D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
self
/
root
/
proc
/
thread-self
/
fd
/
Filename :
5
back
Copy
--0dbc7032-A-- [21/Dec/2025:00:12:39.793301 +0530] aUbuH61QsauylSCmf8awHAAAAAY 152.42.163.164 50680 127.0.0.1 7080 --0dbc7032-B-- GET /.env HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 152.42.163.164 Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0 Accept-Encoding: gzip, deflate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --0dbc7032-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --0dbc7032-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/.env"] [unique_id "aUbuH61QsauylSCmf8awHAAAAAY"] Action: Intercepted (phase 1) Stopwatch: 1766256159792520 888 (- - -) Stopwatch2: 1766256159792520 888; combined=402, p1=308, p2=0, p3=0, p4=0, p5=94, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --0dbc7032-Z-- --879e9b2f-A-- [21/Dec/2025:00:15:31.075522 +0530] aUbuy6v6JFXNWmyiLaW9CAAAAAc 54.159.98.248 42480 127.0.0.1 7081 --879e9b2f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/thread-self/root/etc/profile.d&viewfile=//proc/thread-self/root/etc/profile.d/apps-bin-path.sh HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.159.98.248 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --879e9b2f-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --879e9b2f-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /proc/thread-self/root/etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /proc/thread-self/root/etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUbuy6v6JFXNWmyiLaW9CAAAAAc"] Action: Intercepted (phase 2) Stopwatch: 1766256331072869 2908 (- - -) Stopwatch2: 1766256331072869 2908; combined=819, p1=447, p2=295, p3=0, p4=0, p5=77, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --879e9b2f-Z-- --d7394b38-A-- [21/Dec/2025:00:15:55.833811 +0530] aUbu4-e4i3EZmU1qdmyf8QAAAAk 3.217.82.254 39550 127.0.0.1 7081 --d7394b38-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//snap/core20/2582/etc/modules-load.d&viewfile=//snap/core20/2582/etc/modules-load.d/modules.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.217.82.254 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --d7394b38-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --d7394b38-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/modules" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/modules found within ARGS:path: /snap/core20/2582/etc/modules-load.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/modules" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/modules found within ARGS:path: /snap/core20/2582/etc/modules-load.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUbu4-e4i3EZmU1qdmyf8QAAAAk"] Action: Intercepted (phase 2) Stopwatch: 1766256355831351 2563 (- - -) Stopwatch2: 1766256355831351 2563; combined=760, p1=405, p2=274, p3=0, p4=0, p5=81, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --d7394b38-Z-- --94227128-A-- [21/Dec/2025:00:23:24.972863 +0530] aUbwpPG7vE1lDsZ1P4ZdzAAAAAo 138.199.35.5 42812 127.0.0.1 7081 --94227128-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.retaxis.com X-Real-IP: 138.199.35.5 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=5d013d313faf42108aa4559907e5c5cb1766256804 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --94227128-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 10:16:50 GMT ETag: "31b-621345b19387f" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --94227128-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.retaxis.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUbwpPG7vE1lDsZ1P4ZdzAAAAAo"] Action: Intercepted (phase 2) Stopwatch: 1766256804777530 195404 (- - -) Stopwatch2: 1766256804777530 195404; combined=386375, p1=338, p2=661, p3=0, p4=0, p5=192717, sr=102, sw=0, l=0, gc=192659 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --94227128-Z-- --126e8166-A-- [21/Dec/2025:00:30:52.594461 +0530] aUbyZGwrh2uMGkbEkdCDdwAAAAw 2.58.56.222 53924 127.0.0.1 7081 --126e8166-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 2.58.56.222 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --126e8166-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 07 Jan 2025 07:31:20 GMT ETag: "31b-62b18bb319e1b" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --126e8166-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.csquaretech.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUbyZGwrh2uMGkbEkdCDdwAAAAw"] Action: Intercepted (phase 2) Stopwatch: 1766257252591918 2647 (- - -) Stopwatch2: 1766257252591918 2647; combined=938, p1=336, p2=521, p3=0, p4=0, p5=81, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --126e8166-Z-- --50c3b72f-A-- [21/Dec/2025:00:32:35.062770 +0530] aUbyy_G7vE1lDsZ1P4ZfUwAAAAo 44.221.105.234 40944 127.0.0.1 7081 --50c3b72f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//usr/local/psa/phpMyAdmin&viewfile=//usr/local/psa/phpMyAdmin/composer.json HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.221.105.234 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --50c3b72f-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --50c3b72f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/composer.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/composer.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c%20bipas.phtml"] [unique_id "aUbyy_G7vE1lDsZ1P4ZfUwAAAAo"] Action: Intercepted (phase 1) Stopwatch: 1766257355061970 869 (- - -) Stopwatch2: 1766257355061970 869; combined=302, p1=241, p2=0, p3=0, p4=0, p5=61, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --50c3b72f-Z-- --1dfab70c-A-- [21/Dec/2025:00:33:17.818693 +0530] aUby9ccyJBReBIjBCrdzhwAAAAI 159.89.174.87 40710 127.0.0.1 7081 --1dfab70c-B-- GET /.env HTTP/1.0 Host: aarrambha.com X-Real-IP: 159.89.174.87 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (l9scan/2.0.5373e21353e21373e2839313; +https://leakix.net) Accept-Encoding: gzip --1dfab70c-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 09 Oct 2025 11:16:25 GMT ETag: "31b-640b7ee87ceaa" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --1dfab70c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aarrambha.com"] [uri "/.env"] [unique_id "aUby9ccyJBReBIjBCrdzhwAAAAI"] Action: Intercepted (phase 1) Stopwatch: 1766257397818055 703 (- - -) Stopwatch2: 1766257397818055 703; combined=263, p1=206, p2=0, p3=0, p4=0, p5=56, sr=95, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --1dfab70c-Z-- --3b35c17e-A-- [21/Dec/2025:00:33:20.009308 +0530] aUby9_G7vE1lDsZ1P4ZfdAAAAAo 159.89.174.87 40830 127.0.0.1 7081 --3b35c17e-B-- GET /.git/config HTTP/1.0 Host: aarrambha.com X-Real-IP: 159.89.174.87 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (l9scan/2.0.5373e21353e21373e2839313; +https://leakix.net) Accept-Encoding: gzip --3b35c17e-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 09 Oct 2025 11:16:25 GMT ETag: "31b-640b7ee87ceaa" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --3b35c17e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aarrambha.com"] [uri "/.git/config"] [unique_id "aUby9_G7vE1lDsZ1P4ZfdAAAAAo"] Action: Intercepted (phase 1) Stopwatch: 1766257399815455 193954 (- - -) Stopwatch2: 1766257399815455 193954; combined=386607, p1=220, p2=0, p3=0, p4=0, p5=193222, sr=102, sw=0, l=0, gc=193165 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --3b35c17e-Z-- --f4d43349-A-- [21/Dec/2025:00:40:13.098142 +0530] aUb0lRbW7SgiNduE9gztwwAAAAA 78.153.140.203 41938 127.0.0.1 7080 --f4d43349-B-- GET /.env HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 78.153.140.203 Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.10) Gecko/20071115 Firefox/2.0.0.10 --f4d43349-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --f4d43349-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/.env"] [unique_id "aUb0lRbW7SgiNduE9gztwwAAAAA"] Action: Intercepted (phase 1) Stopwatch: 1766257813097442 753 (- - -) Stopwatch2: 1766257813097442 753; combined=302, p1=232, p2=0, p3=0, p4=0, p5=70, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --f4d43349-Z-- --b4c11b6a-A-- [21/Dec/2025:00:40:14.461290 +0530] aUb0lphVowgDvL-ELO63hgAAAAk 78.153.140.203 41954 127.0.0.1 7080 --b4c11b6a-B-- GET /api/.env HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 78.153.140.203 Connection: close Accept: */* User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MAGWJS) --b4c11b6a-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --b4c11b6a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/api/.env"] [unique_id "aUb0lphVowgDvL-ELO63hgAAAAk"] Action: Intercepted (phase 1) Stopwatch: 1766257814460691 664 (- - -) Stopwatch2: 1766257814460691 664; combined=282, p1=223, p2=0, p3=0, p4=0, p5=59, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --b4c11b6a-Z-- --4c10841f-A-- [21/Dec/2025:00:40:14.831484 +0530] aUb0lqO0TE2x6t8xMgXIywAAAAg 78.153.140.203 41956 127.0.0.1 7080 --4c10841f-B-- GET /backend/.env HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 78.153.140.203 Connection: close Accept: */* User-Agent: Opera/9.51 (Windows NT 5.1; U; es-LA) --4c10841f-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --4c10841f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/backend/.env"] [unique_id "aUb0lqO0TE2x6t8xMgXIywAAAAg"] Action: Intercepted (phase 1) Stopwatch: 1766257814830800 765 (- - -) Stopwatch2: 1766257814830800 765; combined=341, p1=264, p2=0, p3=0, p4=0, p5=77, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --4c10841f-Z-- --a54eba70-A-- [21/Dec/2025:00:40:16.220939 +0530] aUb0mBbW7SgiNduE9gztygAAAAA 78.153.140.203 41970 127.0.0.1 7080 --a54eba70-B-- GET /admin/.env HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 78.153.140.203 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 --a54eba70-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --a54eba70-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/admin/.env"] [unique_id "aUb0mBbW7SgiNduE9gztygAAAAA"] Action: Intercepted (phase 1) Stopwatch: 1766257816220330 663 (- - -) Stopwatch2: 1766257816220330 663; combined=301, p1=231, p2=0, p3=0, p4=0, p5=70, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --a54eba70-Z-- --3c785e71-A-- [21/Dec/2025:00:40:16.615191 +0530] aUb0mBbW7SgiNduE9gztywAAAAA 78.153.140.203 53352 127.0.0.1 7080 --3c785e71-B-- GET /.env.example HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 78.153.140.203 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; zh-cn) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 --3c785e71-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --3c785e71-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/.env.example"] [unique_id "aUb0mBbW7SgiNduE9gztywAAAAA"] Action: Intercepted (phase 1) Stopwatch: 1766257816614598 656 (- - -) Stopwatch2: 1766257816614598 656; combined=287, p1=225, p2=0, p3=0, p4=0, p5=62, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --3c785e71-Z-- --16a1290e-A-- [21/Dec/2025:00:40:44.791185 +0530] aUb0tLaMKRqSPTQVk9DoHAAAAAE 152.42.163.164 45776 127.0.0.1 7080 --16a1290e-B-- GET /.env HTTP/1.0 Host: demo.getcalley.com X-Real-IP: 152.42.163.164 Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0 Accept-Encoding: gzip, deflate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --16a1290e-F-- HTTP/1.1 403 Forbidden Content-Length: 267 Connection: close Content-Type: text/html; charset=iso-8859-1 --16a1290e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "demo.getcalley.com"] [uri "/.env"] [unique_id "aUb0tLaMKRqSPTQVk9DoHAAAAAE"] Action: Intercepted (phase 1) Stopwatch: 1766257844790535 715 (- - -) Stopwatch2: 1766257844790535 715; combined=310, p1=239, p2=0, p3=0, p4=0, p5=71, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --16a1290e-Z-- --06f2cd5a-A-- [21/Dec/2025:00:41:18.809538 +0530] aUb01h2THs66kF7tXMy_PAAAAAM 164.90.208.56 41192 127.0.0.1 7081 --06f2cd5a-B-- GET /.env HTTP/1.0 Host: deccanmarketing.com X-Real-IP: 164.90.208.56 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (l9scan/2.0.5373e21353e21373e2839313; +https://leakix.net) Accept-Encoding: gzip --06f2cd5a-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 17 Jul 2025 13:00:32 GMT ETag: "31b-63a1f9835c70c" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --06f2cd5a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deccanmarketing.com"] [uri "/.env"] [unique_id "aUb01h2THs66kF7tXMy_PAAAAAM"] Action: Intercepted (phase 1) Stopwatch: 1766257878807867 1738 (- - -) Stopwatch2: 1766257878807867 1738; combined=322, p1=265, p2=0, p3=0, p4=0, p5=56, sr=111, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --06f2cd5a-Z-- --70f93462-A-- [21/Dec/2025:00:41:21.160870 +0530] aUb02R2THs66kF7tXMy_PgAAAAM 164.90.208.56 41308 127.0.0.1 7081 --70f93462-B-- GET /.git/config HTTP/1.0 Host: deccanmarketing.com X-Real-IP: 164.90.208.56 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (l9scan/2.0.5373e21353e21373e2839313; +https://leakix.net) Accept-Encoding: gzip --70f93462-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 17 Jul 2025 13:00:32 GMT ETag: "31b-63a1f9835c70c" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --70f93462-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deccanmarketing.com"] [uri "/.git/config"] [unique_id "aUb02R2THs66kF7tXMy_PgAAAAM"] Action: Intercepted (phase 1) Stopwatch: 1766257881160220 713 (- - -) Stopwatch2: 1766257881160220 713; combined=275, p1=222, p2=0, p3=0, p4=0, p5=53, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --70f93462-Z-- --99582131-A-- [21/Dec/2025:00:46:27.653490 +0530] aUb2C4ch6FpFleYRI6LCSwAAAA0 4.213.181.235 54086 127.0.0.1 7081 --99582131-B-- GET /images/stories/w.php HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 4.213.181.235 X-Forwarded-For: 86.22.67.244 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (iPad; CPU OS 16_7_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1 Referer: https://www.google.com/ Accept: text/html, application/xhtml+xml, application/xml; q=0.9, image/webp, */*; q=0.8 Accept-Language: en-US, en; q=0.5 Upgrade-Insecure-Requests: 1 DNT: 1 Cookie: wordpress_test_cookie=WP%20Cookie%20check --99582131-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 07 Jan 2025 07:31:20 GMT ETag: "31b-62b18bb319e1b" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --99582131-H-- Message: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.csquaretech.com"] [uri "/images/stories/w.php"] [unique_id "aUb2C4ch6FpFleYRI6LCSwAAAA0"] Action: Intercepted (phase 2) Stopwatch: 1766258187650887 2690 (- - -) Stopwatch2: 1766258187650887 2690; combined=1072, p1=335, p2=684, p3=0, p4=0, p5=52, sr=99, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --99582131-Z-- --3bf8e92f-A-- [21/Dec/2025:00:48:04.156086 +0530] aUb2bPtoAIFAt7vkkzrHGgAAAAk 34.197.28.78 44304 127.0.0.1 7081 --3bf8e92f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/self/root/etc/init.d&viewfile=//proc/self/root/etc/init.d/mariadb HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.197.28.78 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --3bf8e92f-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --3bf8e92f-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /proc/self/root/etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /proc/self/root/etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUb2bPtoAIFAt7vkkzrHGgAAAAk"] Action: Intercepted (phase 2) Stopwatch: 1766258284153398 2780 (- - -) Stopwatch2: 1766258284153398 2780; combined=947, p1=499, p2=324, p3=0, p4=0, p5=124, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --3bf8e92f-Z-- --83d72053-A-- [21/Dec/2025:00:51:11.098955 +0530] aUb3J7aMKRqSPTQVk9DqQgAAAAE 44.193.102.198 43834 127.0.0.1 7081 --83d72053-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//usr/share/psa-roundcube/plugins/http_authentication&viewfile=//usr/share/psa-roundcube/plugins/http_authentication/config.inc.php.dist HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.193.102.198 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --83d72053-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --83d72053-H-- Message: Access denied with code 403 (phase 2). Matched phrase "config.inc.php" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: config.inc.php found within ARGS:viewfile: /usr/share/psa-roundcube/plugins/http_authentication/config.inc.php.dist"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "config.inc.php" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: config.inc.php found within ARGS:viewfile: /usr/share/psa-roundcube/plugins/http_authentication/config.inc.php.dist"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUb3J7aMKRqSPTQVk9DqQgAAAAE"] Action: Intercepted (phase 2) Stopwatch: 1766258471097308 1713 (- - -) Stopwatch2: 1766258471097308 1713; combined=647, p1=390, p2=210, p3=0, p4=0, p5=47, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --83d72053-Z-- --97182c20-A-- [21/Dec/2025:00:52:47.902554 +0530] aUb3h7dfJV6Of4TDNnz3ggAAAAI 34.195.248.30 60172 127.0.0.1 7081 --97182c20-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/self/root/etc&viewfile=//proc/self/root/etc/modules HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.195.248.30 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --97182c20-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --97182c20-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/modules" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/modules found within ARGS:viewfile: /proc/self/root/etc/modules"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/modules" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/modules found within ARGS:viewfile: /proc/self/root/etc/modules"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUb3h7dfJV6Of4TDNnz3ggAAAAI"] Action: Intercepted (phase 2) Stopwatch: 1766258567899798 2833 (- - -) Stopwatch2: 1766258567899798 2833; combined=878, p1=434, p2=378, p3=0, p4=0, p5=66, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --97182c20-Z-- --1137fb5a-A-- [21/Dec/2025:00:58:41.195660 +0530] aUb46R2THs66kF7tXMzFTgAAAAM 162.158.108.96 55946 127.0.0.1 7080 --1137fb5a-B-- GET /images/stories/themes.php HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 162.158.108.96 X-Forwarded-For: 194.5.82.26 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36 cf-ray: 9b118b50caa0fd1c-SIN Insecure-Flag: 1 cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 194.5.82.26 CF-IPCountry: SG CF-Visitor: {"scheme":"http"} X-Forwarded-Proto: http accept-encoding: gzip --1137fb5a-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --1137fb5a-H-- Message: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.superrefrigerations.