Modsec CRS4 Audit Logs (second try)

---Qa6rO5fQ---A--
[01/Apr/2024:09:30:38 -0500] 171198183845.393352 108.231.125.253 54054 10.10.10.2 443
---Qa6rO5fQ---B--
GET /wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---Qa6rO5fQ---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---Qa6rO5fQ---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:38 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---Qa6rO5fQ---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198183845.393352"] [ref "o0,2v741,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198183845.393352"] [ref ""]

---Qa6rO5fQ---J--

---Qa6rO5fQ---K--

---Qa6rO5fQ---Z--

---PscekrQt---A--
[01/Apr/2024:09:30:38 -0500] 171198183814.412138 108.231.125.253 54054 10.10.10.2 443
---PscekrQt---B--
GET /wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---PscekrQt---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---PscekrQt---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:38 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---PscekrQt---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198183814.412138"] [ref "o0,2v774,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198183814.412138"] [ref ""]

---PscekrQt---J--

---PscekrQt---K--

---PscekrQt---Z--

---j3mimgln---A--
[01/Apr/2024:09:30:38 -0500] 171198183894.489757 108.231.125.253 54054 10.10.10.2 443
---j3mimgln---B--
GET /wp-content/plugins/newsletter-manager/images/close.png HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---j3mimgln---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---j3mimgln---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:38 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---j3mimgln---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/newsletter-manager/images/close.png"] [unique_id "171198183894.489757"] [ref "o0,2v728,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/newsletter-manager/images/close.png"] [unique_id "171198183894.489757"] [ref ""]

---j3mimgln---J--

---j3mimgln---K--

---j3mimgln---Z--

---BXliNKtn---A--
[01/Apr/2024:09:30:38 -0500] 171198183879.882769 108.231.125.253 54054 10.10.10.2 443
---BXliNKtn---B--
GET /wp-content/plugins/contact-form-manager/images/arrow-refresh.png HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---BXliNKtn---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---BXliNKtn---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:38 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---BXliNKtn---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/contact-form-manager/images/arrow-refresh.png"] [unique_id "171198183879.882769"] [ref "o0,2v738,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/contact-form-manager/images/arrow-refresh.png"] [unique_id "171198183879.882769"] [ref ""]

---BXliNKtn---J--

---BXliNKtn---K--

---BXliNKtn---Z--

---uzcJ2HjP---A--
[01/Apr/2024:09:30:38 -0500] 171198183815.515456 108.231.125.253 54054 10.10.10.2 443
---uzcJ2HjP---B--
GET /wp-content/themes/h-code/assets/images/icon-zoom-white.png HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---uzcJ2HjP---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---uzcJ2HjP---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:38 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---uzcJ2HjP---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/themes/h-code/assets/images/icon-zoom-white.png"] [unique_id "171198183815.515456"] [ref "o0,2v732,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/themes/h-code/assets/images/icon-zoom-white.png"] [unique_id "171198183815.515456"] [ref ""]

---uzcJ2HjP---J--

---uzcJ2HjP---K--

---uzcJ2HjP---Z--

---7L4pBSiu---A--
[01/Apr/2024:09:30:38 -0500] 171198183866.254892 108.231.125.253 54054 10.10.10.2 443
---7L4pBSiu---B--
GET /wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---7L4pBSiu---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---7L4pBSiu---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:38 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---7L4pBSiu---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198183866.254892"] [ref "o0,2v738,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198183866.254892"] [ref ""]

---7L4pBSiu---J--

---7L4pBSiu---K--

---7L4pBSiu---Z--

---TSaD6J0H---A--
[01/Apr/2024:09:30:38 -0500] 171198183880.063040 108.231.125.253 54054 10.10.10.2 443
---TSaD6J0H---B--
GET /wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---TSaD6J0H---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---TSaD6J0H---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:38 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---TSaD6J0H---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198183880.063040"] [ref "o0,2v741,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198183880.063040"] [ref ""]

---TSaD6J0H---J--

---TSaD6J0H---K--

---TSaD6J0H---Z--

---olz96txy---A--
[01/Apr/2024:09:30:39 -0500] 171198183965.096407 108.231.125.253 54054 10.10.10.2 443
---olz96txy---B--
GET /wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---olz96txy---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---olz96txy---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:39 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---olz96txy---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198183965.096407"] [ref "o0,2v746,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198183965.096407"] [ref ""]

