com/v2/users)<br>[https://api.geckoboard.com/](https://api.geckoboard.com/)<br>[https://api.gemini.com/v1/accounthttps](https://api.gemini.com/v1/accounthttps)<br>[https://api.gengo.com/v2/account/me](https://api.gengo.com/v2/account/me)<br>[https://api.geoapify.com/v1/geocode/search](https://api.geoapify.com/v1/geocode/search)<br>[https://api.geocod.io/v1.6/geocode](https://api.geocod.io/v1.6/geocode)<br>[https://api.geocodify.com/v2/geocode](https://api.geocodify.com/v2/geocode)<br>[https://api.getbeamer.com/v0/url](https://api.getbeamer.com/v0/url)<br>[https://api.getgeoapi.com/v2/currency/list](https://api.getgeoapi.com/v2/currency/list)<br>[https://api.getgist.com/contacts/](https://api.getgist.com/contacts/)<br>[https://api.getpostman.com/collections/0/ch1/0/](https://api.getpostman.com/collections/0/ch1/0/)<br>[https://api.getpostman.com/environments/](https://api.getpostman.com/environments/)<br>[https://api.getpostman.com/meaccess_settings.activity.readmail_settings.template.updatesuppression.spam_reports.readsuppression.unsubscribes.readtracking_settings.open.updateuser](https://api.getpostman.com/meaccess_settings.activity.readmail_settings.template.updatesuppression.spam_reports.readsuppression.unsubscribes.readtracking_settings.open.updateuser)<br>[https://api.getpostman.com/workspaces/](https://api.getpostman.com/workspaces/)<br>[https://api.getpostman.com/workspacestracking_settings.subscription.updateworkflows.triggers.permissions.removehttps](https://api.getpostman.com/workspacestracking_settings.subscription.updateworkflows.triggers.permissions.removehttps)<br>[https://api.getresponse.com/v3/accountshttps](https://api.getresponse.com/v3/accountshttps)<br>[https://api.github.com/2006](https://api.github.com/2006)<br>[https://api.github.com/apphttps](https://api.github.com/apphttps)<br>[https://api.github.com/graphqlfailed](https://api.github.com/graphqlfailed)<br>[https://api.github.com/repos/exec](https://api.github.com/repos/exec)<br>[https://api.github.com/user/interaction](https://api.github.com/user/interaction)<br>[https://api.github.com/user/social_accountssql](https://api.github.com/user/social_accountssql)<br>[https://api.github.comInclude](https://api.github.comInclude)<br>[https://api.gitter.im/v1/user/me](https://api.gitter.im/v1/user/me)<br>[https://api.glassnode.com/v1/metrics/indicators/sopr](https://api.glassnode.com/v1/metrics/indicators/sopr)<br>[https://api.gocardless.com/customers/](https://api.gocardless.com/customers/)<br>[https://api.goodday.work/2.0/users](https://api.goodday.work/2.0/users)<br>[https://api.groovehq.com/v1/meexpected](https://api.groovehq.com/v1/meexpected)<br>[https://api.groq.com/openai/v1/models](https://api.groq.com/openai/v1/models)<br>[https://api.gumroad.com/v2/products](https://api.gumroad.com/v2/products)<br>[https://api.gyazo.com/api/images](https://api.gyazo.com/api/images)<br>[https://api.harvestapp.com/v2/users/me](https://api.harvestapp.com/v2/users/me)<br>[https://api.hellosign.com/v3/accounthttps](https://api.hellosign.com/v3/accounthttps)<br>[https://api.helpcrunch.com/v1/departmentshttps](https://api.helpcrunch.com/v1/departmentshttps)<br>[https://api.heroku.com/apps](https://api.heroku.com/apps)<br>[https://api.holistic.dev/api/v1/projecthttps](https://api.holistic.dev/api/v1/projecthttps)<br>[https://api.honeycomb.io/1/authhttps](https://api.honeycomb.io/1/authhttps)<br>[https://api.html2pdf.app/v1/generatehttps](https://api.html2pdf.app/v1/generatehttps)<br>[https://api.hubapi.com/contacts/v1/lists](https://api.hubapi.com/contacts/v1/lists)<br>[https://api.hunter.io/v2/leads_lists](https://api.hunter.io/v2/leads_lists)<br>[https://api.hybiscus.dev/api/v1/get](https://api.hybiscus.dev/api/v1/get)<br>[https://api.iconfinder.com/v4/iconsetslogin](https://api.iconfinder.com/v4/iconsetslogin)<br>[https://api.imagekit.io/v1/fileshttps](https://api.imagekit.io/v1/fileshttps)<br>[https://api.imagga.com/v2/usagehttps](https://api.imagga.com/v2/usagehttps)<br>[https://api.instabot.io/v1spring.datasource.password](https://api.instabot.io/v1spring.datasource.password)<br>[https://api.instamojo.com/oauth2/token/https](https://api.instamojo.com/oauth2/token/https)<br>[https://api.intercom.io/contacts](https://api.intercom.io/contacts)<br>[https://api.intra.42.fr/oauth/token](https://api.intra.42.fr/oauth/token)<br>[https://api.ip2location.io/](https://api.ip2location.io/)<br>[https://api.ipapi.com/49.146.239.251](https://api.ipapi.com/49.146.239.251)<br>[https://api.ipgeolocation.io/ipgeo](https://api.ipgeolocation.io/ipgeo)<br>[https://api.ipinfodb.com/v3/ip](https://api.ipinfodb.com/v3/ip)<br>[https://api.ipstack.com/134.201.250.155](https://api.ipstack.com/134.201.250.155)<br>[https://api.jotform.com/user](https://api.jotform.com/user)<br>[https://api.juro.com/v3/templates](https://api.juro.com/v3/templates)<br>[https://api.keen.io/3.0/organizations/](https://api.keen.io/3.0/organizations/)<br>[https://api.kickbox.com/v2/verify](https://api.kickbox.com/v2/verify)<br>[https://api.knapsackpro.com/v1/builds](https://api.knapsackpro.com/v1/builds)<br>[https://api.kraken.com/0/private/Balanceapplication/vnd.loadmill](https://api.kraken.com/0/private/Balanceapplication/vnd.loadmill)<br>[https://api.kucoin.com](https://api.kucoin.com)<br>[https://api.kylas.io/v1/contactshttps](https://api.kylas.io/v1/contactshttps)<br>[https://api.languagelayer.com/languages](https://api.languagelayer.com/languages)<br>[https://api.leadfeeder.com/accountsunexpected](https://api.leadfeeder.com/accountsunexpected)<br>[https://api.lemlist.com/api/teamhttps](https://api.lemlist.com/api/teamhttps)<br>[https://api.lemonsqueezy.com/v1/products/](https://api.lemonsqueezy.com/v1/products/)<br>[https://api.lessannoyingcrm.com](https://api.lessannoyingcrm.com)<br>[https://api.lexigram.io/v1/lexigraph/search](https://api.lexigram.io/v1/lexigraph/search)<br>[https://api.linear.app/graphqlhttps](https://api.linear.app/graphqlhttps)<br>[https://api.linkpreview.net/](https://api.linkpreview.net/)<br>[https://api.livestorm.co/v1/ping](https://api.livestorm.co/v1/ping)<br>[https://api.loganalytics.iohttps](https://api.loganalytics.iohttps)<br>[https://api.loganalytics.usservicebus.chinacloudapi.cndocuments.microsoftazure.denot](https://api.loganalytics.usservicebus.chinacloudapi.cndocuments.microsoftazure.denot)<br>[https://api.loginradius.com/identity/v2/serverinfo](https://api.loginradius.com/identity/v2/serverinfo)<br>[https://api.logz.io/v2/whoami](https://api.logz.io/v2/whoami)<br>[https://api.lokalise.com/api2/system/languages](https://api.lokalise.com/api2/system/languages)<br>[https://api.loyverse.com/v1.0/merchant/https](https://api.loyverse.com/v1.0/merchant/https)<br>[https://api.luno.com/api/1/balancehttps](https://api.luno.com/api/1/balancehttps)<br>[https://api.madkudu.com/v1/pinghttps](https://api.madkudu.com/v1/pinghttps)<br>[https://api.magicbell.com/notification_preferenceshttps](https://api.magicbell.com/notification_preferenceshttps)<br>[https://api.mailerlite.com/api/v2/campaigns](https://api.mailerlite.com/api/v2/campaigns)<br>[https://api.mailgun.net/v3/domainshttps](https://api.mailgun.net/v3/domainshttps)<br>[https://api.mailgun.net/v4/domainstracking_settings.google_analyticsmail_settings.plain_content.updatetemplates.versions.activate.createtemplates.versions.activate.deletetemplates](https://api.mailgun.net/v4/domainstracking_settings.google_analyticsmail_settings.plain_content.updatetemplates.versions.activate.createtemplates.versions.activate.deletetemplates)<br>[https://api.mailjet.com/v3/REST/messagehttps](https://api.mailjet.com/v3/REST/messagehttps)<br>[https://api.mailjet.com/v4/sms](https://api.mailjet.com/v4/sms)<br>[https://api.mailmodo.com/api/v1/campaigns](https://api.mailmodo.com/api/v1/campaigns)<br>[https://api.mapbox.com/tokens/v2/](https://api.mapbox.com/tokens/v2/)<br>[https://api.marketstack.com/v1/eod](https://api.marketstack.com/v1/eod)<br>[https://api.mavenlink.com/api/v1/workspaces.jsonhttps](https://api.mavenlink.com/api/v1/workspaces.jsonhttps)<br>[https://api.meaningcloud.com/lang](https://api.meaningcloud.com/lang)<br>[https://api.mediastack.com/v1/news](https://api.mediastack.com/v1/news)<br>[https://api.mesibo.com/api.php](https://api.mesibo.com/api.php)<br>[https://api.meta](https://api.meta)<br>[https://api.miro.com/v1/users/mehttps](https://api.miro.com/v1/users/mehttps)<br>[https://api.mixmax.com/v1/users/meNvidia](https://api.mixmax.com/v1/users/meNvidia)<br>[https://api.mockaroo.com/api/types](https://api.mockaroo.com/api/types)<br>[https://api.monday.com/v2](https://api.monday.com/v2)<br>[https://api.monkeylearn.com/v3/classifiers](https://api.monkeylearn.com/v3/classifiers)<br>[https://api.moonclerk.com/forms](https://api.moonclerk.com/forms)<br>[https://api.moosend.com/v3/lists.json](https://api.moosend.com/v3/lists.json)<br>[https://api.mux.com/video/v1/assetshttps](https://api.mux.com/video/v1/assetshttps)<br>[https://api.myintervals.com/client/https](https://api.myintervals.com/client/https)<br>[https://api.na1.insightly.com/v3.1/Contacts](https://api.na1.insightly.com/v3.1/Contacts)<br>[https://api.netlify.com/api/v1/siteshttps](https://api.netlify.com/api/v1/siteshttps)<br>[https://api.newrelic.com/v2/users.json](https://api.newrelic.com/v2/users.json)<br>[https://api.newscatcherapi.com/v2/search](https://api.newscatcherapi.com/v2/search)<br>[https://api.nftport.xyz/me/contractshttps](https://api.nftport.xyz/me/contractshttps)<br>[https://api.ngc.nvidia.com/v3/keys/get](https://api.ngc.nvidia.com/v3/keys/get)<br>[https://api.ngrok.com/agent_ingressesapplication/vnd.nylas](https://api.ngrok.com/agent_ingressesapplication/vnd.nylas)<br>[https://api.nicereply.com/v1/users/statshttps](https://api.nicereply.com/v1/users/statshttps)<br>[https://api.nightfall.ai/v3/uploadhttps](https://api.nightfall.ai/v3/uploadhttps)<br>[https://api.noticeable.io/graphql](https://api.noticeable.io/graphql)<br>[https://api.notion.com/v1/usershttps](https://api.notion.com/v1/usershttps)<br>[https://api.nylas.com/account](https://api.nylas.com/account)<br>[https://api.omnisend.com/v3/contacts](https://api.omnisend.com/v3/contacts)<br>[https://api.oopspam.com/v1/spamdetectionhttps](https://api.oopspam.com/v1/spamdetectionhttps)<br>[https://api.openai.com/v1/assistantsmail_settings.address_whitelist.readuser.multifactor_authentication.readadmin.conversations.convertToPrivateadmin.conversations.disconnectSharedadmin](https://api.openai.com/v1/assistantsmail_settings.address_whitelist.readuser.multifactor_authentication.readadmin.conversations.convertToPrivateadmin.conversations.disconnectSharedadmin)<br>[https://api.openai.com/v1/filesmail_settings.address_whitelistuser.multifactor_authenticationmail_settings.bounce_purge.readmail_settings.forward_spam.readpartner_settings](https://api.openai.com/v1/filesmail_settings.address_whitelistuser.multifactor_authenticationmail_settings.bounce_purge.readmail_settings.forward_spam.readpartner_settings)<br>[https://api.openai.com/v1/fine_tuning/jobsfailed](https://api.openai.com/v1/fine_tuning/jobsfailed)<br>[https://api.openai.com/v1/images/generations](https://api.openai.com/v1/images/generations)<br>[https://api.openai.com/v1/me](https://api.openai.com/v1/me)<br>[https://api.openai.com/v1/modelsuser.scheduled_sends](https://api.openai.com/v1/modelsuser.scheduled_sends)<br>[https://api.openai.com/v1/organizationsfailed](https://api.openai.com/v1/organizationsfailed)<br>[https://api.openai.com/v1/threads/1error](https://api.openai.com/v1/threads/1error)<br>[https://api.openai.com/v1/threadshttps](https://api.openai.com/v1/threadshttps)<br>[https://api.opencagedata.com/geocode/v1/json](https://api.opencagedata.com/geocode/v1/json)<br>[https://api.openuv.io/api/v1/uv](https://api.openuv.io/api/v1/uv)<br>[https://api.openweathermap.org/data/2.5/weather](https://api.openweathermap.org/data/2.5/weather)<br>[https://api.opsgenie.com/v2/account](https://api.opsgenie.com/v2/account)<br>[https://api.opsgenie.com/v2/alerts/](https://api.opsgenie.com/v2/alerts/)<br>[https://api.opsgenie.com/v2/users](https://api.opsgenie.com/v2/users)<br>[https://api.optimizely.com/v2/projectsapplication/vnd.planyo](https://api.optimizely.com/v2/projectsapplication/vnd.planyo)<br>[https://api.overloop.com/public/v1/usersapplication/vnd.pagerduty](https://api.overloop.com/public/v1/usersapplication/vnd.pagerduty)<br>[https://api.pagar.me/1/balance](https://api.pagar.me/1/balance)<br>[https://api.pagerduty.com/usershttps](https://api.pagerduty.com/usershttps)<br>[https://api.pandadoc.com/public/v1/documentshttps](https://api.pandadoc.com/public/v1/documentshttps)<br>[https://api.pandascore.co/videogames](https://api.pandascore.co/videogames)<br>[https://api.paperform.co/v1/formshttps](https://api.paperform.co/v1/formshttps)<br>[https://api.parsers.dev/api/v1/parse/postgresql/https](https://api.parsers.dev/api/v1/parse/postgresql/https)<br>[https://api.parseur.com/postgresql](https://api.parseur.com/postgresql)<br>[https://api.partnerstack.com/api/v2/partnershipshttps](https://api.partnerstack.com/api