---q3mg3BAP---A--
[16/Aug/2024:10:52:15 +0200] 17237983356.164711 XXX.XXX.XXX.XXX 56454 XXX.XXX.XXX.XXX 443
---q3mg3BAP---B--
GET /js/vendor/sprintf.js?v=5.2.1 HTTP/2.0
sec-fetch-site: same-origin
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
pragma: no-cache
sec-ch-ua-mobile: ?0
accept: */*
cache-control: no-cache
sec-ch-ua: "Not)A;Brand";v="99", "Google Chrome";v="127", "Chromium";v="127"
sec-fetch-dest: script
sec-fetch-mode: no-cors
host: pma.xyz.com
accept-encoding: gzip, deflate, br, zstd
cookie: pmaUser-1_https=Gs4AqvjSpWltr3Fni8h%2B6lSn3Gpar04eg5oRT%2BXkbbbPI1pXF%2B0%2FiDckbBWJIKHqnVo%2FUpuNeaV1ig%3D%3D; pma_lang_https=de; phpMyAdmin_https=epg5qc3a7fg4b31jma34dch5o5
accept-language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
priority: u=1

---q3mg3BAP---D--

---q3mg3BAP---E--
<html>\x0d\x0a<head><title>403 Forbidden</title></head>\x0d\x0a<body>\x0d\x0a<center><h1>403 Forbidden</h1></center>\x0d\x0a<hr><center>nginx</center>\x0d\x0a</body>\x0d\x0a</html>\x0d\x0a<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a

---q3mg3BAP---F--
HTTP/2.0 403
Server: nginx
Date: Fri, 16 Aug 2024 08:52:15 GMT
Content-Length: 548
Content-Type: text/html
Connection: close

---q3mg3BAP---H--
ModSecurity: Warning. Matched "Operator `PmFromFile' with parameter `php-function-names-933150.data' against variable `REQUEST_FILENAME' (Value: `/js/vendor/sprintf.js' ) [file "/etc/nginx/owasp-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "282"] [id "933150"] [rev ""] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: printf found within REQUEST_FILENAME: /js/vendor/sprintf.js"] [severity "2"] [ver "OWASP_CRS/4.6.0-dev"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "XXX.XXX.XXX.XXX"] [uri "/js/vendor/sprintf.js"] [unique_id "17237983356.164711"] [ref "o12,6v4,21"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "222"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.6.0-dev"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "XXX.XXX.XXX.XXX"] [uri "/js/vendor/sprintf.js"] [unique_id "17237983356.164711"] [ref ""]