API tools faq
paste
danrancan

Modsec Audit Logs 3rd try for azurit

danrancan
Apr 1st, 2024
102
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 118.38 KB | None | 0 0
raw download clone embed print report
  1. ---LIf9RR3x---A--
  2. [01/Apr/2024:09:44:26 -0500] 171198266689.906562 51.195.91.122 54922 10.10.10.2 443
  3. ---LIf9RR3x---B--
  4. HEAD /wp-json/oembed/1.0/embed?url=https%3A%2F%2Fdanrancan.xyz%2F2021%2F09%2Finstall-mega-nz-apps-from-the-command-line-with-apt-repository-on-your-raspberry-pi-running-ubuntu-or-raspberry-pi-os%2F&format=xml HTTP/1.1
  5. Referer: https://danrancan.xyz/2021/09/install-mega-nz-apps-from-the-command-line-with-apt-repository-on-your-raspberry-pi-running-ubuntu-or-raspberry-pi-os/
  6. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246
  7. Accept: */*
  8. Accept-Encoding: identity
  9. Host: danrancan.xyz
  10. Connection: Keep-Alive
  11.  
  12. ---LIf9RR3x---F--
  13. HTTP/1.1 200
  14. Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
  15. Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
  16. X-XSS-Protection: 1; mode=block
  17. Link: <https://danrancan.xyz/wp-json/>; rel="https://api.w.org/"
  18. Content-Type: application/json; charset=UTF-8
  19. Allow: GET
  20. Connection: keep-alive
  21. X-Content-Type-Options: nosniff
  22. X-Content-Type-Options: nosniff
  23. Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
  24. Date: Mon, 01 Apr 2024 14:44:26 GMT
  25. Access-Control-Allow-Methods: GET, POST, OPTIONS
  26. X-Robots-Tag: noindex
  27. x-frame-options: SAMEORIGIN
  28. Server: nginx
  29. Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
  30. Referrer-Policy: no-referrer-when-downgrade
  31. X-FastCGI-Cache: BYPASS
  32. Permissions-Policy: geolocation=(), autoplay=(), encrypted-media=(), midi=(), usb=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=(self)
  33. X-Permitted-Cross-Domain-Policies: none
  34. Clear-Site-Data: *
  35. Access-Control-Allow-Origin: *
  36.  
  37. ---LIf9RR3x---H--
  38. ModSecurity: Warning. Matched "Operator `Rx' with parameter `((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98`<>]*?){12})' against variable `ARGS:url' (Value: `https://danrancan.xyz/2021/09/install-mega-nz-apps-from-the-command-line-with-apt-repository-on-your (48 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1296"] [id "942430"] [rev ""] [msg "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12)"] [data "Matched Data: ://danrancan.xyz/2021/09/install-mega-nz-apps-from-the-command-line-with-apt-repository- found within ARGS:url: https://danrancan.xyz/2021/09/install-mega-nz-apps-from-the-command-line-w (74 characters omitted)"] [severity "4"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "171198266689.906562"] [ref "o5,88o5,88v35,148t:urlDecodeUni"]
  39.  
  40. ---LIf9RR3x---J--
  41.  
  42. ---LIf9RR3x---K--
  43.  
  44. ---LIf9RR3x---Z--
  45.  
  46. ---O81iTvdS---A--
  47. [01/Apr/2024:09:44:33 -0500] 171198267316.243203 108.231.125.253 54431 10.10.10.2 443
  48. ---O81iTvdS---B--
  49. GET /wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp HTTP/2.0
  50. host: www.mcmo.xyz
  51. sec-fetch-dest: image
  52. sec-fetch-mode: no-cors
  53. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  54. sec-fetch-site: same-origin
  55. accept-language: en-US,en;q=0.9
  56. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  57. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  58. referer: https://www.mcmo.xyz/
  59. accept-encoding: gzip, deflate, br
  60.  
  61. ---O81iTvdS---E--
  62. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  63.  
  64. ---O81iTvdS---F--
  65. HTTP/2.0 403
  66. Server: nginx
  67. Date: Mon, 01 Apr 2024 14:44:33 GMT
  68. Content-Type: text/html
  69. Connection: close
  70. Content-Encoding: br
  71.  
  72. ---O81iTvdS---H--
  73. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198267316.243203"] [ref "o0,2v741,97"]
  74. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198267316.243203"] [ref ""]
  75.  
  76. ---O81iTvdS---J--
  77.  
  78. ---O81iTvdS---K--
  79.  
  80. ---O81iTvdS---Z--
  81.  
  82. ---7Qf9fLr1---A--
  83. [01/Apr/2024:09:44:33 -0500] 171198267379.417107 108.231.125.253 54431 10.10.10.2 443
  84. ---7Qf9fLr1---B--
  85. GET /wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp HTTP/2.0
  86. host: www.mcmo.xyz
  87. sec-fetch-dest: image
  88. sec-fetch-mode: no-cors
  89. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  90. sec-fetch-site: same-origin
  91. accept-language: en-US,en;q=0.9
  92. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  93. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  94. referer: https://www.mcmo.xyz/
  95. accept-encoding: gzip, deflate, br
  96.  
  97. ---7Qf9fLr1---E--
  98. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  99.  
  100. ---7Qf9fLr1---F--
  101. HTTP/2.0 403
  102. Server: nginx
  103. Date: Mon, 01 Apr 2024 14:44:33 GMT
  104. Content-Type: text/html
  105. Connection: close
  106. Content-Encoding: br
  107.  
  108. ---7Qf9fLr1---H--
  109. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198267379.417107"] [ref "o0,2v774,97"]
  110. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198267379.417107"] [ref ""]
  111.  
  112. ---7Qf9fLr1---J--
  113.  
  114. ---7Qf9fLr1---K--
  115.  
  116. ---7Qf9fLr1---Z--
  117.  