/v2/partnershipshttps)<br>[https://api.paymongo.com/v1/payment_methodshttps](https://api.paymongo.com/v1/payment_methodshttps)<br>[https://api.paystack.co/customerhttps](https://api.paystack.co/customerhttps)<br>[https://api.pdflayer.com/api/convert](https://api.pdflayer.com/api/convert)<br>[https://api.pdfshift.io/v3/credits/usagehttps](https://api.pdfshift.io/v3/credits/usagehttps)<br>[https://api.peopledatalabs.com/v5/person/enrich](https://api.peopledatalabs.com/v5/person/enrich)<br>[https://api.pepipost.com/v5.1/domain/getDomains](https://api.pepipost.com/v5.1/domain/getDomains)<br>[https://api.pinata.cloud/pinning/pinJSONToIPFS](https://api.pinata.cloud/pinning/pinJSONToIPFS)<br>[https://api.pipedream.com/v1/users/mehttps](https://api.pipedream.com/v1/users/mehttps)<br>[https://api.planetscale.com/v1/organizationshttps](https://api.planetscale.com/v1/organizationshttps)<br>[https://api.plivo.com/v1/Account/](https://api.plivo.com/v1/Account/)<br>[https://api.podio.com/user](https://api.podio.com/user)<br>[https://api.pollsapi.com/v1/get/polls](https://api.pollsapi.com/v1/get/polls)<br>[https://api.polygon.io/v2/reference/locales](https://api.polygon.io/v2/reference/locales)<br>[https://api.positionstack.com/v1/forward](https://api.positionstack.com/v1/forward)<br>[https://api.postageapp.com/v.1.0/get_account_info.json](https://api.postageapp.com/v.1.0/get_account_info.json)<br>[https://api.postbacks.io/v1/requestPostbackhttps](https://api.postbacks.io/v1/requestPostbackhttps)<br>[https://api.postmarkapp.com/deliverystatshttps](https://api.postmarkapp.com/deliverystatshttps)<br>[https://api.prefect.cloud/auth/loginInclude](https://api.prefect.cloud/auth/loginInclude)<br>[https://api.privacy.com/v1/card](https://api.privacy.com/v1/card)<br>[https://api.prodpad.com/v1/tagshttps](https://api.prodpad.com/v1/tagshttps)<br>[https://api.proxycrawl.com/leads](https://api.proxycrawl.com/leads)<br>[https://api.pulumi.com/api/user/stackshttps](https://api.pulumi.com/api/user/stackshttps)<br>[https://api.pushbullet.com/v2/users/mehttps](https://api.pushbullet.com/v2/users/mehttps)<br>[https://api.qase.io/v1/user](https://api.qase.io/v1/user)<br>[https://api.qualaroo.com/api/v1/nudgeshttps](https://api.qualaroo.com/api/v1/nudgeshttps)<br>[https://api.ramp.com/developer/v1/tokenhttps](https://api.ramp.com/developer/v1/tokenhttps)<br>[https://api.rawg.io/api/platforms](https://api.rawg.io/api/platforms)<br>[https://api.razorpay.com/v1/items](https://api.razorpay.com/v1/items)<br>[https://api.rebrandly.com/v1/accounthttps](https://api.rebrandly.com/v1/accounthttps)<br>[https://api.rechargeapps.com/token_information&url=https](https://api.rechargeapps.com/token_information&url=https)<br>[https://api.refiner.io/v1/identify](https://api.refiner.io/v1/identify)<br>[https://api.rentman.net/filesAPI](https://api.rentman.net/filesAPI)<br>[https://api.replicate.com/v1/predictionshttps](https://api.replicate.com/v1/predictionshttps)<br>[https://api.reply.io/v1/peoplehttps](https://api.reply.io/v1/peoplehttps)<br>[https://api.request.finance/invoiceshttps](https://api.request.finance/invoiceshttps)<br>[https://api.ritekit.com/v1/stats/multiple](https://api.ritekit.com/v1/stats/multiple)<br>[https://api.roaring.io/token](https://api.roaring.io/token)<br>[https://api.rocketreach.co/v2/api/accountapplication/vnd.semaphore](https://api.rocketreach.co/v2/api/accountapplication/vnd.semaphore)<br>[https://api.route4me.com/api.v4/address_book.php](https://api.route4me.com/api.v4/address_book.php)<br>[https://api.rownd.io/applications/https](https://api.rownd.io/applications/https)<br>[https://api.rs2.usw2.rockset.com/v1/orgs/self/querieshttps](https://api.rs2.usw2.rockset.com/v1/orgs/self/querieshttps)<br>[https://api.runscope.com/accounthttps](https://api.runscope.com/accounthttps)<br>[https://api.salesflare.com/me/contacts](https://api.salesflare.com/me/contacts)<br>[https://api.sandbox.checkout.com/customers/https](https://api.sandbox.checkout.com/customers/https)<br>[https://api.sandbox.signaturit.com/v3/signatures.jsonhttps](https://api.sandbox.signaturit.com/v3/signatures.jsonhttps)<br>[https://api.scaleway.com/instance/v1/zones/fr](https://api.scaleway.com/instance/v1/zones/fr)<br>[https://api.scrapeowl.com/v1/scrape](https://api.scrapeowl.com/v1/scrape)<br>[https://api.scraperapi.com](https://api.scraperapi.com)<br>[https://api.scraperbox.com/scrape](https://api.scraperbox.com/scrape)<br>[https://api.scrapestack.com/scrape](https://api.scrapestack.com/scrape)<br>[https://api.scrapfly.io/scrape](https://api.scrapfly.io/scrape)<br>[https://api.scrapingant.com/v1/general](https://api.scrapingant.com/v1/general)<br>[https://api.screenshotlayer.com/api/capture](https://api.screenshotlayer.com/api/capture)<br>[https://api.securitytrails.com/v1/pinghttps](https://api.securitytrails.com/v1/pinghttps)<br>[https://api.semaphore.co/api/v4/account](https://api.semaphore.co/api/v4/account)<br>[https://api.sendgrid.com/v3/scopesfailed](https://api.sendgrid.com/v3/scopesfailed)<br>[https://api.sendgrid.comShopify](https://api.sendgrid.comShopify)<br>[https://api.sendinblue.com/v3/account](https://api.sendinblue.com/v3/account)<br>[https://api.serphouse.com/account/info](https://api.serphouse.com/account/info)<br>[https://api.serpstack.com/search](https://api.serpstack.com/search)<br>[https://api.sheety.co/](https://api.sheety.co/)<br>[https://api.sherpadesk.com/organizations/https](https://api.sherpadesk.com/organizations/https)<br>[https://api.shipday.com/carriers](https://api.shipday.com/carriers)<br>[https://api.shodan.io/api](https://api.shodan.io/api)<br>[https://api.shotstack.io/stage/renderhttps](https://api.shotstack.io/stage/renderhttps)<br>[https://api.shutterstock.com/v2/images/searchhttps](https://api.shutterstock.com/v2/images/searchhttps)<br>[https://api.shutterstock.com/v2/userhelper](https://api.shutterstock.com/v2/userhelper)<br>[https://api.signable.co.uk/v1/templates](https://api.signable.co.uk/v1/templates)<br>[https://api.signupgenius.com/v2/k/user/profile/](https://api.signupgenius.com/v2/k/user/profile/)<br>[https://api.sigopt.com/v1/experimentshttps](https://api.sigopt.com/v1/experimentshttps)<br>[https://api.simplesat.io/api/answers/](https://api.simplesat.io/api/answers/)<br>[https://api.simplynoted.com/api/productsfakeTruffleHogAccessTokenForVerificationhttps](https://api.simplynoted.com/api/productsfakeTruffleHogAccessTokenForVerificationhttps)<br>[https://api.sirv.com/v2/tokenSlack](https://api.sirv.com/v2/tokenSlack)<br>[https://api.siteleaf.com/v2/siteshttps](https://api.siteleaf.com/v2/siteshttps)<br>[https://api.skrapp.io/api/v2/accounthttps](https://api.skrapp.io/api/v2/accounthttps)<br>[https://api.skybiometry.com/fc/account/authenticate](https://api.skybiometry.com/fc/account/authenticate)<br>[https://api.smartsheet.com/2.0/sheetshttps](https://api.smartsheet.com/2.0/sheetshttps)<br>[https://api.smooch.io/v2/appsunable](https://api.smooch.io/v2/appsunable)<br>[https://api.speechtext.ai/recognize](https://api.speechtext.ai/recognize)<br>[https://api.spoonacular.com/recipes/random](https://api.spoonacular.com/recipes/random)<br>[https://api.squarespace.com/1.0/profiles](https://api.squarespace.com/1.0/profiles)<br>[https://api.statuscake.com/v1/sslhttps](https://api.statuscake.com/v1/sslhttps)<br>[https://api.statuspage.io/v1/pageshttps](https://api.statuspage.io/v1/pageshttps)<br>[https://api.stitchdata.com/v4/sourceshttps](https://api.stitchdata.com/v4/sourceshttps)<br>[https://api.stockdata.org/v1/data/quote](https://api.stockdata.org/v1/data/quote)<br>[https://api.storecove.com/api/v2/discovery/identifiershttps](https://api.storecove.com/api/v2/discovery/identifiershttps)<br>[https://api.stormboard.com/users/profileapplication/vnd.timecamp](https://api.stormboard.com/users/profileapplication/vnd.timecamp)<br>[https://api.stormglass.io/v2/weather/point](https://api.stormglass.io/v2/weather/point)<br>[https://api.storyblok.com/v1/cdn/spaces/me/](https://api.storyblok.com/v1/cdn/spaces/me/)<br>[https://api.storychief.io/1.0/users](https://api.storychief.io/1.0/users)<br>[https://api.stripe.com/v1/account/login_links](https://api.stripe.com/v1/account/login_links)<br>[https://api.stripe.com/v1/account_links](https://api.stripe.com/v1/account_links)<br>[https://api.stripe.com/v1/apple_pay/domains](https://api.stripe.com/v1/apple_pay/domains)<br>[https://api.stripe.com/v1/application_fees/nowaythiscanexist/refunds](https://api.stripe.com/v1/application_fees/nowaythiscanexist/refunds)<br>[https://api.stripe.com/v1/balance](https://api.stripe.com/v1/balance)<br>[https://api.stripe.com/v1/billing/meter_event_adjustments](https://api.stripe.com/v1/billing/meter_event_adjustments)<br>[https://api.stripe.com/v1/billing/meter_events](https://api.stripe.com/v1/billing/meter_events)<br>[https://api.stripe.com/v1/billing/meters/nowaythiscanexist/event_summaries](https://api.stripe.com/v1/billing/meters/nowaythiscanexist/event_summaries)<br>[https://api.stripe.com/v1/billing_portal/sessions](https://api.stripe.com/v1/billing_portal/sessions)<br>[https://api.stripe.com/v1/chargesx509](https://api.stripe.com/v1/chargesx509)<br>[https://api.stripe.com/v1/checkout/sessions](https://api.stripe.com/v1/checkout/sessions)<br>[https://api.stripe.com/v1/climate/orders](https://api.stripe.com/v1/climate/orders)<br>[https://api.stripe.com/v1/confirmation_tokens/nowaythiscanexist](https://api.stripe.com/v1/confirmation_tokens/nowaythiscanexist)<br>[https://api.stripe.com/v1/coupons](https://api.stripe.com/v1/coupons)<br>[https://api.stripe.com/v1/credit_notes/nowaythiscanexsit](https://api.stripe.com/v1/credit_notes/nowaythiscanexsit)<br>[https://api.stripe.com/v1/customer_sessions](https://api.stripe.com/v1/customer_sessions)<br>[https://api.stripe.com/v1/customers/nowaythiscanexist](https://api.stripe.com/v1/customers/nowaythiscanexist)<br>[https://api.stripe.com/v1/disputes/nowaycanthisexist](https://api.stripe.com/v1/disputes/nowaycanthisexist)<br>[https://api.stripe.com/v1/ephemeral_keys](https://api.stripe.com/v1/ephemeral_keys)<br>[https://api.stripe.com/v1/events](https://api.stripe.com/v1/events)<br>[https://api.stripe.com/v1/files](https://api.stripe.com/v1/files)<br>[https://api.stripe.com/v1/identity/verification_sessions](https://api.stripe.com/v1/identity/verification_sessions)<br>[https://api.stripe.com/v1/invoices](https://api.stripe.com/v1/invoices)<br>[https://api.stripe.com/v1/issuing/authorizations/nowaythiscanexist](https://api.stripe.com/v1/issuing/authorizations/nowaythiscanexist)<br>[https://api.stripe.com/v1/issuing/cardholders/nowaythiscanexist](https://api.stripe.com/v1/issuing/cardholders/nowaythiscanexist)<br>[https://api.stripe.com/v1/issuing/cards/nowaythiscanexist](https://api.stripe.com/v1/issuing/cards/nowaythiscanexist)<br>[https://api.stripe.com/v1/issuing/disputes/nowaythiscanexist](https://api.stripe.com/v1/issuing/disputes/nowaythiscanexist)<br>[https://api.stripe.com/v1/issuing/funding_instructions](https://api.stripe.com/v1/issuing/funding_instructions)<br>[https://api.stripe.com/v1/issuing/tokens/nowaythiscanexist](https://api.stripe.com/v1/issuing/tokens/nowaythiscanexist)<br>[https://api.stripe.com/v1/issuing/transactions/nowaythiscanexist](https://api.stripe.com/v1/issuing/transactions/nowaythiscanexist)<br>[https://api.stripe.com/v1/orders](https://api.stripe.com/v1/orders)<br>[https://api.stripe.com/v1/payment_intents](https://api.stripe.com/v1/payment_intents)<br>[https://api.stripe.com/v1/payment_links](https://api.stripe.com/v1/payment_links)<br>[https://api.stripe.com/v1/payment_method_domains](https://api.stripe.com/v1/payment_method_domains)<br>[https://api.stripe.com/v1/payment_methods/nowaycanthisexist](https://api.stripe.com/v1/payment_methods/nowaycanthisexist)<br>[https://api.stripe.com/v1/payouts](https://api.stripe.com/v1/payouts)<br>[https://api.stripe.com/v1/prices](https://api.stripe.com/v1/prices)<br>[https://api.stripe.com/v1/products](https://api.stripe.com/v1/products)<br>[https://api.stripe.com/v1/promotion_codes](https://api.stripe.com/v1/promotion_codes)<br>[https://api.stripe.com/v1/quotes/nowaythiscanexist](https://api.stripe.com/v1/quotes/nowaythiscanexist)<br>[https://api.stripe.com/v1/reporting/report_runs](https://api.stripe.com/v1/reporting/report_runs)<br>[https://api.stripe.com/v1/reviews/nowaycanthisexist/approve](https://api.stripe.com/v1/reviews/nowaycanthisexist/approve)<br>[https://api.stripe.com/v1/setup_intents/nowaycanthisexist](https://api.stripe.com/v1/setup_intents/nowaycanthisexist)<br>[https://api.stripe.com/v1/shipping_rates](https://api.stripe.com/v1/shipping_rates)<br>[https://api.stripe.com/v1/skus](https://api.stripe.com/v1/skus)<br>[https://api.stripe.com/v1/sources/nowaycanthisexist](https://api.stripe.com/v1/sources/nowaycanthisexist)<br>[https://api.stripe.com/v1/subscription_items/nowaythiscanexist/usage_record_summaries](https://api.stripe.com/v1/subscription_items/nowaythiscanexist/usage_record_summaries)<br>[https://api.stripe.com/v1/subscription_items/nowaythiscanexist/usage_records](https://api.stripe.com/v1/subscription_items/nowaythiscanexist/usage_records)<br>[https://api.stripe.com/v1/subscriptions](https://api.stripe.com/v1/subscriptions)<br>[https://api.stripe.com/v1/tax/calculations/nowaycanthisexist/line_items](https://api.stripe.com/v1/tax/calculations/nowaycanthisexist/line_items)<br>[https://api.stripe.com/v1/tax/registrations/nowaycanthisexist](https://api.stripe.com/v1/tax/registrations/nowaycanthisexist)<br>[https://api.stripe.com/v1/tax/settings](https://api.stripe.com/v1/tax/settings)<br>[https://api.stripe.com/v1/tax_ids](https://api.stripe.com/v1/tax_ids)<br>[https://api.stripe.com/v1/tax_rates](https://api.stripe.com/v1/tax_rates)<br>[https://api.stripe.com/v1/terminal/configurations/nowaythiscanexist](https://api.stripe.com/v1/terminal/configurations/nowaythiscanexist)<br>[https://api.stripe.com/v1/terminal/locations](https://api.stripe.com/v1/terminal/locations)<br>[https://api.stripe.com/v1/terminal/readers](https://api.stripe.com/v1/terminal/readers)<br>[https://api.stripe.com/v1/test_helpers/confirmation_tokens](https://api.stripe.com/v1/test_helpers/confirmation_tokens)<br>[https://api.stripe.com/v1/test_helpers/test_clocks](https://api.stripe.com/v1/test_helpers/test_clocks)<br>[https://api.stripe.com/v1/tokens/nowaycanthisexist](https://api.stripe.com/v1/tokens/nowaycanthisexist)<br>[https://api.stripe.com/v1/topups](https://api.stripe.com/v1/topups)<br>[https://api.stripe.com/v1/transfers](https://api.stripe.com/v1/transfers)<br>[https://api.stripe.com/v1/webhook_endpoints](https://api.stripe.com/v1/webhook_endpoints)<br>[https://api.stytch.com/v1/users/pendingapplication/vnd.tatumio](https://api.stytch.com/v1/users/pendingapplication/vnd.tatumio)<br>[https://api.supabase.com/v1/projectshttps](https://api.supabase.com/v1/projectshttps)<br>[https://api.supernotes.app/v1/userhttps](https://api.supernotes.app/v1/userhttps)<br>[https://api.surveyanyplace.com/v1/surveys/https](https://api.surveyanyplace.com/v1/surveys/https)<br>[https://api.surveysparrow.com/v1/contactshttps](https://api.surveysparrow.com/v1/contactshttps)<br>[https://api.swell.store/products](https://api.swell.store/products)<br>[https://api.tailscale.com/api/v2/secret](https://api.tailscale.com/api/v2/secret)<br>[https://api.tallyfy.com/me](https://api.tallyfy.com/me)<br>[https://api.taxjar.com/v2/categorieshttps](https://api.taxjar.com/v2/categorieshttps)<br>[https://api.teamgate.com/v4/usershttps](https://api.teamgate.com/v4/usershttps)<br>[https://api.telegram.org/bot](https://api.telegram.org/bot)<br>[https://api.teletype.app/public/api/v1/messageshttps](https://api.teletype.app/public/api/v1/messageshttps)<br>[https://api.telnyx.com/v2/messaging_profilesapplication/vnd.tickettailor](https://api.telnyx.com/v2/messaging_profilesapplication/vnd.tickettailor)<br>[https://api.testingbot.com/v1/userhttps](https://api.testingbot.com/v1/userhttps)<br>[https://api.textanywhere.com/API/v1.0/REST/statushttps](https://api.textanywhere.com/API/v1.0/REST/statushttps)<br>[https://api.thinkific.com/api/public/v1/collectionshttps](https://api.thinkific.com/api/public/v1/collectionshttps)<br>[https://api.thousandeyes.com/v6/endpoint](https://api.thousandeyes.com/v6/endpoint)<br>[https://api.tickettailor.com/v1/ordershttps](https://api.tickettailor.com/v1/ordershttps)<br>[https://api.tiingo.com/tiingo/fundamentals/definitionshttps](https://api.tiingo.com/tiingo/fundamentals/definitionshttps)<br>[https://api.todoist.com/rest/v2/projectshttps](https://api.todoist.com/rest/v2/projectshttps)<br>[https://api.tomorrow.io/v4/alerts](https://api.tomorrow.io/v4/alerts)<br>[https://api.tomtom.com/map/1/tile/basic/main/0/0/0.png](https://api.tomtom.com/map/1/tile/basic/main/0/0/0.png)<br>[https://api.tradier.com/v1/watchlistshttps](https://api.tradier.com/v1/watchlistshttps)<br>[https://api.transferwise.com/v2/profileshttps](https://api.transferwise.com/v2/profileshttps)<br>[https://api.travelpayouts.com/v2/prices/latest](https://api.travelpayouts.com/v2/prices/latest)<br>[https://api.travis](https://api.travis)<br>[https://api.trello.com/1/members/me](https://api.trello.com/1/members/me)<br>[https://api.twelvedata.com/earliest_timestamp](https://api.twelvedata.com/earliest_timestamp)<br>[https://api.twilio.com/2010](https://api.twilio.com/2010)<br>[https://api.twist.com/api/v3/users/get_session_userhttps](https://api.twist.com/api/v3/users/get_session_userhttps)<br>[https://api.twitter.com/2/tweets/20https](https://api.twitter.com/2/tweets/20https)<br>[https://api.twitter.com/oauth2/tokenapplication/vnd.uploadcare](https://api.twitter.com/oauth2/tokenapplication/vnd.uploadcare)<br>[https://api.tyntec.com/2fa/v1/applicationerror](https://api.tyntec.com/2fa/v1/applicationerror)<br>[https://api.typeform.com/me](https://api.typeform.com/me)<br>[https://api.uclassify.com/v1/uClassify/Sentiment/classifyReceived](https://api.uclassify.com/v1/uClassify/Sentiment/classifyReceived)<br>[https://api.unify.id/v1/humandetect/verifyhttps](https://api.unify.id/v1/humandetect/verifyhttps)<br>[https://api.unplu.gg/forecasthttps](https://api.unplu.gg/forecasthttps)<br>[https://api.unsplash.com/photos/](https://api.unsplash.com/photos/)<br>[https://api.upcdatabase.org/product/0111222333446](https://api.upcdatabase.org/product/0111222333446)<br>[https://api.uplead.com/v2/creditshttps](https://api.uplead.com/v2/creditshttps)<br>[https://api.uploadcare.com/files/https](https://api.uploadcare.com/files/https)<br>[https://api.uptimerobot.com/v2/getMonitors](https://api.uptimerobot.com/v2/getMonitors)<br>[https://api.upwave.io/workspaces/https](https://api.upwave.io/workspaces/https)<br>[https://api.us1.signalfx.com/v2/dashboard](https://api.us1.signalfx.com/v2/dashboard)<br>[https://api.us2.sumologic.com/api/v1/users](https://api.us2.sumologic.com/api/v1/users)<br>[https://api.userflow.com/users](https://api.userflow.com/users)<br>[https://api.userstack.com/detect](https://api.userstack.com/detect)<br>[https://api.vbout.com/1/app/me.json](https://api.vbout.com/1/app/me.json)<br>[https://api.vercel.com/www/userenumerating](https://api.vercel.com/www/userenumerating)<br>[https://api.verimail.io/v3/verify](https://api.verimail.io/v3/verify)<br>[https://api.veriphone.io/v2/verify](https://api.veriphone.io/v2/verify)<br>[https://api.voicegain.ai/v1/sa/confighttps](https://api.voicegain.ai/v1/sa/confighttps)<br>[https://api.voodoosms.com/creditsError](https://api.voodoosms.com/creditsError)<br>[https://api.vultr.com/v2/accounterror](https://api.vultr.com/v2/accounterror)<br>[https://api.vyte.in/v2/events](https://api.vyte.in/v2/events)<br>[https://api.weatherbit.io/v2.0/history/airquality](https://api.weatherbit.io/v2.0/history/airquality)<br>[https://api.weatherstack.com/current](https://api.weatherstack.com/current)<br>[https://api.web3.storage/user/uploadshttps](https://api.web3.storage/user/uploadshttps)<br>[https://api.webflow.com/info](https://api.webflow.com/info)<br>[https://api.webscraper.io/api/v1/sitemaps](https://api.webscraper.io/api/v1/sitemaps)<br>[https://api.webscrapingapi.com/v1](https://api.webscrapingapi.com/v1)<br>[https://api.websitepulse.com/textserver.php](https://api.websitepulse.com/textserver.php)<br>[https://api.whoxy.com/](https://api.whoxy.com/)<br>[https://api.wistia.com/v1/stats/account.json](https://api.wistia.com/v1/stats/account.json)<br>[https://api.worksnaps.com/api/projects.xmlunable](https://api.worksnaps.com/api/projects.xmlunable)<br>[https://api.worldweatheronline.com/premium/v1/search.ashx](https://api.worldweatheronline.com/premium/v1/search.ashx)<br>[https://api.yelp.com/v3/businesses/search](https://api.yelp.com/v3/businesses/search)<br>[https://api.youneedabudget.com/v1/user](https://api.youneedabudget.com/v1/user)<br>[https://api.zenrows.com/v1/](https://api.zenrows.com/v1/)<br>[https://api.zeplin.dev/v1/users/meerror](https://api.zeplin.dev/v1/users/meerror)<br>[https://api.zerobounce.net/v1/activity](https://api.zerobounce.net/v1/activity)<br>[https://api.zerotier.com/api/v1/networkBranch](https://api.zerotier.com/api/v1/networkBranch)<br>[https://api.zipbooks.com/v2/auth/loginTotal](https://api.zipbooks.com/v2/auth/loginTotal)<br>[https://api2.autopilothq.com/v1/account](https://api2.autopilothq.com/v1/account)<br>[https://api2.frontapp.com/accountshttps](https://api2.frontapp.com/accountshttps)<br>[https://api4.nozbe.com/v1/api/usershttps](https://api4.nozbe.com/v1/api/usershttps)<br>[https://apilayer.net/api/check](https://apilayer.net/api/check)<br>[https://apilayer.net/api/validate](https://apilayer.net/api/validate)<br>[https://apis.paralleldots.com/v4/intenterror](https://apis.paralleldots.com/v4/intenterror)<br>[https://apiv2.allsportsapi.com/football/](https://apiv2.allsportsapi.com/football/)<br>[https://apiv2.bitcoinaverage.com/websocket/v3/get_tickethttps](https://apiv2.bitcoinaverage.com/websocket/v3/get_tickethttps)<br>[https://apiv4.reallysimplesystems.com/accountshttps](https://apiv4.reallysimplesystems.com/accountshttps)<br>[https://app.apacta.com/api/v1/time_entries](https://app.apacta.com/api/v1/time_entries)<br>[https://app.asana.com/api/1.0/users/meRead](https://app.asana.com/api/1.0/users/meRead)<br>[https://app.atera.com/api/v3/alertshttps](https://app.atera.com/api/v3/alertshttps)<br>[https://app.ayrshare.com/api/analytics/links](https://app.ayrshare.com/api/analytics/links)<br>[https://app.besnappy.com/api/v1/accountshttps](https://app.besnappy.com/api/v1/accountshttps)<br>[https://app.caflou.com/api/v1/accounts.currencycloud.com/v2/authenticate/apihttps](https://app.caflou.com/api/v1/accounts.currencycloud.com/v2/authenticate/apihttps)<br>[https://app.circleci.com/pipelines/](https://app.circleci.com/pipelines/)<br>[https://app.codacy.com/api/v3/user](https://app.codacy.com/api/v3/user)<br>[https://app.eraser.io/api/render/elements](https://app.eraser.io/api/render/elements)<br>[https://app.goflightlabs.com/airports](https://app.goflightlabs.com/airports)<br>[https://app.karmacrm.com/api/v3/contacts.json](https://app.karmacrm.com/api/v3/contacts.json)<br>[https://app.klipfolio.com/api/1.0/users](https://app.klipfolio.com/api/1.0/users)<br>[https://app.launchdarkly.com/api/v2/caller](https://app.launchdarkly.com/api/v2/caller)<br>[https://app.lendflow.io/api/v1/deals](https://app.lendflow.io/api/v1/deals)<br>[https://app.loadmill.com/api/v1/labels](https://app.loadmill.com/api/v1/labels)<br>[https://app.magnetichq.com/Magnetic/rest/accountsAPI/itemTypes](https://app.magnetichq.com/Magnetic/rest/accountsAPI/itemTypes)<br>[https://app.nimble.com/api/v1/myselfhttps](https://app.nimble.com/api/v1/myselfhttps)<br>[https://app.onedesk.com/rest/2.0/login/loginUserhttps](https://app.onedesk.com/rest/2.0/login/loginUserhttps)<br>[https://app.onepagecrm.com/api/v3/contacts.json](https://app.onepagecrm.com/api/v3/contacts.json)<br>[https://app.paymoapp.com/api/me](https://app.paymoapp.com/api/me)<br>[https://app.posthog.com/api/event/](https://app.posthog.com/api/event/)<br>[https://app.revampcrm.com/api/1.0/User/WhoAmIhttps](https://app.revampcrm.com/api/1.0/User/WhoAmIhttps)<br>[https://app.satismeter.com/api/users](https://app.satismeter.com/api/users)<br>[https://app.scrapingbee.com/api/v1/](https://app.scrapingbee.com/api/v1/)<br>[https://app.snipcart.com/api/ordersgrant_type=refresh_token&client_id=](https://app.snipcart.com/api/ordersgrant_type=refresh_token&client_id=)<br>[https://app.surveybot.io/api/v1/surveys](https://app.surveybot.io/api/v1/surveys)<br>[https://app.terraform.io/api/v2/account/detailshttps](https://app.terraform.io/api/v2/account/detailshttps)<br>[https://app.ticketmaster.com/discovery/v2/events.json](https://app.ticketmaster.com/discovery/v2/events.json)<br>[https://app.timecamp.com/third_party/api/user](https://app.timecamp.com/third_party/api/user)<br>[https://app.tmetric.com/api/v3/userhttps](https://app.tmetric.com/api/v3/userhttps)<br>[https://app.travis](https://app.travis)<br>[https://app.vagrantup.com/api/v2/authenticateunexpected](https://app.vagrantup.com/api/v2/authenticateunexpected)<br>[https://app.workstack.io/api/team](https://app.workstack.io/api/team)<br>[https://app.zenscrape.com/api/v1/statushttps](https://app.zenscrape.com/api/v1/statushttps)<br>[https://app.zenserp.com/api/v2/search](https://app.zenserp.com/api/v2/search)<br>[https://app.zipcodebase.com/api/v1/search](https://app.zipcodebase.com/api/v1/search)<br>[https://apple.comhttps](https://apple.comhttps)<br>[https://auth.app.wiz.io/oauth/tokenerror](https://auth.app.wiz.io/oauth/tokenerror)<br>[https://auth.dfuse.io/v1/auth/issuehttps](https://auth.dfuse.io/v1/auth/issuehttps)<br>[https://auth.freshbooks.com/oauth/authorize](https://auth.freshbooks.com/oauth/authorize)<br>[https://authn.nvidia.com/token](https://authn.nvidia.com/token)<br>[https://axonaut.com/api/v2/companies](https://axonaut.com/api/v2/companies)<br>[https://backboard.railway.app/graphql/v2application/vnd.sugester](https://backboard.railway.app/graphql/v2application/vnd.sugester)<br>[https://base.zenkit.com/api/v1/users/mehttps](https://base.zenkit.com/api/v1/users/mehttps)<br>[https://batch.chinacloudapi.cn/mysql.database.chinacloudapi.cnhttps](https://batch.chinacloudapi.cn/mysql.database.chinacloudapi.cnhttps)<br>[https://batch.cloudapi.de/mysql.database.cloudapi.decloudapp.microsoftazure.denegative](https://batch.cloudapi.de/mysql.database.cloudapi.decloudapp.microsoftazure.denegative)<br>[https://batch.core.usgovcloudapi.net/https](https://batch.core.usgovcloudapi.net/https)<br>[https://batch.core.windows.net/https](https://batch.core.windows.net/https)<br>[https://besttime.app/api/v1/keys/https](https://besttime.app/api/v1/keys/https)<br>[https://blitapp.com/api/apps/allhttps](https://blitapp.com/api/apps/allhttps)<br>[https://boostnote.io/api/docshttps](https://boostnote.io/api/docshttps)<br>[https://budibase.app/api/public/v1/applications/searchhttps](https://budibase.app/api/public/v1/applications/searchhttps)<br>[https://calendarific.com/api/v2/holidays](https://calendarific.com/api/v2/holidays)<br>[https://campayn.com/api/v1/lists](https://campayn.com/api/v1/lists)<br>[https://canny.io/api/v1/boards/listhttps](https://canny.io/api/v1/boards/listhttps)<br>[https://capi.tokeet.com/v1/user](https://capi.tokeet.com/v1/user)<br>[https://cex.io/api/balance/](https://cex.io/api/balance/)<br>[https://checkvist.com/auth/login.json](https://checkvist.com/auth/login.json)<br>[https://cicero.azavea.com/v3.1/account/credits_remaining](https://cicero.azavea.com/v3.1/account/credits_remaining)<br>[https://circleci.com/api/v1.1/invalid](https://circleci.com/api/v1.1/invalid)<br>[https://circleci.com/api/v2/mehttps](https://circleci.com/api/v2/mehttps)<br>[https://cloud.bitbar.com/api/mehttps](https://cloud.bitbar.com/api/mehttps)<br>[https://cloud.digitalocean.com/v1/oauth/token](https://cloud.digitalocean.com/v1/oauth/token)<br>[https://cloud.drone.io/api/userhttps](https://cloud.drone.io/api/userhttps)<br>[https://cloud.google.com/docs/authentication/external/set](https://cloud.google.com/docs/authentication/external/set)<br>[https://cloud.iexapis.com/stable/stock/aapl/quote](https://cloud.iexapis.com/stable/stock/aapl/quote)<br>[https://cloud.iexapis.com/v1/stock/aapl/quote](https://cloud.iexapis.com/v1/stock/aapl/quote)<br>[https://cloud.viewneo.com/api/v1.0/playlistapplication/vnd.zipcodebase](https://cloud.viewneo.com/api/v1.0/playlistapplication/vnd.zipcodebase)<br>[https://clustdoc.com/api/usershttps](https://clustdoc.com/api/usershttps)<br>[https://coda.io/apis/v1/whoami](https://coda.io/apis/v1/whoami)<br>[https://codequiry.com/api/v1/checks](https://codequiry.com/api/v1/checks)<br>[https://coinlib.io/api/v1/global](https://coinlib.io/api/v1/global)<br>[https://collect2.com/api/](https://collect2.com/api/)<br>[https://commodities](https://commodities)<br>[https://connect.squareup.com/oauth2/authorize](https://connect.squareup.com/oauth2/authorize)<br>[https://connect.squareup.com/oauth2/token/statusx509](https://connect.squareup.com/oauth2/token/statusx509)<br>[https://connect.squareup.com/v2/team](https://connect.squareup.com/v2/team)<br>[https://connect.squareupsandbox.com/oauth2/revokehttps](https://connect.squareupsandbox.com/oauth2/revokehttps)<br>[https://connect.squareupsandbox.com/v2/merchantshttps](https://connect.squareupsandbox.com/v2/merchantshttps)<br>[https://console.jumpcloud.com/api/v2/systemgroupshttps](https://console.jumpcloud.com/api/v2/systemgroupshttps)<br>[https://content.guardianapis.com/search](https://content.guardianapis.com/search)<br>[https://convier.me/api/eventhttps](https://convier.me/api/eventhttps)<br>[https://cosmos.azure.comfailed](https://cosmos.azure.comfailed)<br>[https://coveralls.io/api/repos/github/secretscanner02/scanner](https://coveralls.io/api/repos/github/secretscanner02/scanner)<br>[https://customer.guru/export/customers](https://customer.guru/export/customers)<br>[https://dash.readme.com/api/v1https](https://dash.readme.com/api/v1https)<br>[https://dashboard.chatfuel.com/api/botshttps](https://dashboard.chatfuel.com/api/botshttps)<br>[https://data.fixer.io/api/latest](https://data.fixer.io/api/latest)<br>[https://database.chinacloudapi.cn/expected](https://database.chinacloudapi.cn/expected)<br>[https://database.cloudapi.de/not](https://database.cloudapi.de/not)<br>[https://database.usgovcloudapi.net/data](https://database.usgovcloudapi.net/data)<br>[https://database.windows.net/postgres.database.cloudapi.dehttps](https://database.windows.net/postgres.database.cloudapi.dehttps)<br>[https://datalake.azure.net/https](https://datalake.azure.net/https)<br>[https://dataservice.accuweather.com/locations/v1/cities/autocomplete](https://dataservice.accuweather.com/locations/v1/cities/autocomplete)<br>[https://deliver.kontent.ai/](https://deliver.kontent.ai/)<br>[https://dev.azure.com/](https://dev.azure.com/)<br>[https://dev.azuresynapse.nethttps](https://dev.azuresynapse.nethttps)<br>[https://dev.azuresynapse.usgovcloudapi.netdata](https://dev.azuresynapse.usgovcloudapi.netdata)<br>[https://dev.lunchmoney.app/v1/categories](https://dev.lunchmoney.app/v1/categories)<br>[https://developer.api.autodesk.com/authentication/v1/authenticateimage](https://developer.api.autodesk.com/authentication/v1/authenticateimage)<br>[https://dictionary.yandex.net/api/v1/dicservice.json/getLangs](https://dictionary.yandex.net/api/v1/dicservice.json/getLangs)<br>[https://discord.com/api/v8/users/https](https://discord.com/api/v8/users/https)<br>[https://discord.com/api/webhooks/https](https://discord.com/api/webhooks/https)<br>[https://disqus.com/api/3.0/trends/listThreads.json](https://disqus.com/api/3.0/trends/listThreads.json)<br>[https://docs.airbrake.io/docs/devops](https://docs.airbrake.io/docs/devops)<br>[https://docs.stripe.com/api/account_links](https://docs.stripe.com/api/account_links)<br>[https://docs.stripe.com/api/application_fees/list](https://docs.stripe.com/api/application_fees/list)<br>[https://docs.stripe.com/api/balance](https://docs.stripe.com/api/balance)<br>[https://docs.stripe.com/api/billing/meter/create](https://docs.stripe.com/api/billing/meter/create)<br>[https://docs.stripe.com/api/billing/meter/list](https://docs.stripe.com/api/billing/meter/list)<br>[https://docs.stripe.com/api/charges/list](https://docs.stripe.com/api/charges/list)<br>[https://docs.stripe.com/api/charges/update](https://docs.stripe.com/api/charges/update)<br>[https://docs.stripe.com/api/checkout/sessions/create](https://docs.stripe.com/api/checkout/sessions/create)<br>[https://docs.stripe.com/api/checkout/sessions/list](https://docs.stripe.com/api/checkout/sessions/list)<br>[https://docs.stripe.com/api/climate/order/create](https://docs.stripe.com/api/climate/order/create)<br>[https://docs.stripe.com/api/climate/order/list](https://docs.stripe.com/api/climate/order/list)<br>[https://docs.stripe.com/api/confirmation_tokens/retrieve](https://docs.stripe.com/api/confirmation_tokens/retrieve)<br>[https://docs.stripe.com/api/confirmation_tokens/test_create](https://docs.stripe.com/api/confirmation_tokens/test_create)<br>[https://docs.stripe.com/api/coupons/create](https://docs.stripe.com/api/coupons/create)<br>[https://docs.stripe.com/api/coupons/list](https://docs.stripe.com/api/coupons/list)<br>[https://docs.stripe.com/api/credit_notes/list](https://docs.stripe.com/api/credit_notes/list)<br>[https://docs.stripe.com/api/credit_notes/update](https://docs.stripe.com/api/credit_notes/update)<br>[https://docs.stripe.com/api/customer_portal/sessions/create](https://docs.stripe.com/api/customer_portal/sessions/create)<br>[https://docs.stripe.com/api/customer_sessions/create](https://docs.stripe.com/api/customer_sessions/create)<br>[https://docs.stripe.com/api/customers/list](https://docs.stripe.com/api/customers/list)<br>[https://docs.stripe.com/api/customers/update](https://docs.stripe.com/api/customers/update)<br>[https://docs.stripe.com/api/disputes/list](https://docs.stripe.com/api/disputes/list)<br>[https://docs.stripe.com/api/disputes/update](https://docs.stripe.com/api/disputes/update)<br>[https://docs.stripe.com/api/events/list](https://docs.stripe.com/api/events/list)<br>[https://docs.stripe.com/api/fee_refunds/create](https://docs.stripe.com/api/fee_refunds/create)<br>[https://docs.stripe.com/api/identity/verification_sessions/create](https://docs.stripe.com/api/identity/verification_sessions/create)<br>[https://docs.stripe.com/api/identity/verification_sessions/list](https://docs.stripe.com/api/identity/verification_sessions/list)<br>[https://docs.stripe.com/api/invoices/create](https://docs.stripe.com/api/invoices/create)<br>[https://docs.stripe.com/api/invoices/list](https://docs.stripe.com/api/invoices/list)<br>[https://docs.stripe.com/api/issuing/authorizations/retrieve](https://docs.stripe.com/api/issuing/authorizations/retrieve)<br>[https://docs.stripe.com/api/issuing/authorizations/update](https://docs.stripe.com/api/issuing/authorizations/update)<br>[https://docs.stripe.com/api/issuing/cardholders/create](https://docs.stripe.com/api/issuing/cardholders/create)<br>[https://docs.stripe.com/api/issuing/cardholders/retrieve](https://docs.stripe.com/api/issuing/cardholders/retrieve)<br>[https://docs.stripe.com/api/issuing/cards/create](https://docs.stripe.com/api/issuing/cards/create)<br>[https://docs.stripe.com/api/issuing/cards/retrieve](https://docs.stripe.com/api/issuing/cards/retrieve)<br>[https://docs.stripe.com/api/issuing/disputes/retrieve](https://docs.stripe.com/api/issuing/disputes/retrieve)<br>[https://docs.stripe.com/api/issuing/disputes/update](https://docs.stripe.com/api/issuing/disputes/update)<br>[https://docs.stripe.com/api/issuing/funding_instructions/create](https://docs.stripe.com/api/issuing/funding_instructions/create)<br>[https://docs.stripe.com/api/issuing/funding_instructions/list](https://docs.stripe.com/api/issuing/funding_instructions/list)<br>[https://docs.stripe.com/api/issuing/tokens/retrieve](https://docs.stripe.com/api/issuing/tokens/retrieve)<br>[https://docs.stripe.com/api/issuing/tokens/update](https://docs.stripe.com/api/issuing/tokens/update)<br>[https://docs.stripe.com/api/issuing/transactions/retrieve](https://docs.stripe.com/api/issuing/transactions/retrieve)<br>[https://docs.stripe.com/api/issuing/transactions/update](https://docs.stripe.com/api/issuing/transactions/update)<br>[https://docs.stripe.com/api/payment_intents/create](https://docs.stripe.com/api/payment_intents/create)<br>[https://docs.stripe.com/api/payment_intents/list](https://docs.stripe.com/api/payment_intents/list)<br>[https://docs.stripe.com/api/payment_links/payment_links/create](https://docs.stripe.com/api/payment_links/payment_links/create)<br>[https://docs.stripe.com/api/payment_links/payment_links/list](https://docs.stripe.com/api/payment_links/payment_links/list)<br>[https://docs.stripe.com/api/payment_method_domains/create](https://docs.stripe.com/api/payment_method_domains/create)<br>[https://docs.stripe.com/api/payment_method_domains/list](https://docs.stripe.com/api/payment_method_domains/list)<br>[https://docs.stripe.com/api/payouts/create](https://docs.stripe.com/api/payouts/create)<br>[https://docs.stripe.com/api/payouts/list](https://docs.stripe.com/api/payouts/list)<br>[https://docs.stripe.com/api/prices/create](https://docs.stripe.com/api/prices/create)<br>[https://docs.stripe.com/api/prices/list](https://docs.stripe.com/api/prices/list)<br>[https://docs.stripe.com/api/products/create](https://docs.stripe.com/api/products/create)<br>[https://docs.stripe.com/api/products/list](https://docs.stripe.com/api/products/list)<br>[https://docs.stripe.com/api/promotion_codes/create](https://docs.stripe.com/api/promotion_codes/create)<br>[https://docs.stripe.com/api/promotion_codes/list](https://docs.stripe.com/api/promotion_codes/list)<br>[https://docs.stripe.com/api/quotes/list](https://docs.stripe.com/api/quotes/list)<br>[https://docs.stripe.com/api/quotes/update](https://docs.stripe.com/api/quotes/update)<br>[https://docs.stripe.com/api/radar/reviews/approve](https://docs.stripe.com/api/radar/reviews/approve)<br>[https://docs.stripe.com/api/radar/reviews/list](https://docs.stripe.com/api/radar/reviews/list)<br>[https://docs.stripe.com/api/reporting/report_run/list](https://docs.stripe.com/api/reporting/report_run/list)<br>[https://docs.stripe.com/api/setup_intents/create](https://docs.stripe.com/api/setup_intents/create)<br>[https://docs.stripe.com/api/setup_intents/list](https://docs.stripe.com/api/setup_intents/list)<br>[https://docs.stripe.com/api/shipping_rates/create](https://docs.stripe.com/api/shipping_rates/create)<br>[https://docs.stripe.com/api/shipping_rates/list](https://docs.stripe.com/api/shipping_rates/list)<br>[https://docs.stripe.com/api/sources/retrieve](https://docs.stripe.com/api/sources/retrieve)<br>[https://docs.stripe.com/api/sources/update](https://docs.stripe.com/api/sources/update)<br>[https://docs.stripe.com/api/subscriptions/create](https://docs.stripe.com/api/subscriptions/create)<br>[https://docs.stripe.com/api/subscriptions/list](https://docs.stripe.com/api/subscriptions/list)<br>[https://docs.stripe.com/api/tax/calculations/create](https://docs.stripe.com/api/tax/calculations/create)<br>[https://