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.superrefrigerations.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.superrefrigerations.com"] [uri "/images/stories/themes.php"] [unique_id "aUb46R2THs66kF7tXMzFTgAAAAM"] Action: Intercepted (phase 2) Stopwatch: 1766258921193560 2193 (- - -) Stopwatch2: 1766258921193560 2193; combined=1025, p1=425, p2=543, p3=0, p4=0, p5=57, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --1137fb5a-Z-- --3af7181a-A-- [21/Dec/2025:01:22:55.793928 +0530] aUb-l5H0YbLAFsr9kXuMmgAAAAs 44.208.223.68 41134 127.0.0.1 7081 --3af7181a-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/thread-self/root/etc&viewfile=//proc/thread-self/root/etc/aliases HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.208.223.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --3af7181a-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --3af7181a-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/alias" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/alias found within ARGS:viewfile: /proc/thread-self/root/etc/aliases"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/alias" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/alias found within ARGS:viewfile: /proc/thread-self/root/etc/aliases"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUb-l5H0YbLAFsr9kXuMmgAAAAs"] Action: Intercepted (phase 2) Stopwatch: 1766260375791841 2154 (- - -) Stopwatch2: 1766260375791841 2154; combined=629, p1=356, p2=213, p3=0, p4=0, p5=60, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --3af7181a-Z-- --8e372b6c-A-- [21/Dec/2025:01:25:47.745753 +0530] aUb_Qwk1U0qdcz-1L_6OLgAAAAc 157.245.36.108 58100 127.0.0.1 7081 --8e372b6c-B-- GET /.env HTTP/1.0 Host: deckstorynew.cstechns.com X-Real-IP: 157.245.36.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (l9scan/2.0.5373e21353e21373e2839313; +https://leakix.net) Accept-Encoding: gzip --8e372b6c-F-- HTTP/1.1 503 Service Unavailable Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "396-62143b366eaa6" Accept-Ranges: bytes Content-Length: 918 Connection: close Content-Type: text/html --8e372b6c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deckstorynew.cstechns.com"] [uri "/.env"] [unique_id "aUb_Qwk1U0qdcz-1L_6OLgAAAAc"] Action: Intercepted (phase 1) Stopwatch: 1766260547744823 996 (- - -) Stopwatch2: 1766260547744823 996; combined=269, p1=203, p2=0, p3=0, p4=0, p5=66, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --8e372b6c-Z-- --9bda2c69-A-- [21/Dec/2025:01:25:49.715455 +0530] aUb_RbdfJV6Of4TDNnwEvQAAAAI 157.245.36.108 58434 127.0.0.1 7081 --9bda2c69-B-- GET /.git/config HTTP/1.0 Host: deckstorynew.cstechns.com X-Real-IP: 157.245.36.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (l9scan/2.0.5373e21353e21373e2839313; +https://leakix.net) Accept-Encoding: gzip --9bda2c69-F-- HTTP/1.1 503 Service Unavailable Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "396-62143b366eaa6" Accept-Ranges: bytes Content-Length: 918 Connection: close Content-Type: text/html --9bda2c69-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deckstorynew.cstechns.com"] [uri "/.git/config"] [unique_id "aUb_RbdfJV6Of4TDNnwEvQAAAAI"] Action: Intercepted (phase 1) Stopwatch: 1766260549714512 1040 (- - -) Stopwatch2: 1766260549714512 1040; combined=377, p1=296, p2=0, p3=0, p4=0, p5=80, sr=124, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --9bda2c69-Z-- --0228c27a-A-- [21/Dec/2025:01:29:49.110526 +0530] aUcANUvtUXXrfqimN1NwlwAAAAA 204.76.203.25 38068 127.0.0.1 7081 --0228c27a-B-- GET /.env HTTP/1.0 Host: namma.cstechns.com X-Real-IP: 204.76.203.25 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.3 Accept-Encoding: identity --0228c27a-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "31b-62143b366eaa6" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --0228c27a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "namma.cstechns.com"] [uri "/.env"] [unique_id "aUcANUvtUXXrfqimN1NwlwAAAAA"] Action: Intercepted (phase 1) Stopwatch: 1766260789109877 715 (- - -) Stopwatch2: 1766260789109877 715; combined=254, p1=200, p2=0, p3=0, p4=0, p5=54, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --0228c27a-Z-- --e97a8f26-A-- [21/Dec/2025:01:38:29.722062 +0530] aUcCPdEc2ZAsFnknQ5-WVgAAAAM 2.58.56.222 57030 127.0.0.1 7081 --e97a8f26-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: remisai.org X-Real-IP: 2.58.56.222 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --e97a8f26-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 16 Dec 2025 08:11:58 GMT ETag: "31b-6460d481681bc" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --e97a8f26-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||remisai.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||remisai.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "remisai.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUcCPdEc2ZAsFnknQ5-WVgAAAAM"] Action: Intercepted (phase 2) Stopwatch: 1766261309720130 1995 (- - -) Stopwatch2: 1766261309720130 1995; combined=784, p1=293, p2=439, p3=0, p4=0, p5=52, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --e97a8f26-Z-- --76621c5b-A-- [21/Dec/2025:01:38:38.122174 +0530] aUcCRg6Af35eHN9xBnwwxwAAAAE 2.58.56.222 35576 127.0.0.1 7081 --76621c5b-B-- POST //xmlrpc.php HTTP/1.0 Host: remisai.org X-Real-IP: 2.58.56.222 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --76621c5b-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 16 Dec 2025 08:11:58 GMT ETag: "31b-6460d481681bc" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --76621c5b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 2.58.56.222 (+1 hits since last alert)|remisai.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 2.58.56.222 (+1 hits since last alert)|remisai.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "remisai.org"] [uri "/xmlrpc.php"] [unique_id "aUcCRg6Af35eHN9xBnwwxwAAAAE"] Action: Intercepted (phase 2) Stopwatch: 1766261318119249 2994 (- - -) Stopwatch2: 1766261318119249 2994; combined=1741, p1=376, p2=1146, p3=0, p4=0, p5=141, sr=106, sw=78, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --76621c5b-Z-- --37e2d25c-A-- [21/Dec/2025:01:39:02.433573 +0530] aUcCXtEc2ZAsFnknQ5-WdAAAAAM 57.141.4.49 52688 127.0.0.1 7081 --37e2d25c-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?viewfile=//etc/security/group.conf&path=//etc/security HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 57.141.4.49 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) --37e2d25c-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --37e2d25c-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/security/group" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/group found within ARGS:viewfile: /etc/security/group.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/security/group" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/group found within ARGS:viewfile: /etc/security/group.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUcCXtEc2ZAsFnknQ5-WdAAAAAM"] Action: Intercepted (phase 2) Stopwatch: 1766261342431647 1995 (- - -) Stopwatch2: 1766261342431647 1995; combined=625, p1=361, p2=209, p3=0, p4=0, p5=55, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --37e2d25c-Z-- --ee1fa02c-A-- [21/Dec/2025:01:45:35.405885 +0530] aUcD50vtUXXrfqimN1N0QAAAAAA 2.57.122.225 45146 127.0.0.1 7081 --ee1fa02c-B-- GET /src/.git/config HTTP/1.0 Host: a2z.cstechns.com X-Real-IP: 2.57.122.225 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Dnt: 1 Upgrade-Insecure-Requests: 1 --ee1fa02c-F-- HTTP/1.1 503 Service Unavailable Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "396-62143b366eaa6" Accept-Ranges: bytes Content-Length: 918 Connection: close Content-Type: text/html --ee1fa02c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "a2z.cstechns.com"] [uri "/src/.git/config"] [unique_id "aUcD50vtUXXrfqimN1N0QAAAAAA"] Action: Intercepted (phase 1) Stopwatch: 1766261735404546 1446 (- - -) Stopwatch2: 1766261735404546 1446; combined=384, p1=301, p2=0, p3=0, p4=0, p5=83, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --ee1fa02c-Z-- --8157c004-A-- [21/Dec/2025:01:54:08.209410 +0530] aUcF6KR9OXhxY8gxjZRtkQAAAAg 185.150.190.153 46170 127.0.0.1 7081 --8157c004-B-- GET /.git/HEAD HTTP/1.0 Host: www.retaxis.com X-Real-IP: 185.150.190.153 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: curl/8.4.0 Accept-Encoding: gzip --8157c004-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 10:16:50 GMT ETag: "31b-621345b19387f" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --8157c004-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.retaxis.com"] [uri "/.git/HEAD"] [unique_id "aUcF6KR9OXhxY8gxjZRtkQAAAAg"] Action: Intercepted (phase 1) Stopwatch: 1766262248208565 930 (- - -) Stopwatch2: 1766262248208565 930; combined=328, p1=256, p2=0, p3=0, p4=0, p5=71, sr=107, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --8157c004-Z-- --aae7e061-A-- [21/Dec/2025:01:54:08.663213 +0530] aUcF6Kkg8q1Kt6mU-j7OmQAAAAQ 185.150.190.153 46234 127.0.0.1 7081 --aae7e061-B-- GET /.git/HEAD HTTP/1.0 Host: www.retaxis.com X-Real-IP: 185.150.190.153 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Accept: */* Accept-Encoding: identity Cache-Control: no-cache Pragma: no-cache --aae7e061-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 