  118. ---hR4v8NBl---A--
  119. [01/Apr/2024:09:44:33 -0500] 171198267344.358314 108.231.125.253 54431 10.10.10.2 443
  120. ---hR4v8NBl---B--
  121. GET /wp-content/plugins/newsletter-manager/images/close.png HTTP/2.0
  122. host: www.mcmo.xyz
  123. sec-fetch-dest: image
  124. sec-fetch-mode: no-cors
  125. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  126. sec-fetch-site: same-origin
  127. accept-language: en-US,en;q=0.9
  128. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  129. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  130. referer: https://www.mcmo.xyz/
  131. accept-encoding: gzip, deflate, br
  132.  
  133. ---hR4v8NBl---E--
  134. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  135.  
  136. ---hR4v8NBl---F--
  137. HTTP/2.0 403
  138. Server: nginx
  139. Date: Mon, 01 Apr 2024 14:44:33 GMT
  140. Content-Type: text/html
  141. Connection: close
  142. Content-Encoding: br
  143.  
  144. ---hR4v8NBl---H--
  145. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/newsletter-manager/images/close.png"] [unique_id "171198267344.358314"] [ref "o0,2v728,97"]
  146. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/newsletter-manager/images/close.png"] [unique_id "171198267344.358314"] [ref ""]
  147.  
  148. ---hR4v8NBl---J--
  149.  
  150. ---hR4v8NBl---K--
  151.  
  152. ---hR4v8NBl---Z--
  153.  
  154. ---XaCYXRQu---A--
  155. [01/Apr/2024:09:44:34 -0500] 171198267497.038302 108.231.125.253 54431 10.10.10.2 443
  156. ---XaCYXRQu---B--
  157. GET /wp-content/plugins/contact-form-manager/images/arrow-refresh.png HTTP/2.0
  158. host: www.mcmo.xyz
  159. sec-fetch-dest: image
  160. sec-fetch-mode: no-cors
  161. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  162. sec-fetch-site: same-origin
  163. accept-language: en-US,en;q=0.9
  164. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  165. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  166. referer: https://www.mcmo.xyz/
  167. accept-encoding: gzip, deflate, br
  168.  
  169. ---XaCYXRQu---E--
  170. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  171.  
  172. ---XaCYXRQu---F--
  173. HTTP/2.0 403
  174. Server: nginx
  175. Date: Mon, 01 Apr 2024 14:44:34 GMT
  176. Content-Type: text/html
  177. Connection: close
  178. Content-Encoding: br
  179.  
  180. ---XaCYXRQu---H--
  181. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/contact-form-manager/images/arrow-refresh.png"] [unique_id "171198267497.038302"] [ref "o0,2v738,97"]
  182. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/contact-form-manager/images/arrow-refresh.png"] [unique_id "171198267497.038302"] [ref ""]
  183.  
  184. ---XaCYXRQu---J--
  185.  
  186. ---XaCYXRQu---K--
  187.  
  188. ---XaCYXRQu---Z--
  189.  
  190. ---ZSc0LGST---A--
  191. [01/Apr/2024:09:44:34 -0500] 171198267461.525225 108.231.125.253 54431 10.10.10.2 443
  192. ---ZSc0LGST---B--
  193. GET /wp-content/themes/h-code/assets/images/icon-zoom-white.png HTTP/2.0
  194. host: www.mcmo.xyz
  195. sec-fetch-dest: image
  196. sec-fetch-mode: no-cors
  197. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  198. sec-fetch-site: same-origin
  199. accept-language: en-US,en;q=0.9
  200. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  201. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  202. referer: https://www.mcmo.xyz/
  203. accept-encoding: gzip, deflate, br
  204.  
  205. ---ZSc0LGST---E--
  206. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  207.  
  208. ---ZSc0LGST---F--
  209. HTTP/2.0 403
  210. Server: nginx
  211. Date: Mon, 01 Apr 2024 14:44:34 GMT
  212. Content-Type: text/html
  213. Connection: close
  214. Content-Encoding: br
  215.  
  216. ---ZSc0LGST---H--
  217. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/themes/h-code/assets/images/icon-zoom-white.png"] [unique_id "171198267461.525225"] [ref "o0,2v732,97"]
  218. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/themes/h-code/assets/images/icon-zoom-white.png"] [unique_id "171198267461.525225"] [ref ""]
  219.  
  220. ---ZSc0LGST---J--
  221.  
  222. ---ZSc0LGST---K--
  223.  
  224. ---ZSc0LGST---Z--
  225.  
  226. ---g7aJRRI8---A--
  227. [01/Apr/2024:09:44:34 -0500] 171198267436.025504 108.231.125.253 54431 10.10.10.2 443
  228. ---g7aJRRI8---B--
  229. GET /wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp HTTP/2.0
  230. host: www.mcmo.xyz
  231. sec-fetch-dest: image
  232. sec-fetch-mode: no-cors
  233. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  234. sec-fetch-site: same-origin
  235. accept-language: en-US,en;q=0.9
  236. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  237. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  238. referer: https://www.mcmo.xyz/
  239. accept-encoding: gzip, deflate, br
  240.  
  241. ---g7aJRRI8---E--
  242. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  243.  
  244. ---g7aJRRI8---F--
  245. HTTP/2.0 403
  246. Server: nginx
  247. Date: Mon, 01 Apr 2024 14:44:34 GMT
  248. Content-Type: text/html
  249. Connection: close
  250. Content-Encoding: br
  251.  
  252. ---g7aJRRI8---H--
  253. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198267436.025504"] [ref "o0,2v738,97"]
  254. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198267436.025504"] [ref ""]
  255.  
  256. ---g7aJRRI8---J--
  257.  
  258. ---g7aJRRI8---K--
  259.  
  260. ---g7aJRRI8---Z--
  261.  
  262. ---qM1ykAjF---A--
  263. [01/Apr/2024:09:44:34 -0500] 171198267484.449359 108.231.125.253 54431 10.10.10.2 443
  264. ---qM1ykAjF---B--
  265. GET /wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp HTTP/2.0
  266. host: www.mcmo.xyz
  267. sec-fetch-dest: image
  268. sec-fetch-mode: no-cors
  269. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  270. sec-fetch-site: same-origin
  271. accept-language: en-US,en;q=0.9
  272. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  273. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  274. referer: https://www.mcmo.xyz/
  275. accept-encoding: gzip, deflate, br
  276.  
