Use a different vulnerability as it turns out the previous used one was a proxy scanning false positive