10:16:50 GMT ETag: "31b-621345b19387f" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --aae7e061-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.retaxis.com"] [uri "/.git/HEAD"] [unique_id "aUcF6Kkg8q1Kt6mU-j7OmQAAAAQ"] Action: Intercepted (phase 1) Stopwatch: 1766262248662223 1105 (- - -) Stopwatch2: 1766262248662223 1105; combined=393, p1=310, p2=0, p3=0, p4=0, p5=83, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --aae7e061-Z-- --4726c217-A-- [21/Dec/2025:01:54:09.097104 +0530] aUcF6Q6Af35eHN9xBnw1HAAAAAE 185.150.190.153 46290 127.0.0.1 7081 --4726c217-B-- GET /.git/HEAD HTTP/1.0 Host: www.retaxis.com X-Real-IP: 185.150.190.153 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/plain,*/*;q=0.9 Accept-Encoding: identity --4726c217-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 10:16:50 GMT ETag: "31b-621345b19387f" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --4726c217-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.retaxis.com"] [uri "/.git/HEAD"] [unique_id "aUcF6Q6Af35eHN9xBnw1HAAAAAE"] Action: Intercepted (phase 1) Stopwatch: 1766262249096480 691 (- - -) Stopwatch2: 1766262249096480 691; combined=248, p1=189, p2=0, p3=0, p4=0, p5=59, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --4726c217-Z-- --18145a0a-A-- [21/Dec/2025:01:54:11.066846 +0530] aUcF66kg8q1Kt6mU-j7OnAAAAAQ 185.150.190.153 46500 127.0.0.1 7081 --18145a0a-B-- GET /.git/HEAD HTTP/1.0 Host: www.retaxis.com X-Real-IP: 185.150.190.153 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Accept: */* Accept-Encoding: identity Cache-Control: no-cache Pragma: no-cache --18145a0a-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 10:16:50 GMT ETag: "31b-621345b19387f" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --18145a0a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.retaxis.com"] [uri "/.git/HEAD"] [unique_id "aUcF66kg8q1Kt6mU-j7OnAAAAAQ"] Action: Intercepted (phase 1) Stopwatch: 1766262251066201 738 (- - -) Stopwatch2: 1766262251066201 738; combined=256, p1=203, p2=0, p3=0, p4=0, p5=53, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --18145a0a-Z-- --bba6e148-A-- [21/Dec/2025:01:54:11.456372 +0530] aUcF6zGjnToIinAbRWqT0AAAAAM 185.150.190.153 46542 127.0.0.1 7081 --bba6e148-B-- GET /.git/HEAD HTTP/1.0 Host: www.retaxis.com X-Real-IP: 185.150.190.153 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/plain,*/*;q=0.9 Accept-Encoding: identity --bba6e148-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 10:16:50 GMT ETag: "31b-621345b19387f" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --bba6e148-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.retaxis.com"] [uri "/.git/HEAD"] [unique_id "aUcF6zGjnToIinAbRWqT0AAAAAM"] Action: Intercepted (phase 1) Stopwatch: 1766262251455647 795 (- - -) Stopwatch2: 1766262251455647 795; combined=268, p1=214, p2=0, p3=0, p4=0, p5=54, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --bba6e148-Z-- --9441f55a-A-- [21/Dec/2025:02:02:14.682479 +0530] aUcHzltjqhbUNAwQdqDq0gAAAAo 64.23.157.219 45450 127.0.0.1 7081 --9441f55a-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.rsda.in X-Real-IP: 64.23.157.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --9441f55a-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 12:36:11 GMT ETag: "31b-6214a6b4a5715" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --9441f55a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rsda.in"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUcHzltjqhbUNAwQdqDq0gAAAAo"] Action: Intercepted (phase 2) Stopwatch: 1766262734680359 2181 (- - -) Stopwatch2: 1766262734680359 2181; combined=847, p1=341, p2=452, p3=0, p4=0, p5=54, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --9441f55a-Z-- --a9315542-A-- [21/Dec/2025:02:03:31.282046 +0530] aUcIG4Jw882dzXuOVz-TaQAAAAk 77.83.39.157 41496 127.0.0.1 7081 --a9315542-B-- GET /.env HTTP/1.0 Host: cstech.in X-Forwarded-Http-Host: cstech.in:443 X-Real-IP: 77.83.39.157 Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 12_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 Safari/605.1.15 Version/12.2.1.0.4 Accept-Charset: utf-8 Accept-Encoding: gzip --a9315542-F-- HTTP/1.1 403 Forbidden Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --a9315542-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cstech.in"] [uri "/.env"] [unique_id "aUcIG4Jw882dzXuOVz-TaQAAAAk"] Action: Intercepted (phase 1) Stopwatch: 1766262811281510 595 (- - -) Stopwatch2: 1766262811281510 595; combined=267, p1=207, p2=0, p3=0, p4=0, p5=59, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --a9315542-Z-- --cb54195e-A-- [21/Dec/2025:02:03:34.147269 +0530] aUcIHoJw882dzXuOVz-TbAAAAAk 57.141.4.49 41720 127.0.0.1 7081 --cb54195e-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?viewfile=//etc/apache2/mods-available/autoindex.conf&path=//etc/apache2/mods-available HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 57.141.4.49 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) --cb54195e-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --cb54195e-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/apache2/mods-available/autoindex.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/apache2/mods-available/autoindex.conf found within ARGS:viewfile: /etc/apache2/mods-available/autoindex.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/apache2/mods-available/autoindex.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/apache2/mods-available/autoindex.conf found within ARGS:viewfile: /etc/apache2/mods-available/autoindex.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUcIHoJw882dzXuOVz-TbAAAAAk"] Action: Intercepted (phase 2) Stopwatch: 1766262814144821 2537 (- - -) Stopwatch2: 1766262814144821 2537; combined=853, p1=471, p2=300, p3=0, p4=0, p5=82, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --cb54195e-Z-- --4ed02c19-A-- [21/Dec/2025:02:18:58.775271 +0530] aUcLukgGk95WdSdd4wUTgAAAAAE 172.64.198.231 51522 127.0.0.1 7080 --4ed02c19-B-- GET /.env HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 172.64.198.231 X-Forwarded-For: 78.153.140.195 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* cf-ray: 9b1200ee1b5d7d8d-WAW User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SAMSUNG SM-G928T Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/3.4 Chrome/38.0.2125.102 Mobile Safari/537.36 cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 78.153.140.195 CF-IPCountry: GB CF-Visitor: {"scheme":"http"} X-Forwarded-Proto: http accept-encoding: gzip --4ed02c19-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --4ed02c19-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/.env"] [unique_id "aUcLukgGk95WdSdd4wUTgAAAAAE"] Action: Intercepted (phase 1) Stopwatch: 1766263738774236 1171 (- - -) Stopwatch2: 1766263738774236 1171; combined=389, p1=316, p2=0, p3=0, p4=0, p5=73, sr=152, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --4ed02c19-Z-- --dcb56f45-A-- [21/Dec/2025:02:18:58.873141 +0530] aUcLuqMiBIXuPDJOtE_v4gAAAA0 104.23.217.89 51534 127.0.0.1 7080 --dcb56f45-B-- GET /.env HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 104.23.217.89 X-Forwarded-For: 78.153.140.195 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* cf-ray: 9b1200eedda73ee7-ARN User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGL44VL Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36 cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 78.153.140.195 CF-IPCountry: GB CF-Visitor: {"scheme":"https"} X-Forwarded-Proto: https accept-encoding: gzip, br --dcb56f45-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --dcb56f45-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/.env"] [unique_id "aUcLuqMiBIXuPDJOtE_v4gAAAA0"] Action: Intercepted (phase 1) Stopwatch: 1766263738872059 1221 (- - -) Stopwatch2: 1766263738872059 1221; combined=424, p1=339, p2=0, p3=0, p4=0, p5=85, sr=165, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --dcb56f45-Z-- --b5acd436-A-- [21/Dec/2025:02:19:02.574576 +0530] aUcLvqMiBIXuPDJOtE_v6QAAAA0 104.23.223.77 51584 127.0.0.1 7080 --b5acd436-B-- GET /api/.env HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 104.23.223.77 X-Forwarded-For: 78.153.140.195 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* cf-ray: 9b120105dfeeb9db-ARN User-Agent: Mozilla/5.0 (Android 5.0.2; Tablet; rv:41.0) Gecko/41.0 Firefox/41.0 cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 78.153.140.195 CF-IPCountry: GB CF-Visitor: {"scheme":"http"} X-Forwarded-Proto: http accept-encoding: gzip --b5acd436-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --b5acd436-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/api/.env"] [unique_id "aUcLvqMiBIXuPDJOtE_v6QAAAA0"] Action: Intercepted (phase 1) Stopwatch: 1766263742573761 923 (- - -) Stopwatch2: 1766263742573761 923; combined=308, p1=235, p2=0, p3=0, p4=0, p5=72, sr=107, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --b5acd436-Z-- --6ca9284f-A-- [21/Dec/2025:02:19:03.688803 +0530] aUcLv7dfJV6Of4TDNnwSwAAAAAI 104.23.217.89 51606 127.0.0.1 7080 --6ca9284f-B-- GET /api/.env HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 104.23.217.89 X-Forwarded-For: 78.153.140.195 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* cf-ray: 9b12010da8f93ea1-ARN User-Agent: Mozilla/5.0 (Linux; Android 7.1; Pixel