modsec crs4 audit log for mcmo.xyz

---cT9nc6R6---A--
[01/Apr/2024:09:18:13 -0500] 171198109317.845861 108.231.125.253 53514 10.10.10.2 443
---cT9nc6R6---B--
GET /wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---cT9nc6R6---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---cT9nc6R6---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:13 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---cT9nc6R6---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198109317.845861"] [ref "o0,2v741,97o0,2v1178,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198109317.845861"] [ref "o13,4v851,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198109317.845861"] [ref ""]

---cT9nc6R6---J--

---cT9nc6R6---K--

---cT9nc6R6---Z--

---BC4XHtUY---A--
[01/Apr/2024:09:18:13 -0500] 17119810933.848267 108.231.125.253 53514 10.10.10.2 443
---BC4XHtUY---B--
GET /wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---BC4XHtUY---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---BC4XHtUY---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:13 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---BC4XHtUY---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "17119810933.848267"] [ref "o0,2v774,97o0,2v1211,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "17119810933.848267"] [ref "o13,4v884,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "17119810933.848267"] [ref ""]

---BC4XHtUY---J--

---BC4XHtUY---K--

---BC4XHtUY---Z--

---HVj9BKHq---A--
[01/Apr/2024:09:18:13 -0500] 17119810939.439168 108.231.125.253 53514 10.10.10.2 443
---HVj9BKHq---B--
GET /wp-content/plugins/newsletter-manager/images/close.png HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---HVj9BKHq---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---HVj9BKHq---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:13 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---HVj9BKHq---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/newsletter-manager/images/close.png"] [unique_id "17119810939.439168"] [ref "o0,2v728,97o0,2v1165,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/newsletter-manager/images/close.png"] [unique_id "17119810939.439168"] [ref "o13,4v838,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/newsletter-manager/images/close.png"] [unique_id "17119810939.439168"] [ref ""]

---HVj9BKHq---J--

---HVj9BKHq---K--

---HVj9BKHq---Z--

---eSdPvCiW---A--
[01/Apr/2024:09:18:13 -0500] 171198109354.079798 108.231.125.253 53514 10.10.10.2 443
---eSdPvCiW---B--
GET /wp-content/plugins/contact-form-manager/images/arrow-refresh.png HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---eSdPvCiW---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---eSdPvCiW---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:13 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---eSdPvCiW---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/contact-form-manager/images/arrow-refresh.png"] [unique_id "171198109354.079798"] [ref "o0,2v738,97o0,2v1175,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/contact-form-manager/images/arrow-refresh.png"] [unique_id "171198109354.079798"] [ref "o13,4v848,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/contact-form-manager/images/arrow-refresh.png"] [unique_id "171198109354.079798"] [ref ""]

---eSdPvCiW---J--

---eSdPvCiW---K--

---eSdPvCiW---Z--

---dpJGtjK5---A--
[01/Apr/2024:09:18:13 -0500] 171198109340.313719 108.231.125.253 53514 10.10.10.2 443
---dpJGtjK5---B--
GET /wp-content/themes/h-code/assets/images/icon-zoom-white.png HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---dpJGtjK5---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---dpJGtjK5---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:13 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---dpJGtjK5---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/themes/h-code/assets/images/icon-zoom-white.png"] [unique_id "171198109340.313719"] [ref "o0,2v732,97o0,2v1169,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/themes/h-code/assets/images/icon-zoom-white.png"] [unique_id "171198109340.313719"] [ref "o13,4v842,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/themes/h-code/assets/images/icon-zoom-white.png"] [unique_id "171198109340.313719"] [ref ""]

---dpJGtjK5---J--

---dpJGtjK5---K--

---dpJGtjK5---Z--

---vOaAG4gV---A--
[01/Apr/2024:09:18:13 -0500] 171198109363.485168 108.231.125.253 53514 10.10.10.2 443
---vOaAG4gV---B--
GET /wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---vOaAG4gV---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---vOaAG4gV---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:13 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---vOaAG4gV---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198109363.485168"] [ref "o0,2v738,97o0,2v1175,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198109363.485168"] [ref "o13,4v848,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198109363.485168"] [ref ""]