docs.stripe.com/api/tax/calculations/line_items](https://docs.stripe.com/api/tax/calculations/line_items)<br>[https://docs.stripe.com/api/tax/registrations/update](https://docs.stripe.com/api/tax/registrations/update)<br>[https://docs.stripe.com/api/tax/settings/retrieve](https://docs.stripe.com/api/tax/settings/retrieve)<br>[https://docs.stripe.com/api/tax_ids/create](https://docs.stripe.com/api/tax_ids/create)<br>[https://docs.stripe.com/api/tax_ids/list](https://docs.stripe.com/api/tax_ids/list)<br>[https://docs.stripe.com/api/tax_rates/create](https://docs.stripe.com/api/tax_rates/create)<br>[https://docs.stripe.com/api/tax_rates/list](https://docs.stripe.com/api/tax_rates/list)<br>[https://docs.stripe.com/api/terminal/configuration/list](https://docs.stripe.com/api/terminal/configuration/list)<br>[https://docs.stripe.com/api/terminal/configuration/update](https://docs.stripe.com/api/terminal/configuration/update)<br>[https://docs.stripe.com/api/terminal/locations/create](https://docs.stripe.com/api/terminal/locations/create)<br>[https://docs.stripe.com/api/terminal/locations/list](https://docs.stripe.com/api/terminal/locations/list)<br>[https://docs.stripe.com/api/terminal/readers/create](https://docs.stripe.com/api/terminal/readers/create)<br>[https://docs.stripe.com/api/terminal/readers/list](https://docs.stripe.com/api/terminal/readers/list)<br>[https://docs.stripe.com/api/test_clocks/create](https://docs.stripe.com/api/test_clocks/create)<br>[https://docs.stripe.com/api/test_clocks/list](https://docs.stripe.com/api/test_clocks/list)<br>[https://docs.stripe.com/api/tokens/create_card](https://docs.stripe.com/api/tokens/create_card)<br>[https://docs.stripe.com/api/tokens/retrieve](https://docs.stripe.com/api/tokens/retrieve)<br>[https://docs.stripe.com/api/topups/create](https://docs.stripe.com/api/topups/create)<br>[https://docs.stripe.com/api/topups/list](https://docs.stripe.com/api/topups/list)<br>[https://docs.stripe.com/api/transfers/create](https://docs.stripe.com/api/transfers/create)<br>[https://docs.stripe.com/api/transfers/list](https://docs.stripe.com/api/transfers/list)<br>[https://docs.stripe.com/api/usage_records/create](https://docs.stripe.com/api/usage_records/create)<br>[https://docs.stripe.com/api/usage_records/subscription_item_summary_list](https://docs.stripe.com/api/usage_records/subscription_item_summary_list)<br>[https://docs.stripe.com/api/webhook_endpoints/create](https://docs.stripe.com/api/webhook_endpoints/create)<br>[https://docs.stripe.com/api/webhook_endpoints/list](https://docs.stripe.com/api/webhook_endpoints/list)<br>[https://docsapi.helpscout.net/v1/collectionshttps](https://docsapi.helpscout.net/v1/collectionshttps)<br>[https://dummysite.com](https://dummysite.com)<br>[https://dynalist.io/api/v1/file/listhttps](https://dynalist.io/api/v1/file/listhttps)<br>[https://ecs.aliyuncs.com](https://ecs.aliyuncs.com)<br>[https://eu.posthog.com/api/event/](https://eu.posthog.com/api/event/)<br>[https://example.teamwork.com/crm/api/v2/users.jsonhttps](https://example.teamwork.com/crm/api/v2/users.jsonhttps)<br>[https://example.teamwork.com/desk/api/v2/me.jsonRepository](https://example.teamwork.com/desk/api/v2/me.jsonRepository)<br>[https://example.teamwork.com/spaces/api/v1/users.jsonhttps](https://example.teamwork.com/spaces/api/v1/users.jsonhttps)<br>[https://extractorapi.com/api/v1/extractor](https://extractorapi.com/api/v1/extractor)<br>[https://fetchrss.com/api/v1/feed/list](https://fetchrss.com/api/v1/feed/list)<br>[https://file.io/](https://file.io/)<br>[https://files.stripe.com/v1/files](https://files.stripe.com/v1/files)<br>[https://financialmodelingprep.com/api/v3/financial](https://financialmodelingprep.com/api/v3/financial)<br>[https://finnhub.io/api/v1/calendar/economic](https://finnhub.io/api/v1/calendar/economic)<br>[https://foo.com/bar](https://foo.com/bar)<br>[https://formcrafts.com/api/v1/https](https://formcrafts.com/api/v1/https)<br>[https://formio.form.io/currentapplication/vnd.github.v3](https://formio.form.io/currentapplication/vnd.github.v3)<br>[https://fxmarketapi.com/apilive](https://fxmarketapi.com/apilive)<br>[https://gallery.azure.com/https](https://gallery.azure.com/https)<br>[https://gallery.chinacloudapi.cn/mariadb.database.chinacloudapi.cnhttps](https://gallery.chinacloudapi.cn/mariadb.database.chinacloudapi.cnhttps)<br>[https://gallery.cloudapi.de/mariadb.database.cloudapi.defailed](https://gallery.cloudapi.de/mariadb.database.cloudapi.defailed)<br>[https://gallery.usgovcloudapi.net/mariadb.database.usgovcloudapi.netdev.azuresynapse.usgovcloudapi.netpostgres.database.chinacloudapi.cnhttps](https://gallery.usgovcloudapi.net/mariadb.database.usgovcloudapi.netdev.azuresynapse.usgovcloudapi.netpostgres.database.chinacloudapi.cnhttps)<br>[https://gate.sendbird.com/api/v2/applicationshttps](https://gate.sendbird.com/api/v2/applicationshttps)<br>[https://gen.duply.co/v1/usagegrant_type=client_credentials](https://gen.duply.co/v1/usagegrant_type=client_credentials)<br>[https://geo.ipify.org/api/v2/country](https://geo.ipify.org/api/v2/country)<br>[https://geocode.xyz/51.4647](https://geocode.xyz/51.4647)<br>[https://geoip.maxmind.com/geoip/v2.1/country/8.8.8.8https](https://geoip.maxmind.com/geoip/v2.1/country/8.8.8.8https)<br>[https://getsandbox.com/api/1/sandboxes/](https://getsandbox.com/api/1/sandboxes/)<br>[https://gist.github.comMetaDataValidationErrorunable](https://gist.github.comMetaDataValidationErrorunable)<br>[https://github.com/airbrake/airbrake](https://github.com/airbrake/airbrake)<br>[https://github.com/dustin](https://github.com/dustin)<br>[https://github.com/golang/protobuf/issues/1609](https://github.com/golang/protobuf/issues/1609)<br>[https://github.com/google/go](https://github.com/google/go)<br>[https://github.com/llvm/llvm](https://github.com/llvm/llvm)<br>[https://github.com/login/device/codeDiff](https://github.com/login/device/codeDiff)<br>[https://github.com/login/oauth/access_tokenexpected](https://github.com/login/oauth/access_tokenexpected)<br>[https://github.com/login/oauth/authorizekey](https://github.com/login/oauth/authorizekey)<br>[https://github.com/pygments/pygments/blob/15f222adefd2bf7835bfd74a12d720028ae68d29/pygments/lexers/dalvik.py.](https://github.com/pygments/pygments/blob/15f222adefd2bf7835bfd74a12d720028ae68d29/pygments/lexers/dalvik.py.)<br>[https://github.com/trufflesecurity/test_keyscannot](https://github.com/trufflesecurity/test_keyscannot)<br>[https://github.com/trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog)<br>[https://gitlab.com/Skipping](https://gitlab.com/Skipping)<br>[https://gitlab.com/api/v4/metadatahttps](https://gitlab.com/api/v4/metadatahttps)<br>[https://gitlab.com/api/v4/personal_access_tokens/self](https://gitlab.com/api/v4/personal_access_tokens/self)<br>[https://gitlab.com/api/v4/projectshttps](https://gitlab.com/api/v4/projectshttps)<br>[https://gitlab.com/org/repo.gitAWS](https://gitlab.com/org/repo.gitAWS)<br>[https://gitlab.com/org/repo.gitNumber](https://gitlab.com/org/repo.gitNumber)<br>[https://gitlab.comScan](https://gitlab.comScan)<br>[https://go.postman.co/collection/tls](https://go.postman.co/collection/tls)<br>[https://go.postman.co/environments/could](https://go.postman.co/environments/could)<br>[https://go.postman.co/example/error](https://go.postman.co/example/error)<br>[https://go.postman.co/folder/TLS](https://go.postman.co/folder/TLS)<br>[https://go.postman.co/request/https](https://go.postman.co/request/https)<br>[https://go.postman.co/workspace/could](https://go.postman.co/workspace/could)<br>[https://go.postman.co/workspaces/mail_settings.bounce_purge.updatemail_settings.forward_bounce.readmail_settings.forward_spam.updatepartner_settings.new_relic.updatesubusers](https://go.postman.co/workspaces/mail_settings.bounce_purge.updatemail_settings.forward_bounce.readmail_settings.forward_spam.updatepartner_settings.new_relic.updatesubusers)<br>[https://go.urbanairship.com/api/schedules](https://go.urbanairship.com/api/schedules)<br>[https://google.com&width=1920&height=1080xoxb](https://google.com&width=1920&height=1080xoxb)<br>[https://google.comcrypto/ecdh](https://google.comcrypto/ecdh)<br>[https://google.comhttps](https://google.comhttps)<br>[https://grafana.com/api/v1/tokens](https://grafana.com/api/v1/tokens)<br>[https://graph.chinacloudapi.cn/https](https://graph.chinacloudapi.cn/https)<br>[https://graph.cloudapi.de/https](https://graph.cloudapi.de/https)<br>[https://graph.facebook.com/me](https://graph.facebook.com/me)<br>[https://graph.microsoft.com/https](https://graph.microsoft.com/https)<br>[https://graph.microsoft.us/https](https://graph.microsoft.us/https)<br>[https://graph.windows.net/mariadb.database.azure.comhttps](https://graph.windows.net/mariadb.database.azure.comhttps)<br>[https://graphhopper.com/api/1/geocode](https://graphhopper.com/api/1/geocode)<br>[https://graphql.us.jupiterone.io/https](https://graphql.us.jupiterone.io/https)<br>[https://gtmetrix.com/api/2.0/statushttps](https://gtmetrix.com/api/2.0/statushttps)<br>[https://hg.mozilla.org/releases/mozilla](https://hg.mozilla.org/releases/mozilla)<br>[https://holidayapi.com/v1/holidays](https://holidayapi.com/v1/holidays)<br>[https://hooman.pipedrive.com/api/v1/users](https://hooman.pipedrive.com/api/v1/users)<br>[https://host.io/api/domains/ip/8.8.8.8](https://host.io/api/domains/ip/8.8.8.8)<br>[https://howtorotate.com/docs/tutorials/airbrake/https](https://howtorotate.com/docs/tutorials/airbrake/https)<br>[https://howtorotate.com/docs/tutorials/atlassian/https](https://howtorotate.com/docs/tutorials/atlassian/https)<br>[https://howtorotate.com/docs/tutorials/aws/request](https://howtorotate.com/docs/tutorials/aws/request)<br>[https://howtorotate.com/docs/tutorials/azure/https](https://howtorotate.com/docs/tutorials/azure/https)<br>[https://howtorotate.com/docs/tutorials/elevenlabs/https](https://howtorotate.com/docs/tutorials/elevenlabs/https)<br>[https://howtorotate.com/docs/tutorials/eraser/https](https://howtorotate.com/docs/tutorials/eraser/https)<br>[https://howtorotate.com/docs/tutorials/gcp/https](https://howtorotate.com/docs/tutorials/gcp/https)<br>[https://howtorotate.com/docs/tutorials/github/https](https://howtorotate.com/docs/tutorials/github/https)<br>[https://howtorotate.com/docs/tutorials/gitlab/https](https://howtorotate.com/docs/tutorials/gitlab/https)<br>[https://howtorotate.com/docs/tutorials/groq/https](https://howtorotate.com/docs/tutorials/groq/https)<br>[https://howtorotate.com/docs/tutorials/mailchimp/https](https://howtorotate.com/docs/tutorials/mailchimp/https)<br>[https://howtorotate.com/docs/tutorials/maxmind/https](https://howtorotate.com/docs/tutorials/maxmind/https)<br>[https://howtorotate.com/docs/tutorials/microsoftteams/.myfreshworks.com/crm/sales/api/sales_accounts/filtershttps](https://howtorotate.com/docs/tutorials/microsoftteams/.myfreshworks.com/crm/sales/api/sales_accounts/filtershttps)<br>[https://howtorotate.com/docs/tutorials/mongo/https](https://howtorotate.com/docs/tutorials/mongo/https)<br>[https://howtorotate.com/docs/tutorials/netlify//services/rest/record/v1/metadata](https://howtorotate.com/docs/tutorials/netlify//services/rest/record/v1/metadata)<br>[https://howtorotate.com/docs/tutorials/npm/](https://howtorotate.com/docs/tutorials/npm/)<br>[https://howtorotate.com/docs/tutorials/railwayapp/https](https://howtorotate.com/docs/tutorials/railwayapp/https)<br>[https://howtorotate.com/docs/tutorials/sendbird/https](https://howtorotate.com/docs/tutorials/sendbird/https)<br>[https://howtorotate.com/docs/tutorials/sendgrid/https](https://howtorotate.com/docs/tutorials/sendgrid/https)<br>[https://howtorotate.com/docs/tutorials/slack/](https://howtorotate.com/docs/tutorials/slack/)<br>[https://howtorotate.com/docs/tutorials/sourcegraph/https](https://howtorotate.com/docs/tutorials/sourcegraph/https)<br>[https://howtorotate.com/docs/tutorials/square/https](https://howtorotate.com/docs/tutorials/square/https)<br>[https://howtorotate.com/docs/tutorials/stripe/https](https://howtorotate.com/docs/tutorials/stripe/https)<br>[https://howtorotate.com/docs/tutorials/sumologic/https](https://howtorotate.com/docs/tutorials/sumologic/https)<br>[https://howtorotate.com/docs/tutorials/twilio/](https://howtorotate.com/docs/tutorials/twilio/)<br>[https://httpbin.org/anythingAPI](https://httpbin.org/anythingAPI)<br>[https://httpbin.org/status/200https](https://httpbin.org/status/200https)<br>[https://hub.docker.com/v2/users/loginapplication/vnd.dyspatch.2020.11](https://hub.docker.com/v2/users/loginapplication/vnd.dyspatch.2020.11)<br>[https://huggingface.co/api/modelsparsing](https://huggingface.co/api/modelsparsing)<br>[https://huggingface.co/api/whoami](https://huggingface.co/api/whoami)<br>[https://huggingface.cofailed](https://huggingface.cofailed)<br>[https://iam.googleapis.com/v1/roleshttps](https://iam.googleapis.com/v1/roleshttps)<br>[https://iamcredentials..](https://iamcredentials..)