  277. ---qM1ykAjF---E--
  278. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  279.  
  280. ---qM1ykAjF---F--
  281. HTTP/2.0 403
  282. Server: nginx
  283. Date: Mon, 01 Apr 2024 14:44:34 GMT
  284. Content-Type: text/html
  285. Connection: close
  286. Content-Encoding: br
  287.  
  288. ---qM1ykAjF---H--
  289. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198267484.449359"] [ref "o0,2v741,97"]
  290. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198267484.449359"] [ref ""]
  291.  
  292. ---qM1ykAjF---J--
  293.  
  294. ---qM1ykAjF---K--
  295.  
  296. ---qM1ykAjF---Z--
  297.  
  298. ---kunGLDAs---A--
  299. [01/Apr/2024:09:44:34 -0500] 171198267467.782168 108.231.125.253 54431 10.10.10.2 443
  300. ---kunGLDAs---B--
  301. GET /wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp HTTP/2.0
  302. host: www.mcmo.xyz
  303. sec-fetch-dest: image
  304. sec-fetch-mode: no-cors
  305. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  306. sec-fetch-site: same-origin
  307. accept-language: en-US,en;q=0.9
  308. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  309. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  310. referer: https://www.mcmo.xyz/
  311. accept-encoding: gzip, deflate, br
  312.  
  313. ---kunGLDAs---E--
  314. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  315.  
  316. ---kunGLDAs---F--
  317. HTTP/2.0 403
  318. Server: nginx
  319. Date: Mon, 01 Apr 2024 14:44:34 GMT
  320. Content-Type: text/html
  321. Connection: close
  322. Content-Encoding: br
  323.  
  324. ---kunGLDAs---H--
  325. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198267467.782168"] [ref "o0,2v774,97"]
  326. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198267467.782168"] [ref ""]
  327.  
  328. ---kunGLDAs---J--
  329.  
  330. ---kunGLDAs---K--
  331.  
  332. ---kunGLDAs---Z--
  333.  
  334. ---dmtz2LQg---A--
  335. [01/Apr/2024:09:44:34 -0500] 171198267418.855067 108.231.125.253 54431 10.10.10.2 443
  336. ---dmtz2LQg---B--
  337. GET /wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp HTTP/2.0
  338. host: www.mcmo.xyz
  339. sec-fetch-dest: image
  340. sec-fetch-mode: no-cors
  341. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  342. sec-fetch-site: same-origin
  343. accept-language: en-US,en;q=0.9
  344. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  345. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  346. referer: https://www.mcmo.xyz/
  347. accept-encoding: gzip, deflate, br
  348.  
  349. ---dmtz2LQg---E--
  350. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  351.  
  352. ---dmtz2LQg---F--
  353. HTTP/2.0 403
  354. Server: nginx
  355. Date: Mon, 01 Apr 2024 14:44:34 GMT
  356. Content-Type: text/html
  357. Connection: close
  358. Content-Encoding: br
  359.  
  360. ---dmtz2LQg---H--
  361. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198267418.855067"] [ref "o0,2v746,97"]
  362. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198267418.855067"] [ref ""]
  363.  
  364. ---dmtz2LQg---J--
  365.  
  366. ---dmtz2LQg---K--
  367.  
  368. ---dmtz2LQg---Z--
  369.  
  370. ---R00sPGyE---A--
  371. [01/Apr/2024:09:44:34 -0500] 171198267466.982298 108.231.125.253 54431 10.10.10.2 443
  372. ---R00sPGyE---B--
  373. GET /wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp HTTP/2.0
  374. host: www.mcmo.xyz
  375. sec-fetch-dest: image
  376. sec-fetch-mode: no-cors
  377. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  378. sec-fetch-site: same-origin
  379. accept-language: en-US,en;q=0.9
  380. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  381. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  382. referer: https://www.mcmo.xyz/
  383. accept-encoding: gzip, deflate, br
  384.  
  385. ---R00sPGyE---E--
  386. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  387.  
  388. ---R00sPGyE---F--
  389. HTTP/2.0 403
  390. Server: nginx
  391. Date: Mon, 01 Apr 2024 14:44:34 GMT
  392. Content-Type: text/html
  393. Connection: close
  394. Content-Encoding: br
  395.  
  396. ---R00sPGyE---H--
  397. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "171198267466.982298"] [ref "o0,2v783,97"]
  398. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "171198267466.982298"] [ref ""]
  399.  
  400. ---R00sPGyE---J--
  401.  
  402. ---R00sPGyE---K--
  403.  
  404. ---R00sPGyE---Z--
  405.  
  406. ---bxCL7uYp---A--
  407. [01/Apr/2024:09:44:34 -0500] 171198267486.329524 108.231.125.253 54431 10.10.10.2 443
  408. ---bxCL7uYp---B--
  409. GET /wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp HTTP/2.0
  410. host: www.mcmo.xyz
  411. sec-fetch-dest: image
  412. sec-fetch-mode: no-cors
  413. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  414. sec-fetch-site: same-origin
  415. accept-language: en-US,en;q=0.9
  416. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  417. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  418. referer: https://www.mcmo.xyz/
  419. accept-encoding: gzip, deflate, br
  420.  
  421. ---bxCL7uYp---E--
  422. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  423.  
  424. ---bxCL7uYp---F--
  425. HTTP/2.0 403
  426. Server: nginx
  427. Date: Mon, 01 Apr 2024 14:44:34 GMT
  428. Content-Type: text/html
  429. Connection: close
  430. Content-Encoding: br
  431.  
  432. ---bxCL7uYp---H--
  433. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp"] [unique_id "171198267486.329524"] [ref "o0,2v784,97"]
  434. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp"] [unique_id "171198267486.329524"] [ref ""]
  435.  