---vOaAG4gV---J--

---vOaAG4gV---K--

---vOaAG4gV---Z--

---XPeijtXN---A--
[01/Apr/2024:09:18:13 -0500] 171198109344.431967 108.231.125.253 53514 10.10.10.2 443
---XPeijtXN---B--
GET /wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---XPeijtXN---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---XPeijtXN---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:13 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---XPeijtXN---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198109344.431967"] [ref "o0,2v746,97o0,2v1183,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198109344.431967"] [ref "o13,4v856,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198109344.431967"] [ref ""]

---XPeijtXN---J--

---XPeijtXN---K--

---XPeijtXN---Z--

---MAnFKTly---A--
[01/Apr/2024:09:18:13 -0500] 171198109333.745325 108.231.125.253 53514 10.10.10.2 443
---MAnFKTly---B--
GET /wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---MAnFKTly---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---MAnFKTly---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:13 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---MAnFKTly---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "171198109333.745325"] [ref "o0,2v783,97o0,2v1220,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "171198109333.745325"] [ref "o13,4v893,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "171198109333.745325"] [ref ""]

---MAnFKTly---J--

---MAnFKTly---K--

---MAnFKTly---Z--

---G3CAkWDd---A--
[01/Apr/2024:09:18:13 -0500] 171198109324.025836 108.231.125.253 53514 10.10.10.2 443
---G3CAkWDd---B--
GET /wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---G3CAkWDd---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---G3CAkWDd---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:13 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---G3CAkWDd---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp"] [unique_id "171198109324.025836"] [ref "o0,2v784,97o0,2v1221,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp"] [unique_id "171198109324.025836"] [ref "o13,4v894,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp"] [unique_id "171198109324.025836"] [ref ""]

---G3CAkWDd---J--

---G3CAkWDd---K--

---G3CAkWDd---Z--

---snl6pRcK---A--
[01/Apr/2024:09:18:13 -0500] 171198109317.525589 108.231.125.253 53514 10.10.10.2 443
---snl6pRcK---B--
GET /wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---snl6pRcK---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---snl6pRcK---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:13 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---snl6pRcK---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp"] [unique_id "171198109317.525589"] [ref "o0,2v783,97o0,2v1220,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp"] [unique_id "171198109317.525589"] [ref "o13,4v893,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp"] [unique_id "171198109317.525589"] [ref ""]

---snl6pRcK---J--

---snl6pRcK---K--

---snl6pRcK---Z--

---qG3Z8YuU---A--
[01/Apr/2024:09:18:13 -0500] 17119810932.948357 108.231.125.253 53514 10.10.10.2 443
---qG3Z8YuU---B--
GET /wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---qG3Z8YuU---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---qG3Z8YuU---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:13 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---qG3Z8YuU---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "17119810932.948357"] [ref "o0,2v741,97o0,2v1178,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "17119810932.948357"] [ref "o13,4v851,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "17119810932.948357"] [ref ""]

---qG3Z8YuU---J--

---qG3Z8YuU---K--

---qG3Z8YuU---Z--

---ifj08TyN---A--
[01/Apr/2024:09:18:14 -0500] 171198109430.038655 108.231.125.253 53514 10.10.10.2 443
---ifj08TyN---B--
GET /wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---ifj08TyN---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---ifj08TyN---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:13 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---ifj08TyN---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198109430.038655"] [ref "o0,2v774,97o0,2v1211,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198109430.038655"] [ref "o13,4v884,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198109430.038655"] [ref ""]

---ifj08TyN---J--

---ifj08TyN---K--

---ifj08TyN---Z--

---U8XCekpV---A--
[01/Apr/2024:09:18:14 -0500] 171198109481.136445 108.231.125.253 53514 10.10.10.2 443
---U8XCekpV---B--
GET /wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---U8XCekpV---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---U8XCekpV---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:13 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---U8XCekpV---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198109481.136445"] [ref "o0,2v738,97o0,2v1175,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198109481.136445"] [ref "o13,4v848,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198109481.136445"] [ref ""]