<br>[https://iamcredentials.UNIVERSE_DOMAIN/failed](https://iamcredentials.UNIVERSE_DOMAIN/failed)<br>[https://iamcredentials.googleapis.com/openpgp](https://iamcredentials.googleapis.com/openpgp)<br>[https://iamcredentials.googleapis.com/v1/](https://iamcredentials.googleapis.com/v1/)<br>[https://iamcredentials.mtls.googleapis.com/buffered_file_writer_total_write_size_byteshash/adler32](https://iamcredentials.mtls.googleapis.com/buffered_file_writer_total_write_size_byteshash/adler32)<br>[https://id.twitch.tv/oauth2/token](https://id.twitch.tv/oauth2/token)<br>[https://index.docker.io/v1/Unreachable](https://index.docker.io/v1/Unreachable)<br>[https://industrial.api.ubidots.com/api/v1.6/variables/https](https://industrial.api.ubidots.com/api/v1.6/variables/https)<br>[https://interseller.io/api/campaigns/listhttps](https://interseller.io/api/campaigns/listhttps)<br>[https://io.adafruit.com/api/v2/ladybugtest/feeds/](https://io.adafruit.com/api/v2/ladybugtest/feeds/)<br>[https://jenkins.example.com](https://jenkins.example.com)<br>[https://keychecker.trufflesecurity.com/fingerprint/](https://keychecker.trufflesecurity.com/fingerprint/)<br>[https://learning.postman.com/docs/collaborating](https://learning.postman.com/docs/collaborating)<br>[https://linkedin.com/in/williamhgates](https://linkedin.com/in/williamhgates)<br>[https://localhost/deprecated_featureconnection_failureprotocol_violationindicator_overflowrestrict_violationnot_null_violationcollation_mismatchundefined_functionduplicate_databaseduplicate_functionam](https://localhost/deprecated_featureconnection_failureprotocol_violationindicator_overflowrestrict_violationnot_null_violationcollation_mismatchundefined_functionduplicate_databaseduplicate_functionam)<br>[https://login.chinacloudapi.cn/https](https://login.chinacloudapi.cn/https)<br>[https://login.eagleeyenetworks.com/g/aaa/authenticatehttps](https://login.eagleeyenetworks.com/g/aaa/authenticatehttps)<br>[https://login.microsoftonline.com/semaphore](https://login.microsoftonline.com/semaphore)<br>[https://login.microsoftonline.de/2006](https://login.microsoftonline.de/2006)<br>[https://login.microsoftonline.us/https](https://login.microsoftonline.us/https)<br>[https://mailsac.com/api/addresseshttps](https://mailsac.com/api/addresseshttps)<br>[https://mainnet.infura.io/v3/KNAPSACK](https://mainnet.infura.io/v3/KNAPSACK)<br>[https://manage.chinacloudapi.com/https](https://manage.chinacloudapi.com/https)<br>[https://manage.chinacloudapi.com/publishsettings/indexhttps](https://manage.chinacloudapi.com/publishsettings/indexhttps)<br>[https://manage.microsoftazure.de/publishsettings/indexhttp](https://manage.microsoftazure.de/publishsettings/indexhttp)<br>[https://manage.windowsazure.com/https](https://manage.windowsazure.com/https)<br>[https://manage.windowsazure.com/publishsettings/indexraw](https://manage.windowsazure.com/publishsettings/indexraw)<br>[https://manage.windowsazure.us/https](https://manage.windowsazure.us/https)<br>[https://manage.windowsazure.us/publishsettings/indexunrecognized](https://manage.windowsazure.us/publishsettings/indexunrecognized)<br>[https://managedhsm.azure.net/https](https://managedhsm.azure.net/https)<br>[https://managedhsm.azure.netservicebus.usgovcloudapi.nethttps](https://managedhsm.azure.netservicebus.usgovcloudapi.nethttps)<br>[https://management.azure.com/https](https://management.azure.com/https)<br>[https://management.chinacloudapi.cn/https](https://management.chinacloudapi.cn/https)<br>[https://management.core.chinacloudapi.cn/https](https://management.core.chinacloudapi.cn/https)<br>[https://management.core.cloudapi.de/data](https://management.core.cloudapi.de/data)<br>[https://management.core.usgovcloudapi.net/https](https://management.core.usgovcloudapi.net/https)<br>[https://management.core.windows.net/https](https://management.core.windows.net/https)<br>[https://management.microsoftazure.de/expected](https://management.microsoftazure.de/expected)<br>[https://management.usgovcloudapi.net/https](https://management.usgovcloudapi.net/https)<br>[https://mandrillapp.com/api/1.0/users/infohttps](https://mandrillapp.com/api/1.0/users/infohttps)<br>[https://microsoftgraph.chinacloudapi.cn/server_duration](https://microsoftgraph.chinacloudapi.cn/server_duration)<br>[https://microsoftgraph.chinacloudapi.cngo](https://microsoftgraph.chinacloudapi.cngo)<br>[https://mltb8350.hiveage.com/api/networkapplication/vnd.hybiscus](https://mltb8350.hiveage.com/api/networkapplication/vnd.hybiscus)<br>[https://moderationapi.com/api/v1/analyze/languagePostgres](https://moderationapi.com/api/v1/analyze/languagePostgres)<br>[https://mrticktock.com/app/api/is_timer_active](https://mrticktock.com/app/api/is_timer_active)<br>[https://my.demio.com/api/v1/ping/query](https://my.demio.com/api/v1/ping/query)<br>[https://nethunt.com/api/v1/zapier/triggers/readable](https://nethunt.com/api/v1/zapier/triggers/readable)<br>[https://neutrinoapi.net/url](https://neutrinoapi.net/url)<br>[https://newsapi.org/v2/everything](https://newsapi.org/v2/everything)<br>[https://oauth2.googleapis.com/device/codemssql](https://oauth2.googleapis.com/device/codemssql)<br>[https://oauth2.googleapis.com/tokenoauth2/google](https://oauth2.googleapis.com/tokenoauth2/google)<br>[https://oauth2.mtls.googleapis.com/tokengrpc.io/server/received_messages_per_rpcgrpc.io/client/received_messages_per_rpcgrpclb](https://oauth2.mtls.googleapis.com/tokengrpc.io/server/received_messages_per_rpcgrpc.io/client/received_messages_per_rpcgrpclb)<br>[https://onesignal.com/api/v1/appshttps](https://onesignal.com/api/v1/appshttps)<br>[https://onfleet.com/api/v2/organizationhttps](https://onfleet.com/api/v2/organizationhttps)<br>[https://open.larksuite.com/open](https://open.larksuite.com/open)<br>[https://opentelemetry.io/schemas/1.17.0grpclb](https://opentelemetry.io/schemas/1.17.0grpclb)<br>[https://oss.trufflehog.org/updatesillegal](https://oss.trufflehog.org/updatesillegal)<br>[https://ossrdbms](https://ossrdbms)<br>[https://otx.alienvault.com/api/v1/users/mehttps](https://otx.alienvault.com/api/v1/users/mehttps)<br>[https://owlbot.info/api/v4/dictionary/securityhttps](https://owlbot.info/api/v4/dictionary/securityhttps)<br>[https://packagecloud.io/api/v1/reposhttps](https://packagecloud.io/api/v1/reposhttps)<br>[https://partner_settingscategories.statsGoogle](https://partner_settingscategories.statsGoogle)<br>[https://pastebin.com/api/api_post.phpapplication/vnd.percy](https://pastebin.com/api/api_post.phpapplication/vnd.percy)<br>[https://paydirtapp.com/api/v1/clients](https://paydirtapp.com/api/v1/clients)<br>[https://payments.braintree](https://payments.braintree)<br>[https://payments.sandbox.braintree](https://payments.sandbox.braintree)<br>[https://pdflayer.com/downloads/invoice.htmlPlanetScale](https://pdflayer.com/downloads/invoice.htmlPlanetScale)<br>[https://percy.io/api/v1/projectshttps](https://percy.io/api/v1/projectshttps)<br>[https://person.clearbit.com/v1/people/email/alex](https://person.clearbit.com/v1/people/email/alex)<br>[https://pixabay.com/api/](https://pixabay.com/api/)<br>[https://pkg.go.dev/cloud.google.com/go/storage](https://pkg.go.dev/cloud.google.com/go/storage)<br>[https://pkg.go.dev/go.mongodb.org/mongo](https://pkg.go.dev/go.mongodb.org/mongo)<br>[https://platform.devtest.ringcentral.com/restapi/oauth/authorize](https://platform.devtest.ringcentral.com/restapi/oauth/authorize)<br>[https://platform.segmentapis.com/v1beta/workspaceshttps](https://platform.segmentapis.com/v1beta/workspaceshttps)<br>[https://plugin.api.dronahq.com/users/](https://plugin.api.dronahq.com/users/)<br>[https://poloniex.com/tradingApihttps](https://poloniex.com/tradingApihttps)<br>[https://powrbot.com/api/v1/search/single/](https://powrbot.com/api/v1/search/single/)<br>[https://protobuf.dev/reference/go/faq](https://protobuf.dev/reference/go/faq)<br>[https://ps.pndsn.com/signal/https](https://ps.pndsn.com/signal/https)<br>[https://ps.pndsn.com/v2/objects/https](https://ps.pndsn.com/v2/objects/https)<br>[https://push.databox.com](https://push.databox.com)<br>[https://registry.npmjs.org/](https://registry.npmjs.org/)<br>[https://rendyplayground.simvoly.com/api/site/members](https://rendyplayground.simvoly.com/api/site/members)<br>[https://rest.clicksend.com/v3/accounthttps](https://rest.clicksend.com/v3/accounthttps)<br>[https://rest.coinapi.io/v1/exchangeshttps](https://rest.coinapi.io/v1/exchangeshttps)<br>[https://rest.messagebird.com/messageshttps](https://rest.messagebird.com/messageshttps)<br>[https://rest.nexmo.com/account/get](https://rest.nexmo.com/account/get)<br>[https://rest.textmagic.com/api/v2/userhttps](https://rest.textmagic.com/api/v2/userhttps)<br>[https://restpack.io/api/html2pdf/usagehttps](https://restpack.io/api/html2pdf/usagehttps)<br>[https://restpack.io/api/screenshot/usagehttps](https://restpack.io/api/screenshot/usagehttps)<br>[https://rubygems.org/api/v1/gems.jsonerror](https://rubygems.org/api/v1/gems.jsonerror)<br>[https://run.salesblink.io/api/public/listshttps](https://run.salesblink.io/api/public/listshttps)<br>[https://runrun.it/api/v1.0/users](https://runrun.it/api/v1.0/users)<br>[https://salescookie.com/app/Api/CreateTransaction](https://salescookie.com/app/Api/CreateTransaction)<br>[https://sandbox.impala.travel/v1/bookings](https://sandbox.impala.travel/v1/bookings)<br>[https://scrutinizer](https://scrutinizer)<br>[https://search.censys.io/api/v1/accounthttps](https://search.censys.io/api/v1/accounthttps)<br>[https://selectpdf.com/api2/convert/](https://selectpdf.com/api2/convert/)<br>[https://sentry.io/api/0/projects/https](https://sentry.io/api/0/projects/https)<br>[https://service.zipapi.us/zipcode/90210/](https://service.zipapi.us/zipcode/90210/)<br>[https://servicebus.azure.net/https](https://servicebus.azure.net/https)<br>[https://servicebus.chinacloudapi.cn/https](https://servicebus.chinacloudapi.cn/https)<br>[https://servicebus.cloudapi.de/https](https://servicebus.cloudapi.de/https)<br>[https://servicebus.usgovcloudapi.net/https](https://servicebus.usgovcloudapi.net/https)<br>[https://servicebus.windows.net/https](https://servicebus.windows.net/https)<br>[https://services.reachmail.net/administration/users/current](https://services.reachmail.net/administration/users/current)<br>[https://shot.screenshotapi.net/screenshot](https://shot.screenshotapi.net/screenshot)<br>[https://simfin.com/api/v2/companies/list](https://simfin.com/api/v2/companies/list)<br>[https://slack.com/api/auth.testCreateCustomerCard](https://slack.com/api/auth.testCreateCustomerCard)<br>[https://sms.8x8.com/api/v1/subaccounts/](https://sms.8x8.com/api/v1/subaccounts/)<br>[https://sms.api.sinch.com/xms/v1/https](https://sms.api.sinch.com/xms/v1/https)<br>[https://snyk.io/api/v1/user/mefailed](https://snyk.io/api/v1/user/mefailed)<br>[https://soccer.sportmonks.com/api/v2.0/leagues](https://soccer.sportmonks.com/api/v2.0/leagues)<br>[https://sourcegraph.com/.api/graphql](https://sourcegraph.com/.api/graphql)<br>[https://sslmate.com/api/v2/certs/example.com](https://sslmate.com/api/v2/certs/example.com)<br>[https://staging.cloud](https://staging.cloud)<br>[https://statuspal.io/api/v1/status_pages/secretscanner/subscriptionshttps](https://statuspal.io/api/v1/status_pages/secretscanner/subscriptionshttps)<br>[https://storage.UNIVERSE_DOMAIN/storage/v1/gccl](https://storage.UNIVERSE_DOMAIN/storage/v1/gccl)<br>[https://storage.azure.com/database.usgovcloudapi.netcloudapp.usgovcloudapi.nethttps](https://storage.azure.com/database.usgovcloudapi.netcloudapp.usgovcloudapi.nethttps)<br>[https://storage.googleapis.com/storage/v1/b/](https://storage.googleapis.com/storage/v1/b/)<br>[https://storage.mtls.googleapis.com/storage/v1/storage](https://storage.mtls.googleapis.com/storage/v1/storage)<br>[https://stripo.email/emailgeneration/v1/emails](https://stripo.email/emailgeneration/v1/emails)<br>[https://sts.UNIVERSE_DOMAIN/v1/tokenurn](https://sts.UNIVERSE_DOMAIN/v1/tokenurn)<br>[https://sts.amazonaws.com/](https://sts.amazonaws.com/)<br>[https://sts.amazonaws.comnot](https://sts.amazonaws.comnot)<br>[https://technical](https://technical)<br>[https://test.api.amadeus.com/v1/security/oauth2/tokenhttps](https://test.api.amadeus.com/v1/security/oauth2/tokenhttps)<br>[https://timezoneapi.io/api/ip/](https://timezoneapi.io/api/ip/)<br>[https://track.customer.io/api/v1/customers/5/eventshttps](https://track.customer.io/api/v1/customers/5/eventshttps)<br>[https://trackapi.nutritionix.com/v2/natural/nutrients](https://trackapi.nutritionix.com/v2/natural/nutrients)<br>[https://trading.robinhood.com/https](https://trading.robinhood.com/https)<br>[https://transit.walkscore.com/transit/search/stops/](https://transit.walkscore.com/transit/search/stops/)<br>[https://trk.mtrl.me/categoryunexpected](https://trk.mtrl.me/categoryunexpected)<br>[https://trufflesecurity.com/canariesDefaultEndpointsProtocol=https](https://trufflesecurity.com/canariesDefaultEndpointsProtocol=https)<br>[https://trufflesecurity.com/canariesGetGeoAPI](https://trufflesecurity.com/canariesGetGeoAPI)<br>[https://trufflesecurity.com/contacted25519](https://trufflesecurity.com/contacted25519)<br>[https://trufflesecurity.com/trufflehogmax](https://trufflesecurity.com