  436. ---bxCL7uYp---J--
  437.  
  438. ---bxCL7uYp---K--
  439.  
  440. ---bxCL7uYp---Z--
  441.  
  442. ---mL55WFxA---A--
  443. [01/Apr/2024:09:44:34 -0500] 171198267432.278347 108.231.125.253 54431 10.10.10.2 443
  444. ---mL55WFxA---B--
  445. GET /wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp HTTP/2.0
  446. host: www.mcmo.xyz
  447. sec-fetch-dest: image
  448. sec-fetch-mode: no-cors
  449. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  450. sec-fetch-site: same-origin
  451. accept-language: en-US,en;q=0.9
  452. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  453. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  454. referer: https://www.mcmo.xyz/
  455. accept-encoding: gzip, deflate, br
  456.  
  457. ---mL55WFxA---E--
  458. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  459.  
  460. ---mL55WFxA---F--
  461. HTTP/2.0 403
  462. Server: nginx
  463. Date: Mon, 01 Apr 2024 14:44:34 GMT
  464. Content-Type: text/html
  465. Connection: close
  466. Content-Encoding: br
  467.  
  468. ---mL55WFxA---H--
  469. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp"] [unique_id "171198267432.278347"] [ref "o0,2v783,97"]
  470. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp"] [unique_id "171198267432.278347"] [ref ""]
  471.  
  472. ---mL55WFxA---J--
  473.  
  474. ---mL55WFxA---K--
  475.  
  476. ---mL55WFxA---Z--
  477.  
  478. ---2q72AXjb---A--
  479. [01/Apr/2024:09:44:34 -0500] 171198267425.720790 108.231.125.253 54431 10.10.10.2 443
  480. ---2q72AXjb---B--
  481. GET /wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp HTTP/2.0
  482. host: www.mcmo.xyz
  483. sec-fetch-dest: image
  484. sec-fetch-mode: no-cors
  485. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  486. sec-fetch-site: same-origin
  487. accept-language: en-US,en;q=0.9
  488. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  489. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  490. referer: https://www.mcmo.xyz/
  491. accept-encoding: gzip, deflate, br
  492.  
  493. ---2q72AXjb---E--
  494. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  495.  
  496. ---2q72AXjb---F--
  497. HTTP/2.0 403
  498. Server: nginx
  499. Date: Mon, 01 Apr 2024 14:44:34 GMT
  500. Content-Type: text/html
  501. Connection: close
  502. Content-Encoding: br
  503.  
  504. ---2q72AXjb---H--
  505. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198267425.720790"] [ref "o0,2v741,97"]
  506. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198267425.720790"] [ref ""]
  507.  
  508. ---2q72AXjb---J--
  509.  
  510. ---2q72AXjb---K--
  511.  
  512. ---2q72AXjb---Z--
  513.  
  514. ---VhRuvN6W---A--
  515. [01/Apr/2024:09:44:34 -0500] 171198267436.379333 108.231.125.253 54431 10.10.10.2 443
  516. ---VhRuvN6W---B--
  517. GET /wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp HTTP/2.0
  518. host: www.mcmo.xyz
  519. sec-fetch-dest: image
  520. sec-fetch-mode: no-cors
  521. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  522. sec-fetch-site: same-origin
  523. accept-language: en-US,en;q=0.9
  524. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  525. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  526. referer: https://www.mcmo.xyz/
  527. accept-encoding: gzip, deflate, br
  528.  
  529. ---VhRuvN6W---E--
  530. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  531.  
  532. ---VhRuvN6W---F--
  533. HTTP/2.0 403
  534. Server: nginx
  535. Date: Mon, 01 Apr 2024 14:44:34 GMT
  536. Content-Type: text/html
  537. Connection: close
  538. Content-Encoding: br
  539.  
  540. ---VhRuvN6W---H--
  541. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198267436.379333"] [ref "o0,2v774,97"]
  542. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198267436.379333"] [ref ""]
  543.  
  544. ---VhRuvN6W---J--
  545.  
  546. ---VhRuvN6W---K--
  547.  
  548. ---VhRuvN6W---Z--
  549.  
  550. ---KHpP9NEv---A--
  551. [01/Apr/2024:09:44:34 -0500] 171198267467.750603 108.231.125.253 54431 10.10.10.2 443
  552. ---KHpP9NEv---B--
  553. GET /wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp HTTP/2.0
  554. host: www.mcmo.xyz
  555. sec-fetch-dest: image
  556. sec-fetch-mode: no-cors
  557. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  558. sec-fetch-site: same-origin
  559. accept-language: en-US,en;q=0.9
  560. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  561. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  562. referer: https://www.mcmo.xyz/
  563. accept-encoding: gzip, deflate, br
  564.  
  565. ---KHpP9NEv---E--
  566. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  567.  
  568. ---KHpP9NEv---F--
  569. HTTP/2.0 403
  570. Server: nginx
  571. Date: Mon, 01 Apr 2024 14:44:34 GMT
  572. Content-Type: text/html
  573. Connection: close
  574. Content-Encoding: br
  575.  
  576. ---KHpP9NEv---H--
  577. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198267467.750603"] [ref "o0,2v738,97"]
  578. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198267467.750603"] [ref ""]
  579.  
  580. ---KHpP9NEv---J--
  581.  
  582. ---KHpP9NEv---K--
  583.  
  584. ---KHpP9NEv---Z--
  585.  
  586. ---gK0DZxLZ---A--
  587. [01/Apr/2024:09:44:34 -0500] 171198267473.289714 108.231.125.253 54431 10.10.10.2 443
  588. ---gK0DZxLZ---B--
  589. GET /wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp HTTP/2.0
  590. host: www.mcmo.xyz
  591. sec-fetch-dest: image
  592. sec-fetch-mode: no-cors
  593. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  594. sec-fetch-site: same-origin
  595. accept-language: en-US,en;q=0.9
  596. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  597. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  598. referer: https://www.mcmo.xyz/
  599. accept-encoding: gzip, deflate, br
  600.  