---U8XCekpV---J--

---U8XCekpV---K--

---U8XCekpV---Z--

---VabIzDcp---A--
[01/Apr/2024:09:18:14 -0500] 171198109494.145333 108.231.125.253 53514 10.10.10.2 443
---VabIzDcp---B--
GET /wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---VabIzDcp---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---VabIzDcp---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:13 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---VabIzDcp---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198109494.145333"] [ref "o0,2v746,97o0,2v1183,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198109494.145333"] [ref "o13,4v856,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198109494.145333"] [ref ""]

---VabIzDcp---J--

---VabIzDcp---K--

---VabIzDcp---Z--

---SdMaBG4r---A--
[01/Apr/2024:09:18:14 -0500] 171198109447.173825 108.231.125.253 53514 10.10.10.2 443
---SdMaBG4r---B--
GET /wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---SdMaBG4r---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---SdMaBG4r---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:13 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---SdMaBG4r---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "171198109447.173825"] [ref "o0,2v783,97o0,2v1220,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "171198109447.173825"] [ref "o13,4v893,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "171198109447.173825"] [ref ""]

---SdMaBG4r---J--

---SdMaBG4r---K--

---SdMaBG4r---Z--

---wls2CoPe---A--
[01/Apr/2024:09:18:15 -0500] 171198109533.225357 108.231.125.253 53514 10.10.10.2 443
---wls2CoPe---B--
GET /wp-content/themes/h-code/assets/images/icon-zoom-white.png HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---wls2CoPe---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---wls2CoPe---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:15 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---wls2CoPe---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/themes/h-code/assets/images/icon-zoom-white.png"] [unique_id "171198109533.225357"] [ref "o0,2v732,97o0,2v1169,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/themes/h-code/assets/images/icon-zoom-white.png"] [unique_id "171198109533.225357"] [ref "o13,4v842,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/themes/h-code/assets/images/icon-zoom-white.png"] [unique_id "171198109533.225357"] [ref ""]

---wls2CoPe---J--

---wls2CoPe---K--

---wls2CoPe---Z--

---xuqZed47---A--
[01/Apr/2024:09:18:16 -0500] 171198109660.052163 108.231.125.253 53514 10.10.10.2 443
---xuqZed47---B--
GET /wp-content/uploads/2023/08/img_4584-825x510.jpg HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---xuqZed47---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---xuqZed47---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:16 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---xuqZed47---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4584-825x510.jpg"] [unique_id "171198109660.052163"] [ref "o0,2v721,97o0,2v1158,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4584-825x510.jpg"] [unique_id "171198109660.052163"] [ref "o13,4v831,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4584-825x510.jpg"] [unique_id "171198109660.052163"] [ref ""]

---xuqZed47---J--

---xuqZed47---K--

---xuqZed47---Z--

---BgNAr0zJ---A--
[01/Apr/2024:09:18:16 -0500] 171198109669.680396 108.231.125.253 53514 10.10.10.2 443
---BgNAr0zJ---B--
GET /wp-content/uploads/2023/08/img_4626-825x510.jpg HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---BgNAr0zJ---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---BgNAr0zJ---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:16 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---BgNAr0zJ---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4626-825x510.jpg"] [unique_id "171198109669.680396"] [ref "o0,2v721,97o0,2v1158,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4626-825x510.jpg"] [unique_id "171198109669.680396"] [ref "o13,4v831,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4626-825x510.jpg"] [unique_id "171198109669.680396"] [ref ""]

---BgNAr0zJ---J--

---BgNAr0zJ---K--

---BgNAr0zJ---Z--

---bLtnaveU---A--
[01/Apr/2024:09:18:16 -0500] 171198109647.257418 108.231.125.253 53514 10.10.10.2 443
---bLtnaveU---B--
GET /wp-content/uploads/2023/08/img_4495-825x510.jpg HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---bLtnaveU---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---bLtnaveU---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:16 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---bLtnaveU---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4495-825x510.jpg"] [unique_id "171198109647.257418"] [ref "o0,2v721,97o0,2v1158,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4495-825x510.jpg"] [unique_id "171198109647.257418"] [ref "o13,4v831,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/08/img_4495-825x510.jpg"] [unique_id "171198109647.257418"] [ref ""]