/trufflehogmax)<br>[https://typetalk.com/oauth2/access_token](https://typetalk.com/oauth2/access_token)<br>[https://unify.apideck.com/vault/consumerscouldn](https://unify.apideck.com/vault/consumerscouldn)<br>[https://upload.pypi.org/legacy/](https://upload.pypi.org/legacy/)<br>[https://uploads.github.com//dependency](https://uploads.github.com//dependency)<br>[https://uptime.betterstack.com/api/v2/monitorshttps](https://uptime.betterstack.com/api/v2/monitorshttps)<br>[https://urlscan.io/user/quotashttps](https://urlscan.io/user/quotashttps)<br>[https://us.qubole.com/api/v1.2/accounthttps](https://us.qubole.com/api/v1.2/accounthttps)<br>[https://us1.locationiq.com/v1/reverse.php](https://us1.locationiq.com/v1/reverse.php)<br>[https://v2.convertapi.com/user](https://v2.convertapi.com/user)<br>[https://v3.api.hypertrack.com/trips/expected](https://v3.api.hypertrack.com/trips/expected)<br>[https://v6.exchangerate](https://v6.exchangerate)<br>[https://vault.azure.cn/vault.microsoftazure.denot](https://vault.azure.cn/vault.microsoftazure.denot)<br>[https://vault.azure.cnazuretrafficmanager.deservicebus.cloudapi.deAZUREUSGOVERNMENTCLOUDAZURE_GO_SDK_LOG_LEVELnot](https://vault.azure.cnazuretrafficmanager.deservicebus.cloudapi.deAZUREUSGOVERNMENTCLOUDAZURE_GO_SDK_LOG_LEVELnot)<br>[https://vault.azure.net/mysql.database.azure.comhttps](https://vault.azure.net/mysql.database.azure.comhttps)<br>[https://vault.azure.netusgovtrafficmanager.netvault.usgovcloudapi.nethttps](https://vault.azure.netusgovtrafficmanager.netvault.usgovcloudapi.nethttps)<br>[https://vault.microsoftazure.de/specific](https://vault.microsoftazure.de/specific)<br>[https://vault.microsoftazure.dedata](https://vault.microsoftazure.dedata)<br>[https://vault.usgovcloudapi.net/mysql.database.usgovcloudapi.nethttp](https://vault.usgovcloudapi.net/mysql.database.usgovcloudapi.nethttp)<br>[https://vault.usgovcloudapi.nethttps](https://vault.usgovcloudapi.nethttps)<br>[https://verifier.meetchopra.com/verify/](https://verifier.meetchopra.com/verify/)<br>[https://verify.twilio.com/v2/Servicesif](https://verify.twilio.com/v2/Servicesif)<br>[https://vpnapi.io/api/8.8.8.8](https://vpnapi.io/api/8.8.8.8)<br>[https://weather.ls.hereapi.com/weather/1.0/report.json](https://weather.ls.hereapi.com/weather/1.0/report.json)<br>[https://weather.visualcrossing.com/VisualCrossingWebServices/rest/services/timeline/LA](https://weather.visualcrossing.com/VisualCrossingWebServices/rest/services/timeline/LA)<br>[https://webexapis.com/v1/access_tokenhttps](https://webexapis.com/v1/access_tokenhttps)<br>[https://ws.detectlanguage.com/0.2/user/statushttps](https://ws.detectlanguage.com/0.2/user/statushttps)<br>[https://www.World](https://www.World)<br>[https://www.apilayer.net/api/validate](https://www.apilayer.net/api/validate)<br>[https://www.apimatic.io/api/code](https://www.apimatic.io/api/code)<br>[https://www.appsynergy.com/api](https://www.appsynergy.com/api)<br>[https://www.bitmex.com](https://www.bitmex.com)<br>[https://www.browserstack.com/automate/plan.jsonhttps](https://www.browserstack.com/automate/plan.jsonhttps)<br>[https://www.buddyns.com/api/v2/zone/https](https://www.buddyns.com/api/v2/zone/https)<br>[https://www.bugherd.com/api_v2/projects.jsonhttps](https://www.bugherd.com/api_v2/projects.jsonhttps)<br>[https://www.carboninterface.com/api/v1/estimateshttps](https://www.carboninterface.com/api/v1/estimateshttps)<br>[https://www.clinchpad.com/api/v1/pipelines](https://www.clinchpad.com/api/v1/pipelines)<br>[https://www.diggernaut.com/api/projectshttps](https://www.diggernaut.com/api/projectshttps)<br>[https://www.dnscheck.co/api/v1/groups/https](https://www.dnscheck.co/api/v1/groups/https)<br>[https://www.easy](https://www.easy)<br>[https://www.eventbriteapi.com/v3/users/me/](https://www.eventbriteapi.com/v3/users/me/)<br>[https://www.flickr.com/services/rest/](https://www.flickr.com/services/rest/)<br>[https://www.formbucket.com/v1/profilehttps](https://www.formbucket.com/v1/profilehttps)<br>[https://www.gocanvas.com/apiv2/forms.xml](https://www.gocanvas.com/apiv2/forms.xml)<br>[https://www.googleapis.com/auth/cloud](https://www.googleapis.com/auth/cloud)<br>[https://www.googleapis.com/auth/devstorage.full_controlstorage](https://www.googleapis.com/auth/devstorage.full_controlstorage)<br>[https://www.googleapis.com/auth/devstorage.read_onlywildcards](https://www.googleapis.com/auth/devstorage.read_onlywildcards)<br>[https://www.googleapis.com/auth/devstorage.read_writeB](https://www.googleapis.com/auth/devstorage.read_writeB)<br>[https://www.googleapis.com/auth/devstorage.read_writecredentials](https://www.googleapis.com/auth/devstorage.read_writecredentials)<br>[https://www.googleapis.com/blogger/v3/blogs/2399953](https://www.googleapis.com/blogger/v3/blogs/2399953)<br>[https://www.googleapis.com/oauth2/v3/tokeninfo](https://www.googleapis.com/oauth2/v3/tokeninfo)<br>[https://www.googleapis.com/youtube/v3/channelSections](https://www.googleapis.com/youtube/v3/channelSections)<br>[https://www.happyscribe.com/api/v1/transcriptionshttps](https://www.happyscribe.com/api/v1/transcriptionshttps)<br>[https://www.humanity.com/api/v2/me](https://www.humanity.com/api/v2/me)<br>[https://www.ipqualityscore.com/api/json/account/](https://www.ipqualityscore.com/api/json/account/)<br>[https://www.mapquestapi.com/datamanager/v2/get](https://www.mapquestapi.com/datamanager/v2/get)<br>[https://www.meistertask.com/api/projectsapplication/vnd.moonclerk](https://www.meistertask.com/api/projectsapplication/vnd.moonclerk)<br>[https://www.mindmeister.com/services/rest/oauth2](https://www.mindmeister.com/services/rest/oauth2)<br>[https://www.mongodb.com/supportability/cosmosdb](https://www.mongodb.com/supportability/cosmosdb)<br>[https://www.mongodb.com/supportability/documentdbAzure](https://www.mongodb.com/supportability/documentdbAzure)<br>[https://www.nuget.org/api/v2/packagehttps](https://www.nuget.org/api/v2/packagehttps)<br>[https://www.parsehub.com/api/v2/projects](https://www.parsehub.com/api/v2/projects)<br>[https://www.pivotaltracker.com/services/v5/mehttps](https://www.pivotaltracker.com/services/v5/mehttps)<br>[https://www.planyo.com/rest/](https://www.planyo.com/rest/)<br>[https://www.postman.com/_api/workspace/](https://www.postman.com/_api/workspace/)<br>[https://www.protocols.io/api/v3/session/profilerequest](https://www.protocols.io/api/v3/session/profilerequest)<br>[https://www.recent](https://www.recent)<br>[https://www.strava.com/oauth/tokenhttps](https://www.strava.com/oauth/tokenhttps)<br>[https://www.streak.com/api/v1/pipelineshttps](https://www.streak.com/api/v1/pipelineshttps)<br>[https://www.tefter.io/api/bookmarks](https://www.tefter.io/api/bookmarks)<br>[https://www.versioneye.com/api/v1/scanshttps](https://www.versioneye.com/api/v1/scanshttps)<br>[https://www.virustotal.com/api/v3/metadatahttps](https://www.virustotal.com/api/v3/metadatahttps)<br>[https://www.worldcoinindex.com/apiservice/ticker](https://www.worldcoinindex.com/apiservice/ticker)<br>[https://www.zipcodeapi.com/rest/](https://www.zipcodeapi.com/rest/)<br>[https://yourdomain.com/samplecallback](https://yourdomain.com/samplecallback)<br>[https://yourwebsite.com/callbacks_handler/BuddyNS](https://yourwebsite.com/callbacks_handler/BuddyNS) |
 | LOW | [c2/tool_transfer/arch](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/tool_transfer/arch.yara#arch_ref) | references a specific architecture | [AMD64](https://github.com/search?q=AMD64&type=code)<br>[amd64](https://github.com/search?q=amd64&type=code)<br>[arm64](https://github.com/search?q=arm64&type=code)<br>[http://](http://)<br>[https://](https://)<br>[x86_64](https://github.com/search?q=x86_64&type=code) |
 | LOW | [collect/code/github_api](https://github.com/chainguard-dev/malcontent/blob/main/rules/collect/code/github_api.yara#github_api_user) | access GitHub API | [api.github.com](https://github.com/search?q=api.github.com&type=code)<br>[google/go-github](https://github.com/search?q=google%2Fgo-github&type=code) |
 | LOW | [credential/password](https://github.com/chainguard-dev/malcontent/blob/main/rules/credential/password/password.yara#password) | references a 'password' | [- pairs with password](https://github.com/search?q=-+pairs+with+password&type=code)<br>[AllowCleartextPasswords](https://github.com/search?q=AllowCleartextPasswords&type=code)<br>[AllowEmptyPassword](https://github.com/search?q=AllowEmptyPassword&type=code)<br>[AllowNativePasswords](https://github.com/search?q=AllowNativePasswords&type=code)<br>[AllowOldPasswords](https://github.com/search?q=AllowOldPasswords&type=code)<br>[Attribute SyntaxPassword must be changed](https://github.com/search?q=Attribute+SyntaxPassword+must+be+changed&type=code)<br>[CertificatePasswordvprotobuf](https://github.com/search?q=CertificatePasswordvprotobuf&type=code)<br>[ChangePasswordLength](https://github.com/search?q=ChangePasswordLength&type=code)<br>[ChangePasswordOffset](https://github.com/search?q=ChangePasswordOffset&type=code)<br>[ChangePasswordOptions](https://github.com/search?q=ChangePasswordOptions&type=code)<br>[ControlVChuPasswordMustChange](https://github.com/search?q=ControlVChuPasswordMustChange&type=code)<br>[ControlVChuPasswordWarning](https://github.com/search?q=ControlVChuPasswordWarning&type=code)<br>[Elasticsearch password](https://github.com/search?q=Elasticsearch+password&type=code)<br>[FilePasswordFunc](https://github.com/search?q=FilePasswordFunc&type=code)<br>[GetCertificatePassword](https://github.com/search?q=GetCertificatePassword&type=code)<br>[GetPassword](https://github.com/search?q=GetPassword&type=code)<br>[GetVCSPassword](https://github.com/search?q=GetVCSPassword&type=code)<br>[GetVerifiablePasswordAuthentication](https://github.com/search?q=GetVerifiablePasswordAuthentication&type=code)<br>[KeychainPasswordFunc](https://github.com/search?q=KeychainPasswordFunc&type=code)<br>[NewChangePasswordFunc](https://github.com/search?q=NewChangePasswordFunc&type=code)<br>[NewControlBeheraPasswordPolicy](https://github.com/search?q=NewControlBeheraPasswordPolicy&type=code)<br>[NewReaderWithPassword](https://github.com/search?q=NewReaderWithPassword&type=code)<br>[Pairs with password](https://github.com/search?q=Pairs+with+password&type=code)<br>[PasscodeInPassword](https://github.com/search?q=PasscodeInPassword&type=code)<br>[Password from](https://github.com/search?q=Password+from&type=code)<br>[PasswordAuthenticator](https://github.com/search?q=PasswordAuthenticator&type=code)<br>[PasswordChanged](https://github.com/search?q=PasswordChanged&type=code)<br>[PasswordCredentialsToken](https://github.com/search?q=PasswordCredentialsToken&type=code)<br>[PasswordEprotobuf](https://github.com/search?q=PasswordEprotobuf&type=code)<br>[PasswordHashIterations](https://github.com/search?q=PasswordHashIterations&type=code)<br>[PasswordModify](https://github.com/search?q=PasswordModify&type=code)<br>[PasswordRegexCheck](https://github.com/search?q=PasswordRegexCheck&type=code)<br>[PasswordSet](https://github.com/search?q=PasswordSet&type=code)<br>[SASLprepping password](https://github.com/search?q=SASLprepping+password&type=code)<br>[SecureSettingsPassword](https://github.com/search?q=SecureSettingsPassword&type=code)<br>[allowCleartextPasswords](https://github.com/search?q=allowCleartextPasswords&type=code)<br>[allowOldPasswords](https://github.com/search?q=allowOldPasswords&type=code)<br>[authRequiresPassword](https://github.com/search?q=authRequiresPassword&type=code)<br>[certificatePassword](https://github.com/search?q=certificatePassword&type=code)<br>[certificate_password](https://github.com/search?q=certificate_password&type=code)<br>[change_passwordsecurity](https://github.com/search?q=change_passwordsecurity&type=code)<br>[changepassword](https://github.com/search?q=changepassword&type=code)<br>[dPassword Policy - Behera](https://github.com/search?q=dPassword+Policy+-+Behera&type=code)<br>[empty password](https://github.com/search?q=empty+password&type=code)<br>[encryptPassword](https://github.com/search?q=encryptPassword&type=code)<br>[errEmptyPassword](https://github.com/search?q=errEmptyPassword&type=code)<br>[for ChangePassword](https://github.com/search?q=for+ChangePassword&type=code)<br>[in list of old passwordsldap](https://github.com/search?q=in+list+of+old+passwordsldap&type=code)<br>[incorrect passwordrardecode](https://github.com/search?q=incorrect+passwordrardecode&type=code)<br>[json into Changepassword request](https://github.com/search?q=json+into+Changepassword+request&type=code)<br>[key is not password protectedssh](https://github.com/search?q=key+is+not+password+protectedssh&type=code)<br>[manglePassword](https://github.com/search?q=manglePassword&type=code)<br>[meetsCouchbasePasswordRequirements](https://github.com/search?q=meetsCouchbasePasswordRequirements&type=code)<br>[meetsSnowflakePasswordRequirements](https://github.com/search?q=meetsSnowflakePasswordRequirements&type=code)<br>[mongoPasswordDigest](https://github.com/search?q=mongoPasswordDigest&type=code)<br>[native_passwordinvalid