---olz96txy---J--

---olz96txy---K--

---olz96txy---Z--

---qXHtpyIu---A--
[01/Apr/2024:09:30:39 -0500] 171198183993.733166 108.231.125.253 54054 10.10.10.2 443
---qXHtpyIu---B--
GET /wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---qXHtpyIu---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---qXHtpyIu---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:39 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---qXHtpyIu---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "171198183993.733166"] [ref "o0,2v783,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "171198183993.733166"] [ref ""]

---qXHtpyIu---J--

---qXHtpyIu---K--

---qXHtpyIu---Z--

---KKkTkSLE---A--
[01/Apr/2024:09:30:39 -0500] 171198183937.445822 108.231.125.253 54054 10.10.10.2 443
---KKkTkSLE---B--
GET /wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---KKkTkSLE---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---KKkTkSLE---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:39 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---KKkTkSLE---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp"] [unique_id "171198183937.445822"] [ref "o0,2v784,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp"] [unique_id "171198183937.445822"] [ref ""]

---KKkTkSLE---J--

---KKkTkSLE---K--

---KKkTkSLE---Z--

---vuRzBQH0---A--
[01/Apr/2024:09:30:39 -0500] 171198183927.467682 108.231.125.253 54054 10.10.10.2 443
---vuRzBQH0---B--
GET /wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---vuRzBQH0---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---vuRzBQH0---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:39 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---vuRzBQH0---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp"] [unique_id "171198183927.467682"] [ref "o0,2v783,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp"] [unique_id "171198183927.467682"] [ref ""]

---vuRzBQH0---J--

---vuRzBQH0---K--

---vuRzBQH0---Z--

---BG9F74Cy---A--
[01/Apr/2024:09:30:39 -0500] 171198183921.426360 108.231.125.253 54054 10.10.10.2 443
---BG9F74Cy---B--
GET /wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---BG9F74Cy---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---BG9F74Cy---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:39 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---BG9F74Cy---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198183921.426360"] [ref "o0,2v741,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198183921.426360"] [ref ""]

---BG9F74Cy---J--

---BG9F74Cy---K--

---BG9F74Cy---Z--

---cTpPQ5Jk---A--
[01/Apr/2024:09:30:39 -0500] 171198183918.963896 108.231.125.253 54054 10.10.10.2 443
---cTpPQ5Jk---B--
GET /wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---cTpPQ5Jk---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---cTpPQ5Jk---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:39 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---cTpPQ5Jk---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198183918.963896"] [ref "o0,2v774,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198183918.963896"] [ref ""]

---cTpPQ5Jk---J--

---cTpPQ5Jk---K--

---cTpPQ5Jk---Z--

---O1B8UWMN---A--
[01/Apr/2024:09:30:39 -0500] 171198183927.874291 108.231.125.253 54054 10.10.10.2 443
---O1B8UWMN---B--
GET /wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---O1B8UWMN---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---O1B8UWMN---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:39 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---O1B8UWMN---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198183927.874291"] [ref "o0,2v738,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198183927.874291"] [ref ""]

---O1B8UWMN---J--

---O1B8UWMN---K--

---O1B8UWMN---Z--

---QmKcCbaL---A--
[01/Apr/2024:09:30:39 -0500] 171198183989.477521 108.231.125.253 54054 10.10.10.2 443
---QmKcCbaL---B--
GET /wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---QmKcCbaL---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---QmKcCbaL---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:39 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---QmKcCbaL---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198183989.477521"] [ref "o0,2v746,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198183989.477521"] [ref ""]

---QmKcCbaL---J--

---QmKcCbaL---K--

---QmKcCbaL---Z--

---qjbvmlrO---A--
[01/Apr/2024:09:30:40 -0500] 17119818402.544401 108.231.125.253 54054 10.10.10.2 443
---qjbvmlrO---B--
GET /wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---qjbvmlrO---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---qjbvmlrO---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:40 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---qjbvmlrO---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "17119818402.544401"] [ref "o0,2v783,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "17119818402.544401"] [ref ""]