---bLtnaveU---J--

---bLtnaveU---K--

---bLtnaveU---Z--

---hUWrJuWE---A--
[01/Apr/2024:09:18:16 -0500] 171198109695.156262 108.231.125.253 53514 10.10.10.2 443
---hUWrJuWE---B--
GET /wp-content/themes/h-code/assets/images/icon-zoom-white.png HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---hUWrJuWE---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---hUWrJuWE---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:16 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---hUWrJuWE---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/themes/h-code/assets/images/icon-zoom-white.png"] [unique_id "171198109695.156262"] [ref "o0,2v732,97o0,2v1169,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/themes/h-code/assets/images/icon-zoom-white.png"] [unique_id "171198109695.156262"] [ref "o13,4v842,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/themes/h-code/assets/images/icon-zoom-white.png"] [unique_id "171198109695.156262"] [ref ""]

---hUWrJuWE---J--

---hUWrJuWE---K--

---hUWrJuWE---Z--

---oKnRyqW9---A--
[01/Apr/2024:09:18:19 -0500] 171198109980.154441 108.231.125.253 53514 10.10.10.2 443
---oKnRyqW9---B--
GET /wp-content/plugins/contact-form-manager/captcha/random.php?formName=1&formId=_1 HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: iframe
sec-fetch-mode: navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---oKnRyqW9---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---oKnRyqW9---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:19 GMT
Content-Type: text/html
X-Content-Type-Options: nosniff
Connection: close
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Encoding: br
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Referrer-Policy: no-referrer-when-downgrade
x-frame-options: SAMEORIGIN

---oKnRyqW9---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/contact-form-manager/captcha/random.php"] [unique_id "171198109980.154441"] [ref "o0,2v694,97o0,2v1131,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/contact-form-manager/captcha/random.php"] [unique_id "171198109980.154441"] [ref "o13,4v804,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/plugins/contact-form-manager/captcha/random.php"] [unique_id "171198109980.154441"] [ref ""]

---oKnRyqW9---J--

---oKnRyqW9---K--

---oKnRyqW9---Z--

---WuKNuHfV---A--
[01/Apr/2024:09:18:20 -0500] 171198110016.911398 108.231.125.253 53514 10.10.10.2 443
---WuKNuHfV---B--
GET /wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---WuKNuHfV---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---WuKNuHfV---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:20 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---WuKNuHfV---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198110016.911398"] [ref "o0,2v741,97o0,2v1178,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198110016.911398"] [ref "o13,4v851,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Tryclops-1-scaled-768x1012.webp"] [unique_id "171198110016.911398"] [ref ""]

---WuKNuHfV---J--

---WuKNuHfV---K--

---WuKNuHfV---Z--

---bYGBUtf9---A--
[01/Apr/2024:09:18:20 -0500] 171198110016.769517 108.231.125.253 53514 10.10.10.2 443
---bYGBUtf9---B--
GET /wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---bYGBUtf9---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---bYGBUtf9---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:20 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---bYGBUtf9---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198110016.769517"] [ref "o0,2v774,97o0,2v1211,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198110016.769517"] [ref "o13,4v884,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Shape-of-Things-The-Shape-of-Things-Exhibit-1-4-768x400.webp"] [unique_id "171198110016.769517"] [ref ""]

---bYGBUtf9---J--

---bYGBUtf9---K--

---bYGBUtf9---Z--

---N9ye3Uqq---A--
[01/Apr/2024:09:18:20 -0500] 171198110042.230080 108.231.125.253 53514 10.10.10.2 443
---N9ye3Uqq---B--
GET /wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---N9ye3Uqq---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---N9ye3Uqq---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:20 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---N9ye3Uqq---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198110042.230080"] [ref "o0,2v738,97o0,2v1175,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198110042.230080"] [ref "o13,4v848,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-Stoned-Totem-2-768x1010.webp"] [unique_id "171198110042.230080"] [ref ""]

---N9ye3Uqq---J--

---N9ye3Uqq---K--

---N9ye3Uqq---Z--

---ncHlSnsy---A--
[01/Apr/2024:09:18:20 -0500] 171198110075.322682 108.231.125.253 53514 10.10.10.2 443
---ncHlSnsy---B--
GET /wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---ncHlSnsy---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---ncHlSnsy---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:20 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---ncHlSnsy---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198110075.322682"] [ref "o0,2v746,97o0,2v1183,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198110075.322682"] [ref "o13,4v856,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2022/05/McMo-Art-The-Beautiful-People-2-768x1010.webp"] [unique_id "171198110075.322682"] [ref ""]