  601. ---gK0DZxLZ---E--
  602. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  603.  
  604. ---gK0DZxLZ---F--
  605. HTTP/2.0 403
  606. Server: nginx
  607. Date: Mon, 01 Apr 2024 14:44:34 GMT
  608. Content-Type: text/html
  609. Connection: close
  610. Content-Encoding: br
  611.  
  612. ---gK0DZxLZ---H--
  613. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198267473.289714"] [ref "o0,2v746,97"]
  614. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198267473.289714"] [ref ""]
  615.  
  616. ---gK0DZxLZ---J--
  617.  
  618. ---gK0DZxLZ---K--
  619.  
  620. ---gK0DZxLZ---Z--
  621.  
  622. ---mScuzJVS---A--
  623. [01/Apr/2024:09:44:34 -0500] 171198267480.075786 108.231.125.253 54431 10.10.10.2 443
  624. ---mScuzJVS---B--
  625. GET /wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp HTTP/2.0
  626. host: www.mcmo.xyz
  627. sec-fetch-dest: image
  628. sec-fetch-mode: no-cors
  629. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  630. sec-fetch-site: same-origin
  631. accept-language: en-US,en;q=0.9
  632. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  633. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  634. referer: https://www.mcmo.xyz/
  635. accept-encoding: gzip, deflate, br
  636.  
  637. ---mScuzJVS---E--
  638. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  639.  
  640. ---mScuzJVS---F--
  641. HTTP/2.0 403
  642. Server: nginx
  643. Date: Mon, 01 Apr 2024 14:44:34 GMT
  644. Content-Type: text/html
  645. Connection: close
  646. Content-Encoding: br
  647.  
  648. ---mScuzJVS---H--
  649. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "171198267480.075786"] [ref "o0,2v783,97"]
  650. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "171198267480.075786"] [ref ""]
  651.  
  652. ---mScuzJVS---J--
  653.  
  654. ---mScuzJVS---K--
  655.  
  656. ---mScuzJVS---Z--
  657.  
  658. ---yuKtHRQb---A--
  659. [01/Apr/2024:09:44:35 -0500] 171198267542.839727 108.231.125.253 54431 10.10.10.2 443
  660. ---yuKtHRQb---B--
  661. GET /wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp HTTP/2.0
  662. host: www.mcmo.xyz
  663. sec-fetch-dest: image
  664. sec-fetch-mode: no-cors
  665. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  666. sec-fetch-site: same-origin
  667. accept-language: en-US,en;q=0.9
  668. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  669. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  670. referer: https://www.mcmo.xyz/
  671. accept-encoding: gzip, deflate, br
  672.  
  673. ---yuKtHRQb---E--
  674. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  675.  
  676. ---yuKtHRQb---F--
  677. HTTP/2.0 403
  678. Server: nginx
  679. Date: Mon, 01 Apr 2024 14:44:34 GMT
  680. Content-Type: text/html
  681. Connection: close
  682. Content-Encoding: br
  683.  
  684. ---yuKtHRQb---H--
  685. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp"] [unique_id "171198267542.839727"] [ref "o0,2v784,97"]
  686. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp"] [unique_id "171198267542.839727"] [ref ""]
  687.  
  688. ---yuKtHRQb---J--
  689.  
  690. ---yuKtHRQb---K--
  691.  
  692. ---yuKtHRQb---Z--
  693.  
  694. ---iFyrbCmH---A--
  695. [01/Apr/2024:09:44:35 -0500] 171198267563.194046 108.231.125.253 54431 10.10.10.2 443
  696. ---iFyrbCmH---B--
  697. GET /wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp HTTP/2.0
  698. host: www.mcmo.xyz
  699. sec-fetch-dest: image
  700. sec-fetch-mode: no-cors
  701. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  702. sec-fetch-site: same-origin
  703. accept-language: en-US,en;q=0.9
  704. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  705. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  706. referer: https://www.mcmo.xyz/
  707. accept-encoding: gzip, deflate, br
  708.  
  709. ---iFyrbCmH---E--
  710. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  711.  
  712. ---iFyrbCmH---F--
  713. HTTP/2.0 403
  714. Server: nginx
  715. Date: Mon, 01 Apr 2024 14:44:34 GMT
  716. Content-Type: text/html
  717. Connection: close
  718. Content-Encoding: br
  719.  
  720. ---iFyrbCmH---H--
  721. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp"] [unique_id "171198267563.194046"] [ref "o0,2v783,97"]
  722. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp"] [unique_id "171198267563.194046"] [ref ""]
  723.  
  724. ---iFyrbCmH---J--
  725.  
  726. ---iFyrbCmH---K--
  727.  
  728. ---iFyrbCmH---Z--
  729.  
  730. ---WkS4fndP---A--
  731. [01/Apr/2024:09:44:35 -0500] 171198267552.978554 108.231.125.253 54431 10.10.10.2 443
  732. ---WkS4fndP---B--
  733. GET /wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp HTTP/2.0
  734. host: www.mcmo.xyz
  735. sec-fetch-dest: image
  736. sec-fetch-mode: no-cors
  737. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  738. sec-fetch-site: same-origin
  739. accept-language: en-US,en;q=0.9
  740. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  741. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  742. referer: https://www.mcmo.xyz/
  743. accept-encoding: gzip, deflate, br
  744.  
  745. ---WkS4fndP---E--
  746. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  747.  
  748. ---WkS4fndP---F--
  749. HTTP/2.0 403
  750. Server: nginx
  751. Date: Mon, 01 Apr 2024 14:44:35 GMT
  752. Content-Type: text/html
  753. Connection: close
  754. Content-Encoding: br
  755.  
  756. ---WkS4fndP---H--
  757. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198267552.978554"] [ref "o0,2v741,97"]
  758. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198267552.978554"] [ref ""]
  759.  
  760. ---WkS4fndP---J--
  761.  