Build/NDE63H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36 cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 78.153.140.195 CF-IPCountry: GB CF-Visitor: {"scheme":"https"} X-Forwarded-Proto: https accept-encoding: gzip, br --6ca9284f-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --6ca9284f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/api/.env"] [unique_id "aUcLv7dfJV6Of4TDNnwSwAAAAAI"] Action: Intercepted (phase 1) Stopwatch: 1766263743688027 868 (- - -) Stopwatch2: 1766263743688027 868; combined=307, p1=239, p2=0, p3=0, p4=0, p5=68, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --6ca9284f-Z-- --40d39554-A-- [21/Dec/2025:02:19:06.507285 +0530] aUcLwltjqhbUNAwQdqDvJgAAAAo 172.64.198.231 38836 127.0.0.1 7080 --40d39554-B-- GET /dev/.env HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 172.64.198.231 X-Forwarded-For: 78.153.140.195 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* cf-ray: 9b12011f3a573137-WAW User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:44.0) Gecko/20100101 Firefox/44.0 cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 78.153.140.195 CF-IPCountry: GB CF-Visitor: {"scheme":"https"} X-Forwarded-Proto: https accept-encoding: gzip, br --40d39554-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --40d39554-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/dev/.env"] [unique_id "aUcLwltjqhbUNAwQdqDvJgAAAAo"] Action: Intercepted (phase 1) Stopwatch: 1766263746506572 819 (- - -) Stopwatch2: 1766263746506572 819; combined=285, p1=224, p2=0, p3=0, p4=0, p5=61, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --40d39554-Z-- --8f335818-A-- [21/Dec/2025:02:19:07.722350 +0530] aUcLw7dfJV6Of4TDNnwSxAAAAAI 104.23.221.111 38868 127.0.0.1 7080 --8f335818-B-- GET /admin/.env HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 104.23.221.111 X-Forwarded-For: 78.153.140.195 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* cf-ray: 9b120126e86ae07c-ARN User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36 OPR/46.0.2597.46 cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 78.153.140.195 CF-IPCountry: GB CF-Visitor: {"scheme":"https"} X-Forwarded-Proto: https accept-encoding: gzip, br --8f335818-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --8f335818-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/admin/.env"] [unique_id "aUcLw7dfJV6Of4TDNnwSxAAAAAI"] Action: Intercepted (phase 1) Stopwatch: 1766263747721629 811 (- - -) Stopwatch2: 1766263747721629 811; combined=290, p1=231, p2=0, p3=0, p4=0, p5=59, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --8f335818-Z-- --f9334e79-A-- [21/Dec/2025:02:19:08.333026 +0530] aUcLxFtjqhbUNAwQdqDvKAAAAAo 172.64.198.231 38870 127.0.0.1 7080 --f9334e79-B-- GET /laravel/.env HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 172.64.198.231 X-Forwarded-For: 78.153.140.195 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* cf-ray: 9b12012aac820935-WAW User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; ASU2JS; rv:11.0) like Gecko cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 78.153.140.195 CF-IPCountry: GB CF-Visitor: {"scheme":"https"} X-Forwarded-Proto: https accept-encoding: gzip, br --f9334e79-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --f9334e79-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/laravel/.env"] [unique_id "aUcLxFtjqhbUNAwQdqDvKAAAAAo"] Action: Intercepted (phase 1) Stopwatch: 1766263748332319 800 (- - -) Stopwatch2: 1766263748332319 800; combined=275, p1=214, p2=0, p3=0, p4=0, p5=61, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --f9334e79-Z-- --b1e4287c-A-- [21/Dec/2025:02:19:10.530542 +0530] aUcLxhoZ0IZsaLWKcIo-oAAAAAc 104.23.221.111 38884 127.0.0.1 7080 --b1e4287c-B-- GET /backend/.env HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 104.23.221.111 X-Forwarded-For: 78.153.140.195 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* cf-ray: 9b1201386836e0de-ARN User-Agent: Mozilla/5.0 (Linux; U; Android 2.2; en-us; SGH-T849 Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 78.153.140.195 CF-IPCountry: GB CF-Visitor: {"scheme":"https"} X-Forwarded-Proto: https accept-encoding: gzip, br --b1e4287c-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --b1e4287c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/backend/.env"] [unique_id "aUcLxhoZ0IZsaLWKcIo-oAAAAAc"] Action: Intercepted (phase 1) Stopwatch: 1766263750529779 893 (- - -) Stopwatch2: 1766263750529779 893; combined=293, p1=209, p2=0, p3=0, p4=0, p5=83, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --b1e4287c-Z-- --42dda57c-A-- [21/Dec/2025:02:19:12.933530 +0530] aUcLyP9jt-6d0S9ABnm8VQAAAAY 172.64.200.44 38894 127.0.0.1 7080 --42dda57c-B-- GET /.env.example HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 172.64.200.44 X-Forwarded-For: 78.153.140.195 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* cf-ray: 9b1201476e117054-WAW User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ja-JP) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 78.153.140.195 CF-IPCountry: GB CF-Visitor: {"scheme":"https"} X-Forwarded-Proto: https accept-encoding: gzip, br --42dda57c-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --42dda57c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/.env.example"] [unique_id "aUcLyP9jt-6d0S9ABnm8VQAAAAY"] Action: Intercepted (phase 1) Stopwatch: 1766263752932768 856 (- - -) Stopwatch2: 1766263752932768 856; combined=309, p1=246, p2=0, p3=0, p4=0, p5=63, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --42dda57c-Z-- --f90d1a6e-A-- [21/Dec/2025:02:19:13.709798 +0530] aUcLyRoZ0IZsaLWKcIo-pgAAAAc 104.23.223.77 38900 127.0.0.1 7080 --f90d1a6e-B-- GET /web/.env HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 104.23.223.77 X-Forwarded-For: 78.153.140.195 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* cf-ray: 9b12014c4a7a2aea-ARN User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.107 Safari/537.36 OPR/31.0.1889.99 cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 78.153.140.195 CF-IPCountry: GB CF-Visitor: {"scheme":"https"} X-Forwarded-Proto: https accept-encoding: gzip, br --f90d1a6e-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --f90d1a6e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/web/.env"] [unique_id "aUcLyRoZ0IZsaLWKcIo-pgAAAAc"] Action: Intercepted (phase 1) Stopwatch: 1766263753709093 796 (- - -) Stopwatch2: 1766263753709093 796; combined=306, p1=246, p2=0, p3=0, p4=0, p5=59, sr=129, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --f90d1a6e-Z-- --f30fb327-A-- [21/Dec/2025:02:19:14.392622 +0530] aUcLyrdfJV6Of4TDNnwSzwAAAAI 172.64.198.231 38904 127.0.0.1 7080 --f30fb327-B-- GET /.env.bak HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 172.64.198.231 X-Forwarded-For: 78.153.140.195 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* cf-ray: 9b12015089e13224-WAW User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0) cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 78.153.140.195 CF-IPCountry: GB CF-Visitor: {"scheme":"https"} X-Forwarded-Proto: https accept-encoding: gzip, br --f30fb327-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --f30fb327-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/.env.bak"] [unique_id "aUcLyrdfJV6Of4TDNnwSzwAAAAI"] Action: Intercepted (phase 1) Stopwatch: 1766263754391935 778 (- - -) Stopwatch2: 1766263754391935 778; combined=278, p1=214, p2=0, p3=0, p4=0, p5=64, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --f30fb327-Z-- --1f04035e-A-- [21/Dec/2025:02:19:15.112131 +0530] aUcLy7jzeFmRxxrOPjinBAAAAAA 162.158.103.149 38912 127.0.0.1 7080 --1f04035e-B-- GET /staging/.env HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 162.158.103.149 X-Forwarded-For: 78.153.140.195 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* cf-ray: 9b120154eb113bbb-WAW User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_4_11; nl-nl) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/4.1.3 Safari/533.19.4 cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 78.153.140.195 CF-IPCountry: GB CF-Visitor: {"scheme":"https"} X-Forwarded-Proto: https accept-encoding: gzip, br --1f04035e-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --1f04035e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/staging/.env"] [unique_id "aUcLy7jzeFmRxxrOPjinBAAAAAA"] Action: Intercepted (phase 1) Stopwatch: 1766263755110998 1237 (- - -) Stopwatch2: 1766263755110998 1237; combined=337, p1=231, p2=0, p3=0, p4=0, p5=106, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --1f04035e-Z-- --8934a653-A-- [21/Dec/2025:02:19:16.245460 +0530] aUcLzKMiBIXuPDJOtE_v9wAAAA0 172.68.183.41 38932 127.0.0.1 7080 --8934a653-B-- GET /core/.env HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 172.68.183.41 X-Forwarded-For: 78.153.140.195 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* cf-ray: 9b12015b6d202e10-ARN User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; en) Opera 8.02 cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 78.153.140.195 CF-IPCountry: GB CF-Visitor: {"scheme":"https"} X-Forwarded-Proto: https accept-encoding: gzip, br --8934a653-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --8934a653-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/core/.env"] [unique_id "aUcLzKMiBIXuPDJOtE_v9wAAAA0"] Action: Intercepted (phase 1) Stopwatch: 1766263756244702 849 (- - -) Stopwatch2: 1766263756244702 849; combined=282, p1=219, p2=0, p3=0, p4=0, p5=62, sr=104, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --8934a653-Z-- --b2ddfd33-A-- [21/Dec/2025:02:19:17.538810 +0530] aUcLzYJw882dzXuOVz-XOQAAAAk 172.64.200.44 46418 127.0.0.1 7080 --b2ddfd33-B-- GET /images/.env HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 172.64.200.44 X-Forwarded-For: 78.153.140.195 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* cf-ray: 9b1201643afb004c-WAW User-Agent: Opera/9.64 (X11; Linux i686; U; tr) Presto/2.1.1 cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 78.153.140.195 CF-IPCountry: GB CF-Visitor: {"scheme":"https"} X-Forwarded-Proto: https accept-encoding: gzip, br --b2ddfd33-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --b2ddfd33-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/images/.env"] [unique_id "aUcLzYJw882dzXuOVz-XOQAAAAk"] Action: Intercepted (phase 1) Stopwatch: 1766263757537842 1059 (- - -) Stopwatch2: 1766263757537842 1059; combined=270, p1=209, p2=0, p3=0, p4=0, p5=61, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --b2ddfd33-Z-- --2d1a435b-A-- [21/Dec/2025:02:19:18.213206 +0530] aUcLzoJw882dzXuOVz-XOgAAAAk 104.23.217.89 46432 127.0.0.1 7080 --2d1a435b-B-- GET /.env.save.1 HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 104.23.217.89 X-Forwarded-For: 78.153.140.195 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* cf-ray: 9b1201686cfd1656-ARN User-Agent: Mozilla/5.0 (Linux; Android 4.1.1; E270BSA Build/JRO03H) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Safari/535.19 cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 78.153.140.195 CF-IPCountry: GB CF-Visitor: {"scheme":"https"} X-Forwarded-Proto: https accept-encoding: gzip, br --2d1a435b-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --2d1a435b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/.env.save.1"] [unique_id "aUcLzoJw882dzXuOVz-XOgAAAAk"] Action: Intercepted (phase 1) Stopwatch: 1766263758212395 953 (- - -) Stopwatch2: 1766263758212395 953; combined=321, p1=253, p2=0, p3=0, p4=0, p5=68, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --2d1a435b-Z-- --7d416931-A-- [21/Dec/2025:02:19:18.638067 +0530] aUcLzhoZ0IZsaLWKcIo-rQAAAAc 172.64.198.231 46448 127.0.0.1 7080 --7d416931-B-- GET /.env.save HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 172.64.198.231 X-Forwarded-For: 78.153.140.195 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* cf-ray: 9b12016b0aff14cd-WAW User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.89 Safari/537.36 OPR/49.0.2725.47 (Edition Campaign 75) cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 78.153.140.195 CF-IPCountry: GB CF-Visitor: {"scheme":"https"} X-Forwarded-Proto: https accept-encoding: gzip, br --7d416931-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --7d416931-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/.env.save"] [unique_id "aUcLzhoZ0IZsaLWKcIo-rQAAAAc"] Action: Intercepted (phase 1) Stopwatch: 1766263758636810 1348 (- - -) Stopwatch2: 1766263758636810 1348; combined=239, p1=181, p2=0, p3=0, p4=0, p5=58, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --7d416931-Z-- --fc603d20-A-- [21/Dec/2025:02:27:55.313094 +0530] aUcN06MiBIXuPDJOtE_yAAAAAA0 64.23.157.219 60520 127.0.0.1 7081 --fc603d20-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 64.23.157.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --fc603d20-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 07 Jan 2025 07:31:20 GMT ETag: "31b-62b18bb319e1b" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --fc603d20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.csquaretech.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUcN06MiBIXuPDJOtE_yAAAAAA0"] Action: Intercepted (phase 2) Stopwatch: 1766264275310704 2452 (- - -) Stopwatch2: 1766264275310704 2452; combined=870, p1=330, p2=484, p3=0, p4=0, p5=56, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --fc603d20-Z-- --67d37e5f-A-- [21/Dec/2025:02:59:07.189999 +0530] aUcVI0gGk95WdSdd4wUdzgAAAAE 2.57.122.225 37438 127.0.0.1 7080 --67d37e5f-B-- GET /src/.git/config HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 2.57.122.225 Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Dnt: 1 Upgrade-Insecure-Requests: 1 --67d37e5f-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --67d37e5f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/src/.git/config"] [unique_id "aUcVI0gGk95WdSdd4wUdzgAAAAE"] Action: Intercepted (phase 1) Stopwatch: 1766266147189537 524 (- - -) Stopwatch2: 1766266147189537 524; combined=229, p1=173, p2=0, p3=0, p4=0, p5=56, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --67d37e5f-Z-- --306ff34a-A-- [21/Dec/2025:03:02:47.886154 +0530] aUcV_wnWaRI0zYspwT9HoQAAAAA 45.135.193.3 42100 127.0.0.1 7081 --306ff34a-B-- GET /.env HTTP/1.0 Host: deccanmarketing.com X-Real-IP: 45.135.193.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0 --306ff34a-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 17 Jul 2025 13:00:32 GMT ETag: "31b-63a1f9835c70c" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --306ff34a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deccanmarketing.com"] [uri "/.env"] [unique_id "aUcV_wnWaRI0zYspwT9HoQAAAAA"] Action: Intercepted (phase 1) Stopwatch: 1766266367885092 1141 (- - -) Stopwatch2: 1766266367885092 1141; combined=357, p1=298, p2=0, p3=0, p4=0, p5=59, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --306ff34a-Z-- --6b58b36f-A-- [21/Dec/2025:03:02:54.204763 +0530] aUcWBoJjfVxO1aQoUZGxWgAAAAs 45.135.193.3 42630 127.0.0.1 7081 --6b58b36f-B-- GET /api/.env HTTP/1.0 Host: deccanmarketing.com X-Real-IP: 45.135.193.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:17.0) Gecko/17.0 Firefox/17.0 --6b58b36f-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 17 Jul 2025 13:00:32 GMT ETag: "31b-63a1f9835c70c" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --6b58b36f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deccanmarketing.com"] [uri "/api/.env"] [unique_id "aUcWBoJjfVxO1aQoUZGxWgAAAAs"] Action: Intercepted (phase 1) Stopwatch: 1766266374203825 1044 (- - -) Stopwatch2: 1766266374203825 1044; combined=298, p1=224, p2=0, p3=0, p4=0, p5=73, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --6b58b36f-Z-- --d4c9b117-A-- [21/Dec/2025:03:02:56.356056 +0530] aUcWCI_mqFcicUbPk23gIAAAAAU 45.135.193.3 39406 127.0.0.1 7081 --d4c9b117-B-- GET /dev/.env HTTP/1.0 Host: deccanmarketing.com X-Real-IP: 45.135.193.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36 --d4c9b117-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 17 Jul 2025 13:00:32 GMT ETag: "31b-63a1f9835c70c" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --d4c9b117-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deccanmarketing.com"] [uri "/dev/.env"] [unique_id "aUcWCI_mqFcicUbPk23gIAAAAAU"] Action: Intercepted (phase 1) Stopwatch: 1766266376355341 782 (- - -) Stopwatch2: 1766266376355341 782; combined=295, p1=218, p2=0, p3=0, p4=0, p5=77, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --d4c9b117-Z-- --4b7ef073-A-- [21/Dec/2025:03:02:58.407136 +0530] aUcWCv9jt-6d0S9ABnnHcgAAAAY 45.135.193.3 39558 127.0.0.1 7081 --4b7ef073-B-- GET /admin/.env HTTP/1.0 Host: deccanmarketing.com X-Real-IP: 45.135.193.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; SAMSUNG-SGH-I727 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 --4b7ef073-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 17 Jul 2025 13:00:32 GMT ETag: "31b-63a1f9835c70c" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --4b7ef073-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deccanmarketing.com"] [uri "/admin/.env"] [unique_id "aUcWCv9jt-6d0S9ABnnHcgAAAAY"] Action: Intercepted (phase 1) Stopwatch: 1766266378406490 711 (- - -) Stopwatch2: 1766266378406490 711; combined=262, p1=208, p2=0, p3=0, p4=0, p5=53, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --4b7ef073-Z-- --0d52e35f-A-- [21/Dec/2025:03:02:58.873142 +0530] aUcWCjol3uwzMRZFSn7sYgAAAAc 45.135.193.3 39626 127.0.0.1 7081 --0d52e35f-B-- GET /laravel/.env HTTP/1.0 Host: deccanmarketing.com X-Real-IP: 45.135.193.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; Nexus 7 Build/JDQ39) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.123 Safari/537.22 OPR/14.0.1025.52315 --0d52e35f-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 17 Jul 2025 13:00:32 GMT ETag: "31b-63a1f9835c70c" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --0d52e35f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deccanmarketing.com"] [uri "/laravel/.env"] [unique_id "aUcWCjol3uwzMRZFSn7sYgAAAAc"] Action: Intercepted (phase 1) Stopwatch: 1766266378872435 772 (- - -) Stopwatch2: 1766266378872435 772; combined=282, p1=226, p2=0, p3=0, p4=0, p5=56, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --0d52e35f-Z-- --7e1b130b-A-- [21/Dec/2025:03:10:59.670776 +0530] aUcX66MiBIXuPDJOtE__AQAAAA0 18.233.24.238 36474 127.0.0.1 7081 --7e1b130b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/self/root/etc/apache2/mods-enabled&viewfile=//proc/self/root/etc/apache2/mods-enabled/mime.