dbname](https://github.com/search?q=native_passwordinvalid+dbname&type=code)<br>[nil ValueWriterpassword must not be set](https://github.com/search?q=nil+ValueWriterpassword+must+not+be+set&type=code)<br>[no username and password are provided](https://github.com/search?q=no+username+and+password+are+provided&type=code)<br>[old_passwordsRepositories to](https://github.com/search?q=old_passwordsRepositories+to&type=code)<br>[parseUserPassword](https://github.com/search?q=parseUserPassword&type=code)<br>[password-store](https://github.com/search?q=password-store&type=code)<br>[passwordFunc](https://github.com/search?q=passwordFunc&type=code)<br>[passwordSet](https://github.com/search?q=passwordSet&type=code)<br>[password_change_date](https://github.com/search?q=password_change_date&type=code)<br>[password_hash](https://github.com/search?q=password_hash&type=code)<br>[passwordattachment](https://github.com/search?q=passwordattachment&type=code)<br>[passwordf](https://github.com/search?q=passwordf&type=code)<br>[passworduser](https://github.com/search?q=passworduser&type=code)<br>[qunexpected password response](https://github.com/search?q=qunexpected+password+response&type=code)<br>[requires old password authentication](https://github.com/search?q=requires+old+password+authentication&type=code)<br>[saltPassword](https://github.com/search?q=saltPassword&type=code)<br>[scrambleOldPassword](https://github.com/search?q=scrambleOldPassword&type=code)<br>[scramblePassword](https://github.com/search?q=scramblePassword&type=code)<br>[secure_settings_password](https://github.com/search?q=secure_settings_password&type=code)<br>[sendEncryptedPassword](https://github.com/search?q=sendEncryptedPassword&type=code)<br>[socksUsernamePassword](https://github.com/search?q=socksUsernamePassword&type=code)<br>[stripPassword](https://github.com/search?q=stripPassword&type=code)<br>[the ChangePassword query execution](https://github.com/search?q=the+ChangePassword+query+execution&type=code)<br>[username AND password](https://github.com/search?q=username+AND+password&type=code)<br>[username or password was specified](https://github.com/search?q=username+or+password+was+specified&type=code)<br>[vcs_password](https://github.com/search?q=vcs_password&type=code)<br>[verifiable_password_authentication](https://github.com/search?q=verifiable_password_authentication&type=code)<br>[winvalid password](https://github.com/search?q=winvalid+password&type=code) |
diff --git a/tests/linux/clean/x11vnc.simple b/tests/linux/clean/x11vnc.simple
new file mode 100644
index 000000000..1252c9643
--- /dev/null
+++ b/tests/linux/clean/x11vnc.simple
@@ -0,0 +1,103 @@
+# linux/clean/x11vnc: medium
+c2/addr/http_dynamic: medium
+c2/addr/ip: medium
+c2/addr/url: low
+c2/client: medium
+c2/refs: medium
+c2/tool_transfer/arch: low
+c2/tool_transfer/os: medium
+credential/os/shadow: medium
+credential/password: low
+credential/ssh/d: medium
+credential/ssl/private_key: low
+crypto/aes: low
+crypto/decrypt: low
+crypto/openssl: medium
+crypto/public_key: low
+crypto/rc4: low
+data/embedded/pem_certificate: low
+data/random/insecure: low
+discover/group/lookup: medium
+discover/network/netstat: medium
+discover/processes/list: medium
+discover/system/hostname: low
+discover/system/platform: low
+discover/user/HOME: low
+discover/user/USER: low
+discover/user/name_get: medium
+evasion/file/location/var_run: medium
+evasion/file/location/x11_unix: medium
+evasion/file/prefix: medium
+exec/conditional/LANG: low
+exec/plugin: low
+exec/program: medium
+exec/program/background: low
+exec/shell/SHELL: low
+exec/shell/TERM: low
+exec/shell/background_sleep: medium
+exec/shell/echo: medium
+exec/shell/exec: medium
+exec/shell/ignore_output: medium
+exec/shell/nohup: medium
+exfil/upload: low
+fs/directory/create: low
+fs/directory/remove: low
+fs/file/delete: medium
+fs/file/delete_forcibly: medium
+fs/file/times_set: medium
+fs/link_read: low
+fs/node_create: low
+fs/path/bin_su: low
+fs/path/etc: low
+fs/path/home: low
+fs/path/home_library: low
+fs/path/tmp: medium
+fs/path/usr_bin: low
+fs/path/usr_local: medium
+fs/path/usr_sbin: low
+fs/path/var: low
+fs/permission/modify: medium
+fs/proc/arbitrary_pid: medium
+fs/proc/pid_fd: medium
+fs/tempfile: low
+impact/remote_access/agent: medium
+impact/remote_access/crypto_listen_socks: medium
+impact/remote_access/heartbeat: medium
+impact/remote_access/kill_rm: medium
+impact/remote_access/pseudo_terminal: medium
+impact/remote_access/reverse_shell: medium
+impact/ui/screensaver: medium
+impact/ui/x11_auth: medium
+impact/ui/xsession: medium
+lateral/scan/tool: medium
+net/http/post: medium
+net/http/request: low
+net/http/server: medium
+net/ip/addr: medium
+net/ip/host_port: medium
+net/ip/icmp: medium
+net/ip/parse: medium
+net/ip/resolve: low
+net/ip/string: medium
+net/proxy/socks5: medium
+net/proxy/tunnel: medium
+net/remote_control/vnc: medium
+net/resolve/hostname: low
+net/resolve/hostport_parse: low
+net/socket/filter: medium
+net/socket/listen: medium
+net/socket/local_addr: low
+net/socket/peer_address: low
+net/socket/receive: low
+net/socket/reuseport: medium
+net/socket/send: low
+net/tcp/ssh: medium
+net/url/embedded: low
+persist/daemon: medium
+privesc/setuid: low
+process/chdir: low
+process/executable_path: low
+process/groupid_set: low
+process/terminate/kill_multiple: medium
+sus/exclamation: medium
+sus/malicious: medium
diff --git a/tests/linux/synthetic/cnc-dns-over-https.aarch64.simple b/tests/linux/synthetic/cnc-dns-over-https.aarch64.simple
new file mode 100644
index 000000000..521354516
--- /dev/null
+++ b/tests/linux/synthetic/cnc-dns-over-https.aarch64.simple
@@ -0,0 +1,71 @@
+# linux/synthetic/cnc-dns-over-https.aarch64: high
+c2/addr/ip: high
+c2/addr/url: low
+c2/discovery/ip_dns_resolver: medium
+c2/tool_transfer/arch: low
+c2/tool_transfer/os: low
+collect/archives/zip: medium
+credential/keylogger: medium
+credential/password: low
+credential/ssl/private_key: low
+crypto/aes: low
+crypto/cipher: medium
+crypto/decrypt: low
+crypto/ecdsa: low
+crypto/ed25519: low
+crypto/encrypt: medium
+crypto/public_key: low
+crypto/tls: low
+data/compression/gzip: low
+data/encoding/base64: low
+data/encoding/json: low
+data/encoding/json_decode: low
+data/hash/md5: low
+discover/system/cpu: low
+discover/system/hostname: low
+discover/system/platform: low
+exec/plugin: low
+exec/program: medium
+fs/directory/list: low
+fs/file/open: low
+fs/file/read: low
+fs/link_read: low
+fs/path/etc: low
+fs/path/etc_hosts: medium
+fs/path/etc_resolv.conf: low
+fs/path/home: low
+fs/path/relative: medium
+fs/permission/chown: medium
+fs/permission/modify: medium
+fs/tempfile: low
+net/dns: low
+net/dns/over_https: medium
+net/dns/servers: low
+net/dns/txt: low
+net/http/2: low
+net/http/accept: medium
+net/http/accept_encoding: low
+net/http/auth: low
+net/http/content_length: medium
+net/http/cookies: medium
+net/http/post: medium
+net/http/proxy: low
+net/http/request: low
+net/ip/host_port: medium
+net/ip/parse: medium
+net/resolve/hostname: low
+net/socket/listen: medium
+net/socket/local_addr: low
+net/socket/peer_address: low
+net/socket/receive: low
+net/socket/send: low
+net/tcp/connect: medium
+net/udp/receive: low
+net/udp/send: low
+net/url/embedded: low
+net/url/encode: medium
+net/url/parse: low
+net/url/request: medium
+os/fd/sendfile: low
+os/kernel/netlink: low
+process/chdir: low
diff --git a/tests/npm/2024.depe-tool/package.json.simple b/tests/npm/2024.depe-tool/package.json.simple
new file mode 100644
index 000000000..a085d698a
--- /dev/null
+++ b/tests/npm/2024.depe-tool/package.json.simple
@@ -0,0 +1,5 @@
+# npm/2024.depe-tool/package.json: critical
+data/encoding/json_decode: low
+exec/cmd/npm_preinstall: high
+exec/remote_commands/code_eval: critical
+fs/file/read: low
diff --git a/tests/npm/2024.depe-tool/preinstall.json.simple b/tests/npm/2024.depe-tool/preinstall.json.simple
new file mode 100644
index 000000000..e69de29bb
diff --git a/tests/php/2024.malcure/simple.php.simple b/tests/php/2024.malcure/simple.php.simple
index 599ab6bf5..b3ee01953 100644
--- a/tests/php/2024.malcure/simple.php.simple
+++ b/tests/php/2024.malcure/simple.php.simple
@@ -4,5 +4,6 @@
 data/base64/decode: medium
 data/encoding/base64: low
 exec/remote_commands/code_eval: high
+impact/remote_access/backdoor: medium
 impact/remote_access/remote_eval: critical
 net/url/embedded: low
diff --git a/tests/python/2024.coloredtxt/base64_payload3.py.simple b/tests/python/2024.coloredtxt/base64_payload3.py.simple
index 0c2179029..3a290cc7c 100644
--- a/tests/python/2024.coloredtxt/base64_payload3.py.simple
+++ b/tests/python/2024.coloredtxt/base64_payload3.py.simple
@@ -1,6 +1,5 @@
 # python/2024.coloredtxt/base64_payload3.py: critical
 c2/addr/url: high
-c2/tool_transfer/python: high
 data/base64/decode: medium
 data/encoding/base64: low
 discover/system/platform: medium
diff --git a/tests/python/2024.obfuscation/066ebdd750911c0209f31499ffe672ff29c3ea4ec1c660f441729efdb7f2d5a4.py.simple b/tests/python/2024.obfuscation/066ebdd750911c0209f31499ffe672ff29c3ea4ec1c660f441729efdb7f2d5a4.py.simple
index 778afeb6a..47c2d996e 100644
--- a/tests/python/2024.obfuscation/066ebdd750911c0209f31499ffe672ff29c3ea4ec1c660f441729efdb7f2d5a4.py.simple
+++ b/tests/python/2024.obfuscation/066ebdd750911c0209f31499ffe672ff29c3ea4ec1c660f441729efdb7f2d5a4.py.simple
@@ -1,4 +1,3 @@
 # python/2024.obfuscation/066ebdd750911c0209f31499ffe672ff29c3ea4ec1c660f441729efdb7f2d5a4.py: critical
 anti-static/obfuscation/hex: medium
-anti-static/obfuscation/python: low
 anti-static/packer/py_kramer: critical
diff --git a/tests/python/clean/versioneer/versioneer.py.simple b/tests/python/clean/versioneer/versioneer.py.simple
index d36e3bdd7..08ebb2614 100644
--- a/tests/python/clean/versioneer/versioneer.py.simple
+++ b/tests/python/clean/versioneer/versioneer.py.simple
@@ -1,10 +1,9 @@
-# python/clean/versioneer/versioneer.py: high
+# python/clean/versioneer/versioneer.py: medium
 anti-static/base64/eval: medium
 data/base64/decode: medium
 data/embedded/base64_terms: medium
 data/embedded/base64_url: medium
 data/encoding/base64: low
-exec/remote_commands/code_eval: high
 fs/file/open: low
 fs/path/usr_bin: low
 os/fd/write: low
diff --git a/tests/ruby/clean/homebrew/homebrew_no_overrides_spec.rb.simple b/tests/ruby/clean/homebrew/homebrew_no_overrides_spec.rb.simple
new file mode 100644
index 000000000..a649555c6
--- /dev/null
+++ b/tests/ruby/clean/homebrew/homebrew_no_overrides_spec.rb.simple
@@ -0,0 +1,4 @@
+# ruby/clean/homebrew/homebrew_no_overrides_spec.rb: low
+c2/tool_transfer/arch: low
+c2/tool_transfer/os: low
+net/url/embedded: low
diff --git a/tests/ruby/clean/homebrew/homebrew_test.pdf.simple b/tests/ruby/clean/homebrew/homebrew_test.pdf.simple
new file mode 100644
index 000000000..e69de29bb
diff --git a/tests/samples_test.go b/tests/samples_test.go
index eb6b09dbb..237537285 100644
--- a/tests/samples_test.go
+++ b/tests/samples_test.go
@@ -125,6 +125,15 @@ func TestJSON(t *testing.T) {
 			if diff := cmp.Diff(want, got); diff != "" {
 				t.Errorf("json output mismatch: (-want +got):\n%s", diff)
 			}
+
+			res.Files.Range(func(_, value any) bool {
+				if r, ok := value.(*malcontent.FileReport); ok {
+					if strings.Contains(binPath, "/clean/") && r.RiskScore > 2 {
+						t.Errorf("%s score too high for a 'clean' sample: %s [%d]:\n%s", binPath, r.RiskLevel, r.RiskScore, got)
+					}
+				}
+				return true
+			})
 		})
 		return nil
 	})
@@ -195,6 +204,16 @@ func TestSimple(t *testing.T) {
 			if diff := cmp.Diff(want, got); diff != "" {
 				t.Errorf("Simple output mismatch: (-want +got):\n%s", diff)
 			}
+
+			// Eeek. We shouldn't be returning such an awkward object in a public interface
+			res.Files.Range(func(_, value any) bool {
+				if r, ok := value.(*malcontent.FileReport); ok {
+					if strings.Contains(binPath, "/clean/") && r.RiskScore > 2 {
+						t.Errorf("%s score too high for a 'clean' sample: %s [%d]:\n%s", binPath, r.RiskLevel, r.RiskScore, got)
+					}
+				}
+				return true
+			})
 		})
 		return nil
 	})
@@ -501,6 +520,15 @@ func TestMarkdown(t *testing.T) {
 			if diff := cmp.Diff(want, got); diff != "" {
 				t.Errorf("markdown output mismatch: (-want +got):\n%s", diff)
 			}
+
+			res.Files.Range(func(_, value any) bool {
+				if r, ok := value.(*malcontent.FileReport); ok {
+					if strings.Contains(binPath, "/clean/") && r.RiskScore > 2 {
+						t.Errorf("%s score too high for a 'clean' sample: %s [%d]:\n%s", binPath, r.RiskLevel, r.RiskScore, got)
+					}
+				}
+				return true
+			})
 		})
 		return nil
 	})
diff --git a/tests/windows/clean/make-win.ps1.simple b/tests/windows/clean/make-win.ps1.simple
index ee1f4d435..c673d9746 100644
--- a/tests/windows/clean/make-win.ps1.simple
+++ b/tests/windows/clean/make-win.ps1.simple
@@ -1,5 +1,5 @@
-# windows/clean/make-win.ps1: high
-3P/InQuest-VT/base64_powershell_directives: high
+# windows/clean/make-win.ps1: medium
+3P/InQuest-VT/base64_powershell_directives: medium
 data/base64/decode: medium
 data/embedded/base64_terms: medium
 exec/shell/pipe_sh: medium