  762. ---WkS4fndP---K--
  763.  
  764. ---WkS4fndP---Z--
  765.  
  766. ---DDJAWocU---A--
  767. [01/Apr/2024:09:44:35 -0500] 17119826756.067703 108.231.125.253 54431 10.10.10.2 443
  768. ---DDJAWocU---B--
  769. GET /wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp HTTP/2.0
  770. host: www.mcmo.xyz
  771. sec-fetch-dest: image
  772. sec-fetch-mode: no-cors
  773. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  774. sec-fetch-site: same-origin
  775. accept-language: en-US,en;q=0.9
  776. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  777. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  778. referer: https://www.mcmo.xyz/
  779. accept-encoding: gzip, deflate, br
  780.  
  781. ---DDJAWocU---E--
  782. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  783.  
  784. ---DDJAWocU---F--
  785. HTTP/2.0 403
  786. Server: nginx
  787. Date: Mon, 01 Apr 2024 14:44:35 GMT
  788. Content-Type: text/html
  789. Connection: close
  790. Content-Encoding: br
  791.  
  792. ---DDJAWocU---H--
  793. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "17119826756.067703"] [ref "o0,2v774,97"]
  794. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "17119826756.067703"] [ref ""]
  795.  
  796. ---DDJAWocU---J--
  797.  
  798. ---DDJAWocU---K--
  799.  
  800. ---DDJAWocU---Z--
  801.  
  802. ---gxOxOmW4---A--
  803. [01/Apr/2024:09:44:35 -0500] 171198267576.707529 108.231.125.253 54431 10.10.10.2 443
  804. ---gxOxOmW4---B--
  805. GET /wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp HTTP/2.0
  806. host: www.mcmo.xyz
  807. sec-fetch-dest: image
  808. sec-fetch-mode: no-cors
  809. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  810. sec-fetch-site: same-origin
  811. accept-language: en-US,en;q=0.9
  812. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  813. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  814. referer: https://www.mcmo.xyz/
  815. accept-encoding: gzip, deflate, br
  816.  
  817. ---gxOxOmW4---E--
  818. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  819.  
  820. ---gxOxOmW4---F--
  821. HTTP/2.0 403
  822. Server: nginx
  823. Date: Mon, 01 Apr 2024 14:44:35 GMT
  824. Content-Type: text/html
  825. Connection: close
  826. Content-Encoding: br
  827.  
  828. ---gxOxOmW4---H--
  829. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198267576.707529"] [ref "o0,2v738,97"]
  830. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198267576.707529"] [ref ""]
  831.  
  832. ---gxOxOmW4---J--
  833.  
  834. ---gxOxOmW4---K--
  835.  
  836. ---gxOxOmW4---Z--
  837.  
  838. ---zUvaffs9---A--
  839. [01/Apr/2024:09:44:35 -0500] 171198267581.628572 108.231.125.253 54431 10.10.10.2 443
  840. ---zUvaffs9---B--
  841. GET /wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp HTTP/2.0
  842. host: www.mcmo.xyz
  843. sec-fetch-dest: image
  844. sec-fetch-mode: no-cors
  845. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  846. sec-fetch-site: same-origin
  847. accept-language: en-US,en;q=0.9
  848. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  849. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  850. referer: https://www.mcmo.xyz/
  851. accept-encoding: gzip, deflate, br
  852.  
  853. ---zUvaffs9---E--
  854. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  855.  
  856. ---zUvaffs9---F--
  857. HTTP/2.0 403
  858. Server: nginx
  859. Date: Mon, 01 Apr 2024 14:44:35 GMT
  860. Content-Type: text/html
  861. Connection: close
  862. Content-Encoding: br
  863.  
  864. ---zUvaffs9---H--
  865. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198267581.628572"] [ref "o0,2v746,97"]
  866. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198267581.628572"] [ref ""]
  867.  
  868. ---zUvaffs9---J--
  869.  
  870. ---zUvaffs9---K--
  871.  
  872. ---zUvaffs9---Z--
  873.  
  874. ---PID26pSJ---A--
  875. [01/Apr/2024:09:44:36 -0500] 171198267621.164135 108.231.125.253 54431 10.10.10.2 443
  876. ---PID26pSJ---B--
  877. GET /wp-content/themes/h-code/assets/images/icon-zoom-white.png HTTP/2.0
  878. host: www.mcmo.xyz
  879. sec-fetch-dest: image
  880. sec-fetch-mode: no-cors
  881. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  882. sec-fetch-site: same-origin
  883. accept-language: en-US,en;q=0.9
  884. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  885. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  886. referer: https://www.mcmo.xyz/
  887. accept-encoding: gzip, deflate, br
  888.  
  889. ---PID26pSJ---E--
  890. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  891.  
  892. ---PID26pSJ---F--
  893. HTTP/2.0 403
  894. Server: nginx
  895. Date: Mon, 01 Apr 2024 14:44:36 GMT
  896. Content-Type: text/html
  897. Connection: close
  898. Content-Encoding: br
  899.  
  900. ---PID26pSJ---H--
  901. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/themes/h-code/assets/images/icon-zoom-white.png"] [unique_id "171198267621.164135"] [ref "o0,2v732,97"]
  902. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/themes/h-code/assets/images/icon-zoom-white.png"] [unique_id "171198267621.164135"] [ref ""]
  903.  
  904. ---PID26pSJ---J--
  905.  
  906. ---PID26pSJ---K--
  907.  
  908. ---PID26pSJ---Z--
  909.  
  910. ---2lSZY43C---A--
  911. [01/Apr/2024:09:44:36 -0500] 171198267672.305846 108.231.125.253 54431 10.10.10.2 443
  912. ---2lSZY43C---B--
  913. GET /wp-content/uploads/2023/08/img_4584-825x510.jpg HTTP/2.0
  914. host: www.mcmo.xyz
  915. sec-fetch-dest: image
  916. sec-fetch-mode: no-cors
  917. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  918. sec-fetch-site: same-origin
  919. accept-language: en-US,en;q=0.9
  920. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  921. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  922. referer: https://www.mcmo.xyz/
  923. accept-encoding: gzip, deflate, br
  924.  