---ncHlSnsy---J--

---ncHlSnsy---K--

---ncHlSnsy---Z--

---fAJZSy33---A--
[01/Apr/2024:09:18:20 -0500] 171198110071.593070 108.231.125.253 53514 10.10.10.2 443
---fAJZSy33---B--
GET /wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---fAJZSy33---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---fAJZSy33---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:20 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---fAJZSy33---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "171198110071.593070"] [ref "o0,2v783,97o0,2v1220,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "171198110071.593070"] [ref "o13,4v893,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2023/06/McMo-Earthworks-Art-Products-Red-Touches-Yellow-Cropped-17-600px-X-500px-WebP.webp"] [unique_id "171198110071.593070"] [ref ""]

---fAJZSy33---J--

---fAJZSy33---K--

---fAJZSy33---Z--

---VJCzAp6W---A--
[01/Apr/2024:09:18:21 -0500] 171198110198.973715 108.231.125.253 53514 10.10.10.2 443
---VJCzAp6W---B--
GET /wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---VJCzAp6W---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---VJCzAp6W---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:20 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---VJCzAp6W---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp"] [unique_id "171198110198.973715"] [ref "o0,2v784,97o0,2v1221,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp"] [unique_id "171198110198.973715"] [ref "o13,4v894,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/02/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Neolithic-Family-8-768x1013.webp"] [unique_id "171198110198.973715"] [ref ""]

---VJCzAp6W---J--

---VJCzAp6W---K--

---VJCzAp6W---Z--

---y480XzoK---A--
[01/Apr/2024:09:18:21 -0500] 171198110131.698567 108.231.125.253 53514 10.10.10.2 443
---y480XzoK---B--
GET /wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp HTTP/2.0
host: www.mcmo.xyz
sec-fetch-dest: image
sec-fetch-mode: no-cors
accept: image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
sec-fetch-site: same-origin
accept-language: en-US,en;q=0.9
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
cookie: sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_current_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29; sbjs_first_add=fd%3D2024-04-01%2014%3A18%3A12%7C%7C%7Cep%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_15_7%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Version%2F17.4.1%20Safari%2F605.1.15; _pk_id.1.b754=de6c8ce9846b1c9f.1711981092.; _pk_ses.1.b754=1
referer: https://www.mcmo.xyz/
accept-encoding: gzip, deflate, br

---y480XzoK---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00

---y480XzoK---F--
HTTP/2.0 403
Server: nginx
Date: Mon, 01 Apr 2024 14:18:20 GMT
Content-Type: text/html
Connection: close
Content-Encoding: br

---y480XzoK---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)(?:^|b[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?u[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\$[!#\(\*\-0-9\?-@_a-\{]*)?\x5c?s[\"'\)\[-\x5c]*(?:(?:(?:\|\||&&)[\s\v]*)?\ (8043 characters omitted)' against variable `REQUEST_COOKIES:sbjs_session' (Value: `pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1348"] [id "932236"] [rev ""] [msg "Remote Command Execution: Unix Command Injection (command without evasion)"] [data "Matched Data: pg found within REQUEST_COOKIES:sbjs_session: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fwww.mcmo.xyz%2F"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp"] [unique_id "171198110131.698567"] [ref "o0,2v783,97o0,2v1220,51"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=' against variable `REQUEST_COOKIES:sbjs_first' (Value: `typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccn (63 characters omitted)' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "832"] [id "941150"] [rev ""] [msg "XSS Filter - Category 5: Disallowed HTML Attributes"] [data "Matched Data: src= found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)"] [severity "2"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp"] [unique_id "171198110131.698567"] [ref "o13,4v893,163t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `15' ) [file "/etc/nginx/modsec/crs4.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "10.10.10.2"] [uri "/wp-content/uploads/2024/03/McMo-is-Art-On-Lincoln-Memorial-Drive-in-Milwaukee-Athenas-Necklace-3-768x488.webp"] [unique_id "171198110131.698567"] [ref ""]

---y480XzoK---J--

---y480XzoK---K--

---y480XzoK---Z--