---qjbvmlrO---J--

---qjbvmlrO---K--

---qjbvmlrO---Z--

---Eglck4M8---A--
[01/Apr/2024:09:30:40 -0500] 171198184064.539410 108.231.125.253 54054 10.10.10.2 443
---Eglck4M8---B--
GET /wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---Eglck4M8---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---Eglck4M8---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:40 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---Eglck4M8---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp"] [unique_id "171198184064.539410"] [ref "o0,2v784,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp"] [unique_id "171198184064.539410"] [ref ""]

---Eglck4M8---J--

---Eglck4M8---K--

---Eglck4M8---Z--

---6VGY2btQ---A--
[01/Apr/2024:09:30:40 -0500] 171198184025.637527 108.231.125.253 54054 10.10.10.2 443
---6VGY2btQ---B--
GET /wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---6VGY2btQ---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---6VGY2btQ---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:40 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---6VGY2btQ---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp"] [unique_id "171198184025.637527"] [ref "o0,2v783,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp"] [unique_id "171198184025.637527"] [ref ""]

---6VGY2btQ---J--

---6VGY2btQ---K--

---6VGY2btQ---Z--

---ND0ZnYud---A--
[01/Apr/2024:09:30:40 -0500] 171198184073.200713 108.231.125.253 54054 10.10.10.2 443
---ND0ZnYud---B--
GET /wp-content/themes/h-code/assets/images/icon-zoom-white.png HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---ND0ZnYud---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---ND0ZnYud---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:40 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---ND0ZnYud---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/themes/h-code/assets/images/icon-zoom-white.png"] [unique_id "171198184073.200713"] [ref "o0,2v732,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/themes/h-code/assets/images/icon-zoom-white.png"] [unique_id "171198184073.200713"] [ref ""]

---ND0ZnYud---J--

---ND0ZnYud---K--

---ND0ZnYud---Z--

---GTY2EQQR---A--
[01/Apr/2024:09:30:40 -0500] 171198184036.978040 108.231.125.253 54054 10.10.10.2 443
---GTY2EQQR---B--
GET /wp-content/uploads/2023/08/img_4584-825x510.jpg HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---GTY2EQQR---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---GTY2EQQR---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:40 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---GTY2EQQR---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4584-825x510.jpg"] [unique_id "171198184036.978040"] [ref "o0,2v721,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4584-825x510.jpg"] [unique_id "171198184036.978040"] [ref ""]

---GTY2EQQR---J--

---GTY2EQQR---K--

---GTY2EQQR---Z--

---4B3mDOuH---A--
[01/Apr/2024:09:30:40 -0500] 171198184035.175363 108.231.125.253 54054 10.10.10.2 443
---4B3mDOuH---B--
GET /wp-content/uploads/2023/08/img_4626-825x510.jpg HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---4B3mDOuH---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---4B3mDOuH---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:40 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---4B3mDOuH---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4626-825x510.jpg"] [unique_id "171198184035.175363"] [ref "o0,2v721,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4626-825x510.jpg"] [unique_id "171198184035.175363"] [ref ""]

---4B3mDOuH---J--

---4B3mDOuH---K--

---4B3mDOuH---Z--

---t9ntkeI5---A--
[01/Apr/2024:09:30:40 -0500] 171198184057.282076 108.231.125.253 54054 10.10.10.2 443
---t9ntkeI5---B--
GET /wp-content/uploads/2023/08/img_4495-825x510.jpg HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---t9ntkeI5---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---t9ntkeI5---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:40 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---t9ntkeI5---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4495-825x510.jpg"] [unique_id "171198184057.282076"] [ref "o0,2v721,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4495-825x510.jpg"] [unique_id "171198184057.282076"] [ref ""]

---t9ntkeI5---J--

---t9ntkeI5---K--

---t9ntkeI5---Z--

---sGcfpUG5---A--
[01/Apr/2024:09:30:42 -0500] 171198184250.112249 108.231.125.253 54054 10.10.10.2 443
---sGcfpUG5---B--
GET /wp-content/plugins/contact-form-manager/captcha/random.php?formName=1&formId=_1 HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: iframe
sec-fetch-mode: navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---sGcfpUG5---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---sGcfpUG5---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:42 GMT
Content-Type: text/html
X-Content-Type-Options: nosniff
Connection: close
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Encoding: br
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Referrer-Policy: no-referrer-when-downgrade
x-frame-options: SAMEORIGIN