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 18.233.24.238 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --7e1b130b-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --7e1b130b-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/apache2/mods-enabled/mime.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/apache2/mods-enabled/mime.conf found within ARGS:viewfile: /proc/self/root/etc/apache2/mods-enabled/mime.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/apache2/mods-enabled/mime.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/apache2/mods-enabled/mime.conf found within ARGS:viewfile: /proc/self/root/etc/apache2/mods-enabled/mime.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUcX66MiBIXuPDJOtE__AQAAAA0"] Action: Intercepted (phase 2) Stopwatch: 1766266859668892 1960 (- - -) Stopwatch2: 1766266859668892 1960; combined=564, p1=300, p2=206, p3=0, p4=0, p5=58, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --7e1b130b-Z-- --3939ab52-A-- [21/Dec/2025:03:15:54.927205 +0530] aUcZEgnWaRI0zYspwT9NNwAAAAA 104.22.17.11 39894 127.0.0.1 7081 --3939ab52-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.sarvasya.com X-Real-IP: 104.22.17.11 X-Forwarded-For: 64.23.157.219 X-Accel-Internal: /internal-nginx-static-location Connection: close accept-encoding: gzip, br cf-ray: 9b1254561e8c6ce3-SJC user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 cdn-loop: cloudflare; loops=1 cf-connecting-ip: 64.23.157.219 cf-ipcountry: US cf-visitor: {"scheme":"https"} x-forwarded-proto: https --3939ab52-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:26:01 GMT ETag: "31b-62149705b580e" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --3939ab52-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.sarvasya.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.sarvasya.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.sarvasya.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUcZEgnWaRI0zYspwT9NNwAAAAA"] Action: Intercepted (phase 2) Stopwatch: 1766267154925203 2090 (- - -) Stopwatch2: 1766267154925203 2090; combined=856, p1=270, p2=534, p3=0, p4=0, p5=52, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --3939ab52-Z-- --32edd924-A-- [21/Dec/2025:03:24:15.873800 +0530] aUcbB6l5dBcXrmGKwfkxIAAAAAQ 57.141.4.25 46816 127.0.0.1 7081 --32edd924-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//sys/bus/memory/devices/memory125/subsystem/devices/memory76/subsystem/devices/memory83/subsystem/devices/memory120/subsystem/devices/memory4/subsystem/devices/memory120/subsystem/devices/memory105/node0/cpu6 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 57.141.4.25 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) --32edd924-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 --32edd924-H-- Message: collections_remove_stale: Failed deleting collection (name "ip", key "20.120.241.165_bec5a1ca15e7bd5f87964e2a44ce97b8a3b46508"): Internal error (specific information not available) Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "20.120.241.165_bec5a1ca15e7bd5f87964e2a44ce97b8a3b46508"): Internal error (specific information not available) [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUcbB6l5dBcXrmGKwfkxIAAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1766267655456375 417507 (- - -) Stopwatch2: 1766267655456375 417507; combined=816316, p1=376, p2=1875, p3=41, p4=44, p5=407024, sr=106, sw=0, l=0, gc=406956 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --32edd924-Z-- --2fa33a5c-A-- [21/Dec/2025:03:26:29.899258 +0530] aUcbjU8ItgvULLG9dydgFgAAAAU 2.57.122.225 35058 127.0.0.1 7081 --2fa33a5c-B-- GET /src/.git/config HTTP/1.0 Host: a2z.cstechns.com X-Real-IP: 2.57.122.225 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 14; SM-S918B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.193 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Dnt: 1 Upgrade-Insecure-Requests: 1 --2fa33a5c-F-- HTTP/1.1 503 Service Unavailable Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "396-62143b366eaa6" Accept-Ranges: bytes Content-Length: 918 Connection: close Content-Type: text/html --2fa33a5c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "a2z.cstechns.com"] [uri "/src/.git/config"] [unique_id "aUcbjU8ItgvULLG9dydgFgAAAAU"] Action: Intercepted (phase 1) Stopwatch: 1766267789898547 807 (- - -) Stopwatch2: 1766267789898547 807; combined=265, p1=210, p2=0, p3=0, p4=0, p5=55, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --2fa33a5c-Z-- --8e33c515-A-- [21/Dec/2025:03:31:30.946056 +0530] aUccul2_lRARvEmWv_ALnAAAAAI 44.215.210.112 49412 127.0.0.1 7081 --8e33c515-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//opt/psa/phpMyAdmin/vendor/ralouphie/getallheaders&viewfile=//opt/psa/phpMyAdmin/vendor/ralouphie/getallheaders/composer.json HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.215.210.112 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --8e33c515-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --8e33c515-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/composer.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/composer.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c%20bipas.phtml"] [unique_id "aUccul2_lRARvEmWv_ALnAAAAAI"] Action: Intercepted (phase 1) Stopwatch: 1766268090945270 874 (- - -) Stopwatch2: 1766268090945270 874; combined=314, p1=257, p2=0, p3=0, p4=0, p5=57, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --8e33c515-Z-- --63546f73-A-- [21/Dec/2025:03:33:17.409318 +0530] aUcdJSGtlxdAbL363bCMNwAAAAo 64.23.174.208 48852 127.0.0.1 7081 --63546f73-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.bspsons.com X-Real-IP: 64.23.174.208 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --63546f73-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 04:18:02 GMT ETag: "31b-6212f57eda023" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --63546f73-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.bspsons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.bspsons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.bspsons.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUcdJSGtlxdAbL363bCMNwAAAAo"] Action: Intercepted (phase 2) Stopwatch: 1766268197407357 2023 (- - -) Stopwatch2: 1766268197407357 2023; combined=785, p1=299, p2=436, p3=0, p4=0, p5=50, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --63546f73-Z-- --66233e79-A-- [21/Dec/2025:03:33:31.193073 +0530] aUcdMyGtlxdAbL363bCMRAAAAAo 54.83.240.58 49570 127.0.0.1 7081 --66233e79-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/thread-self/root/etc/dhcp&viewfile=//proc/thread-self/root/etc/dhcp/dhclient.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.83.240.58 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --66233e79-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --66233e79-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/dhcp/dhclient.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/dhcp/dhclient.conf found within ARGS:viewfile: /proc/thread-self/root/etc/dhcp/dhclient.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/dhcp/dhclient.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/dhcp/dhclient.conf found within ARGS:viewfile: /proc/thread-self/root/etc/dhcp/dhclient.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUcdMyGtlxdAbL363bCMRAAAAAo"] Action: Intercepted (phase 2) Stopwatch: 1766268211191058 2099 (- - -) Stopwatch2: 1766268211191058 2099; combined=690, p1=362, p2=245, p3=0, p4=0, p5=83, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --66233e79-Z-- --7e9b047d-A-- [21/Dec/2025:03:35:17.519519 +0530] aUcdnV2_lRARvEmWv_AM2gAAAAI 172.64.200.36 41994 127.0.0.1 7081 --7e9b047d-B-- GET /.env HTTP/1.0 Host: www.sarvasya.com X-Real-IP: 172.64.200.36 X-Forwarded-For: 78.153.140.222 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* cf-ray: 9b1270b67e4d6332-WAW user-agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; A210 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30 cdn-loop: cloudflare; loops=1 cf-connecting-ip: 78.153.140.222 cf-ipcountry: GB cf-visitor: {"scheme":"https"} x-forwarded-proto: https accept-encoding: gzip, br --7e9b047d-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:26:01 GMT ETag: "31b-62149705b580e" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --7e9b047d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarvasya.com"] [uri "/.env"] [unique_id "aUcdnV2_lRARvEmWv_AM2gAAAAI"] Action: Intercepted (phase 1) Stopwatch: 1766268317518657 992 (- - -) Stopwatch2: 1766268317518657 992; combined=349, p1=271, p2=0, p3=0, p4=0, p5=78, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --7e9b047d-Z-- --aa64886f-A-- [21/Dec/2025:03:36:18.942558 +0530] aUcd2j-KzRC7bw9U52PzoAAAAAM 3.94.199.128 47750 127.0.0.1 7081 --aa64886f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/thread-self/root/etc/modules-load.d&viewfile=//proc/thread-self/root/etc/modules-load.d/modules.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.94.199.128 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --aa64886f-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --aa64886f-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/modules" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/modules found within ARGS:path: /proc/thread-self/root/etc/modules-load.