  925. ---2lSZY43C---E--
  926. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  927.  
  928. ---2lSZY43C---F--
  929. HTTP/2.0 403
  930. Server: nginx
  931. Date: Mon, 01 Apr 2024 14:44:36 GMT
  932. Content-Type: text/html
  933. Connection: close
  934. Content-Encoding: br
  935.  
  936. ---2lSZY43C---H--
  937. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4584-825x510.jpg"] [unique_id "171198267672.305846"] [ref "o0,2v721,97"]
  938. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4584-825x510.jpg"] [unique_id "171198267672.305846"] [ref ""]
  939.  
  940. ---2lSZY43C---J--
  941.  
  942. ---2lSZY43C---K--
  943.  
  944. ---2lSZY43C---Z--
  945.  
  946. ---1PANBeR9---A--
  947. [01/Apr/2024:09:44:36 -0500] 17119826765.973249 108.231.125.253 54431 10.10.10.2 443
  948. ---1PANBeR9---B--
  949. GET /wp-content/uploads/2023/08/img_4626-825x510.jpg HTTP/2.0
  950. host: www.mcmo.xyz
  951. sec-fetch-dest: image
  952. sec-fetch-mode: no-cors
  953. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  954. sec-fetch-site: same-origin
  955. accept-language: en-US,en;q=0.9
  956. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  957. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  958. referer: https://www.mcmo.xyz/
  959. accept-encoding: gzip, deflate, br
  960.  
  961. ---1PANBeR9---E--
  962. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  963.  
  964. ---1PANBeR9---F--
  965. HTTP/2.0 403
  966. Server: nginx
  967. Date: Mon, 01 Apr 2024 14:44:36 GMT
  968. Content-Type: text/html
  969. Connection: close
  970. Content-Encoding: br
  971.  
  972. ---1PANBeR9---H--
  973. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4626-825x510.jpg"] [unique_id "17119826765.973249"] [ref "o0,2v721,97"]
  974. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4626-825x510.jpg"] [unique_id "17119826765.973249"] [ref ""]
  975.  
  976. ---1PANBeR9---J--
  977.  
  978. ---1PANBeR9---K--
  979.  
  980. ---1PANBeR9---Z--
  981.  
  982. ---7KjkzZtM---A--
  983. [01/Apr/2024:09:44:36 -0500] 171198267695.047623 108.231.125.253 54431 10.10.10.2 443
  984. ---7KjkzZtM---B--
  985. GET /wp-content/uploads/2023/08/img_4495-825x510.jpg HTTP/2.0
  986. host: www.mcmo.xyz
  987. sec-fetch-dest: image
  988. sec-fetch-mode: no-cors
  989. accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
  990. sec-fetch-site: same-origin
  991. accept-language: en-US,en;q=0.9
  992. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  993. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  994. referer: https://www.mcmo.xyz/
  995. accept-encoding: gzip, deflate, br
  996.  
  997. ---7KjkzZtM---E--
  998. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  999.  
  1000. ---7KjkzZtM---F--
  1001. HTTP/2.0 403
  1002. Server: nginx
  1003. Date: Mon, 01 Apr 2024 14:44:36 GMT
  1004. Content-Type: text/html
  1005. Connection: close
  1006. Content-Encoding: br
  1007.  
  1008. ---7KjkzZtM---H--
  1009. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4495-825x510.jpg"] [unique_id "171198267695.047623"] [ref "o0,2v721,97"]
  1010. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4495-825x510.jpg"] [unique_id "171198267695.047623"] [ref ""]
  1011.  
  1012. ---7KjkzZtM---J--
  1013.  
  1014. ---7KjkzZtM---K--
  1015.  
  1016. ---7KjkzZtM---Z--
  1017.  
  1018. ---s5PyupFw---A--
  1019. [01/Apr/2024:09:44:37 -0500] 171198267785.172309 108.231.125.253 54431 10.10.10.2 443
  1020. ---s5PyupFw---B--
  1021. GET /wp-content/plugins/contact-form-manager/captcha/random.php?formName=1&formId=_1 HTTP/2.0
  1022. host: www.mcmo.xyz
  1023. sec-fetch-dest: iframe
  1024. sec-fetch-mode: navigate
  1025. accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  1026. sec-fetch-site: same-origin
  1027. accept-language: en-US,en;q=0.9
  1028. user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
  1029. cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=85868cf5b08084e7.1711982673.; _pk_ses.1.b754=1
  1030. referer: https://www.mcmo.xyz/
  1031. accept-encoding: gzip, deflate, br
  1032.  
  1033. ---s5PyupFw---E--
  1034. \xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
  1035.  
  1036. ---s5PyupFw---F--
  1037. HTTP/2.0 403
  1038. Server: nginx
  1039. Date: Mon, 01 Apr 2024 14:44:37 GMT
  1040. Content-Type: text/html
  1041. X-Content-Type-Options: nosniff
  1042. Connection: close
  1043. X-XSS-Protection: 1; mode=block
  1044. Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
  1045. Content-Encoding: br
  1046. Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
  1047. Referrer-Policy: no-referrer-when-downgrade
  1048. x-frame-options: SAMEORIGIN
  1049.  
  1050. ---s5PyupFw---H--
  1051. ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_current_add' (Value: `fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: fd found within REQUEST_COOKIES:sbjs_current_add: fd%3D2024-04-01%2014%3A44%3A33%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/contact-form-manager/captcha/random.php"] [unique_id "171198267785.172309"] [ref "o0,2v694,97"]
  1052. ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/contact-form-manager/captcha/random.php"] [unique_id "171198267785.172309"] [ref ""]
  1053.  
  1054. ---s5PyupFw---J--
  1055.  
  1056. ---s5PyupFw---K--
  1057.  
  1058. ---s5PyupFw---Z--
  1059.  