---sGcfpUG5---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/contact-form-manager/captcha/random.php"] [unique_id "171198184250.112249"] [ref "o0,2v694,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/contact-form-manager/captcha/random.php"] [unique_id "171198184250.112249"] [ref ""]

---sGcfpUG5---J--

---sGcfpUG5---K--

---sGcfpUG5---Z--

---ym7AAVbD---A--
[01/Apr/2024:09:30:44 -0500] 171198184495.361272 108.231.125.253 54054 10.10.10.2 443
---ym7AAVbD---B--
GET /wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---ym7AAVbD---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---ym7AAVbD---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:44 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---ym7AAVbD---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198184495.361272"] [ref "o0,2v741,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198184495.361272"] [ref ""]

---ym7AAVbD---J--

---ym7AAVbD---K--

---ym7AAVbD---Z--

---edzrzu7q---A--
[01/Apr/2024:09:30:44 -0500] 171198184471.820517 108.231.125.253 54054 10.10.10.2 443
---edzrzu7q---B--
GET /wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---edzrzu7q---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---edzrzu7q---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:44 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---edzrzu7q---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198184471.820517"] [ref "o0,2v774,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198184471.820517"] [ref ""]

---edzrzu7q---J--

---edzrzu7q---K--

---edzrzu7q---Z--

---1uijX0oP---A--
[01/Apr/2024:09:30:44 -0500] 171198184469.990100 108.231.125.253 54054 10.10.10.2 443
---1uijX0oP---B--
GET /wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---1uijX0oP---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---1uijX0oP---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:44 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---1uijX0oP---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198184469.990100"] [ref "o0,2v738,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198184469.990100"] [ref ""]

---1uijX0oP---J--

---1uijX0oP---K--

---1uijX0oP---Z--

---EO21sG6q---A--
[01/Apr/2024:09:30:44 -0500] 171198184427.848616 108.231.125.253 54054 10.10.10.2 443
---EO21sG6q---B--
GET /wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---EO21sG6q---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---EO21sG6q---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:44 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---EO21sG6q---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198184427.848616"] [ref "o0,2v746,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198184427.848616"] [ref ""]

---EO21sG6q---J--

---EO21sG6q---K--

---EO21sG6q---Z--

---2BzDgaQI---A--
[01/Apr/2024:09:30:45 -0500] 171198184575.937852 108.231.125.253 54054 10.10.10.2 443
---2BzDgaQI---B--
GET /wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---2BzDgaQI---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---2BzDgaQI---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:44 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---2BzDgaQI---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "171198184575.937852"] [ref "o0,2v783,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "171198184575.937852"] [ref ""]

---2BzDgaQI---J--

---2BzDgaQI---K--

---2BzDgaQI---Z--

---BP88HFzI---A--
[01/Apr/2024:09:30:45 -0500] 171198184558.780073 108.231.125.253 54054 10.10.10.2 443
---BP88HFzI---B--
GET /wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---BP88HFzI---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---BP88HFzI---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:44 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---BP88HFzI---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp"] [unique_id "171198184558.780073"] [ref "o0,2v784,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp"] [unique_id "171198184558.780073"] [ref ""]

---BP88HFzI---J--

---BP88HFzI---K--

---BP88HFzI---Z--

---7hzefn1r---A--
[01/Apr/2024:09:30:45 -0500] 171198184572.842638 108.231.125.253 54054 10.10.10.2 443
---7hzefn1r---B--
GET /wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=6d21b19886310670.1711981838.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---7hzefn1r---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---7hzefn1r---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:30:44 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---7hzefn1r---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A30%3A37%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp"] [unique_id "171198184572.842638"] [ref "o0,2v783,97"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp"] [unique_id "171198184572.842638"] [ref ""]

---7hzefn1r---J--

---7hzefn1r---K--

---7hzefn1r---Z--