diff --git a/CVE-2015-2863.yaml b/cves/2015/CVE-2015-2863.yaml
similarity index 59%
rename from CVE-2015-2863.yaml
rename to cves/2015/CVE-2015-2863.yaml
index 76ebce3df4..df0469af47 100644
--- a/CVE-2015-2863.yaml
+++ b/cves/2015/CVE-2015-2863.yaml
@@ -4,7 +4,8 @@ info:
   name: Kaseya Virtual System Administrator - Open Redirect
   author: 0x_Akoko
   severity: low
-  description: Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
+  description: |
+    Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
   reference:
     - https://github.com/pedrib/PoC/blob/3f927b957b86a91ce65b017c4b9c93d05e241592/advisories/Kaseya/kaseya-vsa-vuln.txt
     - https://www.cvedetails.com/cve/CVE-2015-2863
@@ -18,11 +19,12 @@ info:
 requests:
   - method: GET
     path:
-      - '{{BaseURL}}/inc/supportLoad.asp?urlToLoad=http://example.com'
-      - '{{BaseURL}}/vsaPres/Web20/core/LocalProxy.ashx?url=http://example.com'
+      - '{{BaseURL}}/inc/supportLoad.asp?urlToLoad=http://oast.me'
+      - '{{BaseURL}}/vsaPres/Web20/core/LocalProxy.ashx?url=http://oast.me'
 
+    stop-at-first-match: true
     matchers:
       - type: regex
         part: header
         regex:
-          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1