  1060. ---ahT6kXJj---A--
  1061. [01/Apr/2024:09:44:41 -0500] 171198268168.311509 51.195.91.122 40176 10.10.10.2 443
  1062. ---ahT6kXJj---B--
  1063. HEAD /wp-json/oembed/1.0/embed?url=https%3A%2F%2Fdanrancan.xyz%2F2018%2F11%2Fthe-best-and-safest-solution-to-online-storage-for-all-of-your-devices-sign-up-now%2F HTTP/1.1
  1064. Referer: https://danrancan.xyz/2018/11/the-best-and-safest-solution-to-online-storage-for-all-of-your-devices-sign-up-now/
  1065. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246
  1066. Accept: */*
  1067. Accept-Encoding: identity
  1068. Host: danrancan.xyz
  1069. Connection: Keep-Alive
  1070.  
  1071. ---ahT6kXJj---F--
  1072. HTTP/1.1 200
  1073. Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
  1074. Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
  1075. X-XSS-Protection: 1; mode=block
  1076. Link: <https://danrancan.xyz/wp-json/>; rel="https://api.w.org/"
  1077. Content-Type: application/json; charset=UTF-8
  1078. Allow: GET
  1079. Connection: keep-alive
  1080. X-Content-Type-Options: nosniff
  1081. X-Content-Type-Options: nosniff
  1082. Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
  1083. Date: Mon, 01 Apr 2024 14:44:41 GMT
  1084. Access-Control-Allow-Methods: GET, POST, OPTIONS
  1085. X-Robots-Tag: noindex
  1086. x-frame-options: SAMEORIGIN
  1087. Server: nginx
  1088. Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
  1089. Referrer-Policy: no-referrer-when-downgrade
  1090. X-FastCGI-Cache: BYPASS
  1091. Permissions-Policy: geolocation=(), autoplay=(), encrypted-media=(), midi=(), usb=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=(self)
  1092. X-Permitted-Cross-Domain-Policies: none
  1093. Clear-Site-Data: *
  1094. Access-Control-Allow-Origin: *
  1095.  
  1096. ---ahT6kXJj---H--
  1097. ModSecurity: Warning. Matched "Operator `Rx' with parameter `((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98`<>]*?){12})' against variable `ARGS:url' (Value: `https://danrancan.xyz/2018/11/the-best-and-safest-solution-to-online-storage-for-all-of-your-devices (13 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1296"] [id "942430"] [rev ""] [msg "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12)"] [data "Matched Data: ://danrancan.xyz/2018/11/the-best-and-safest-solution-to-online-storage-for-all-of- found within ARGS:url: https://danrancan.xyz/2018/11/the-best-and-safest-solution-to-online-storage-fo (34 characters omitted)"] [severity "4"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "171198268168.311509"] [ref "o5,83o5,83v35,113t:urlDecodeUni"]
  1098.  
  1099. ---ahT6kXJj---J--
  1100.  
  1101. ---ahT6kXJj---K--
  1102.  
  1103. ---ahT6kXJj---Z--
  1104.  
  1105. ---uR743YD8---A--
  1106. [01/Apr/2024:09:44:41 -0500] 171198268199.310619 51.195.91.122 40176 10.10.10.2 443
  1107. ---uR743YD8---B--
  1108. HEAD /wp-json/oembed/1.0/embed?url=https%3A%2F%2Fdanrancan.xyz%2F2018%2F11%2Fthe-best-and-safest-solution-to-online-storage-for-all-of-your-devices-sign-up-now%2F&format=xml HTTP/1.1
  1109. Referer: https://danrancan.xyz/2018/11/the-best-and-safest-solution-to-online-storage-for-all-of-your-devices-sign-up-now/
  1110. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246
  1111. Accept: */*
  1112. Accept-Encoding: identity
  1113. Host: danrancan.xyz
  1114. Connection: Keep-Alive
  1115.  
  1116. ---uR743YD8---F--
  1117. HTTP/1.1 200
  1118. Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
  1119. Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
  1120. X-XSS-Protection: 1; mode=block
  1121. Link: <https://danrancan.xyz/wp-json/>; rel="https://api.w.org/"
  1122. Content-Type: application/json; charset=UTF-8
  1123. Allow: GET
  1124. Connection: keep-alive
  1125. X-Content-Type-Options: nosniff
  1126. X-Content-Type-Options: nosniff
  1127. Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
  1128. Date: Mon, 01 Apr 2024 14:44:42 GMT
  1129. Access-Control-Allow-Methods: GET, POST, OPTIONS
  1130. X-Robots-Tag: noindex
  1131. x-frame-options: SAMEORIGIN
  1132. Server: nginx
  1133. Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
  1134. Referrer-Policy: no-referrer-when-downgrade
  1135. X-FastCGI-Cache: BYPASS
  1136. Permissions-Policy: geolocation=(), autoplay=(), encrypted-media=(), midi=(), usb=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=(self)
  1137. X-Permitted-Cross-Domain-Policies: none
  1138. Clear-Site-Data: *
  1139. Access-Control-Allow-Origin: *
  1140.  
  1141. ---uR743YD8---H--
  1142. ModSecurity: Warning. Matched "Operator `Rx' with parameter `((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98`<>]*?){12})' against variable `ARGS:url' (Value: `https://danrancan.xyz/2018/11/the-best-and-safest-solution-to-online-storage-for-all-of-your-devices (13 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1296"] [id "942430"] [rev ""] [msg "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12)"] [data "Matched Data: ://danrancan.xyz/2018/11/the-best-and-safest-solution-to-online-storage-for-all-of- found within ARGS:url: https://danrancan.xyz/2018/11/the-best-and-safest-solution-to-online-storage-fo (34 characters omitted)"] [severity "4"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "171198268199.310619"] [ref "o5,83o5,83v35,113t:urlDecodeUni"]
  1143.  
  1144. ---uR743YD8---J--
  1145.  
  1146. ---uR743YD8---K--
  1147.  
  1148. ---uR743YD8---Z--
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!