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/modules" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/modules found within ARGS:path: /proc/thread-self/root/etc/modules-load.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUcd2j-KzRC7bw9U52PzoAAAAAM"] Action: Intercepted (phase 2) Stopwatch: 1766268378940260 2385 (- - -) Stopwatch2: 1766268378940260 2385; combined=835, p1=476, p2=282, p3=0, p4=0, p5=77, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --aa64886f-Z-- --7057ce64-A-- [21/Dec/2025:03:49:25.642422 +0530] aUcg7al5dBcXrmGKwfk2jQAAAAQ 172.68.164.74 43684 127.0.0.1 7081 --7057ce64-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.68.164.74 X-Forwarded-For: 213.35.111.53 Connection: close accept-encoding: gzip, br cf-ray: 9b12856c8cc1fe8a-SIN user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36 cdn-loop: cloudflare; loops=1 cf-connecting-ip: 213.35.111.53 cf-ipcountry: SG cf-visitor: {"scheme":"https"} x-forwarded-proto: https cookie: wordpress_test_cookie=WP%20Cookie%20check --7057ce64-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 00:48:36 GMT ETag: "31b-6212c6aeef54c" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --7057ce64-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.getcalley.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUcg7al5dBcXrmGKwfk2jQAAAAQ"] Action: Intercepted (phase 2) Stopwatch: 1766269165639148 3396 (- - -) Stopwatch2: 1766269165639148 3396; combined=1545, p1=466, p2=1008, p3=0, p4=0, p5=71, sr=155, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --7057ce64-Z-- --73319d53-A-- [21/Dec/2025:04:04:51.730728 +0530] aUcki-n9vn3g_NfHsXDccAAAAAQ 64.23.233.1 59344 127.0.0.1 7081 --73319d53-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 64.23.233.1 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --73319d53-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 09:00:36 GMT ETag: "31b-621334a764ee0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --73319d53-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUcki-n9vn3g_NfHsXDccAAAAAQ"] Action: Intercepted (phase 2) Stopwatch: 1766270091727299 3522 (- - -) Stopwatch2: 1766270091727299 3522; combined=1259, p1=482, p2=697, p3=0, p4=0, p5=80, sr=158, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --73319d53-Z-- --25636c0e-A-- [21/Dec/2025:04:06:48.405914 +0530] aUclAKBpESSLDplT_K9t8gAAAAg 45.135.193.3 49964 127.0.0.1 7081 --25636c0e-B-- GET /.env HTTP/1.0 Host: www.rooferscombine.com X-Real-IP: 45.135.193.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 --25636c0e-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 13:25:42 GMT ETag: "31b-6214b1c60bbe1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --25636c0e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rooferscombine.com"] [uri "/.env"] [unique_id "aUclAKBpESSLDplT_K9t8gAAAAg"] Action: Intercepted (phase 1) Stopwatch: 1766270208405270 723 (- - -) Stopwatch2: 1766270208405270 723; combined=245, p1=198, p2=0, p3=0, p4=0, p5=47, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --25636c0e-Z-- --16ce0060-A-- [21/Dec/2025:04:06:56.046024 +0530] aUclCKBpESSLDplT_K9t-QAAAAg 57.141.4.6 50588 127.0.0.1 7081 --16ce0060-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?viewfile=//etc/apache2/mods-available/proxy.conf&path=//etc/apache2/mods-available HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 57.141.4.6 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) --16ce0060-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --16ce0060-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/apache2/mods-available/proxy.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/apache2/mods-available/proxy.conf found within ARGS:viewfile: /etc/apache2/mods-available/proxy.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/apache2/mods-available/proxy.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/apache2/mods-available/proxy.conf found within ARGS:viewfile: /etc/apache2/mods-available/proxy.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUclCKBpESSLDplT_K9t-QAAAAg"] Action: Intercepted (phase 2) Stopwatch: 1766270216044210 1880 (- - -) Stopwatch2: 1766270216044210 1880; combined=597, p1=334, p2=204, p3=0, p4=0, p5=58, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --16ce0060-Z-- --b217933a-A-- [21/Dec/2025:04:06:56.496800 +0530] aUclCE5dcQzj3lidTUgY4wAAAAI 45.135.193.3 50052 127.0.0.1 7081 --b217933a-B-- GET /api/.env HTTP/1.0 Host: www.rooferscombine.com X-Real-IP: 45.135.193.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/602.4.8 (KHTML, like Gecko) Version/10.0.3 Safari/602.4.8 --b217933a-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 13:25:42 GMT ETag: "31b-6214b1c60bbe1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --b217933a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rooferscombine.com"] [uri "/api/.env"] [unique_id "aUclCE5dcQzj3lidTUgY4wAAAAI"] Action: Intercepted (phase 1) Stopwatch: 1766270216496097 767 (- - -) Stopwatch2: 1766270216496097 767; combined=269, p1=214, p2=0, p3=0, p4=0, p5=55, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --b217933a-Z-- --79aecd10-A-- [21/Dec/2025:04:06:59.444894 +0530] aUclC_9jt-6d0S9ABnnXjwAAAAY 45.135.193.3 50346 127.0.0.1 7081 --79aecd10-B-- GET /dev/.env HTTP/1.0 Host: www.rooferscombine.com X-Real-IP: 45.135.193.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR) AppleWebKit/523.15 (KHTML, like Gecko) Version/3.0 Safari/523.15 --79aecd10-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 13:25:42 GMT ETag: "31b-6214b1c60bbe1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --79aecd10-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rooferscombine.com"] [uri "/dev/.env"] [unique_id "aUclC_9jt-6d0S9ABnnXjwAAAAY"] Action: Intercepted (phase 1) Stopwatch: 1766270219444223 734 (- - -) Stopwatch2: 1766270219444223 734; combined=261, p1=203, p2=0, p3=0, p4=0, p5=58, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --79aecd10-Z-- --44385131-A-- [21/Dec/2025:04:07:02.805301 +0530] aUclDv1C7BJpPiLBv3GP9QAAAAE 45.135.193.3 50612 127.0.0.1 7081 --44385131-B-- GET /admin/.env HTTP/1.0 Host: www.rooferscombine.com X-Real-IP: 45.135.193.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.15 --44385131-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 13:25:42 GMT ETag: "31b-6214b1c60bbe1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --44385131-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rooferscombine.com"] [uri "/admin/.env"] [unique_id "aUclDv1C7BJpPiLBv3GP9QAAAAE"] Action: Intercepted (phase 1) Stopwatch: 1766270222804406 979 (- - -) Stopwatch2: 1766270222804406 979; combined=278, p1=216, p2=0, p3=0, p4=0, p5=62, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --44385131-Z-- --bb25e22f-A-- [21/Dec/2025:04:07:03.321543 +0530] aUclDyCFDf80u-ZPfGHF4gAAAAw 45.135.193.3 50660 127.0.0.1 7081 --bb25e22f-B-- GET /laravel/.env HTTP/1.0 Host: www.rooferscombine.com X-Real-IP: 45.135.193.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.3) --bb25e22f-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 13:25:42 GMT ETag: "31b-6214b1c60bbe1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --bb25e22f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rooferscombine.com"] [uri "/laravel/.env"] [unique_id "aUclDyCFDf80u-ZPfGHF4gAAAAw"] Action: Intercepted (phase 1) Stopwatch: 1766270223320671 938 (- - -) Stopwatch2: 1766270223320671 938; combined=271, p1=212, p2=0, p3=0, p4=0, p5=59, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --bb25e22f-Z-- --c0a02752-A-- [21/Dec/2025:04:16:45.367119 +0530] aUcnVf9jt-6d0S9ABnnZVAAAAAY 59.126.247.219 37624 127.0.0.1 7081 --c0a02752-B-- GET /.env HTTP/1.0 Host: aarrambha.com X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) --c0a02752-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 09 Oct 2025 11:16:25 GMT ETag: "31b-640b7ee87ceaa" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --c0a02752-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aarrambha.com"] [uri "/.env"] [unique_id "aUcnVf9jt-6d0S9ABnnZVAAAAAY"] Action: Intercepted (phase 1) Stopwatch: 1766270805366418 763 (- - -) Stopwatch2: 1766270805366418 763; combined=290, p1=234, p2=0, p3=0, p4=0, p5=55, sr=114, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --c0a02752-Z-- --92952c18-A-- [21/Dec/2025:04:16:46.004138 +0530] aUcnVkZjNE-zgZtwxB12GgAAAAU 59.126.247.219 37678 127.0.0.1 7081 --92952c18-B-- GET /core/.env HTTP/1.0 Host: aarrambha.com X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) --92952c18-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 09 Oct 2025 11:16:25 GMT ETag: "31b-640b7ee87ceaa" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --92952c18-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aarrambha.com"] [uri "/core/.env"] [unique_id "aUcnVkZjNE-zgZtwxB12GgAAAAU"] Action: Intercepted (phase 1) Stopwatch: 1766270806003234 967 (- - -) Stopwatch2: 1766270806003234 967; combined=272, p1=214, p2=0, p3=0, p4=0, p5=57, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --92952c18-Z-- --93c7ca62-A-- [21/Dec/2025:04:16:46.739952 +0530] aUcnVuFMyAIK467bZFowhgAAAAo 59.126.247.219 54512 127.0.0.1 7081 --93c7ca62-B-- GET /.env.save HTTP/1.0 Host: aarrambha.com X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) --93c7ca62-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 09 Oct 2025 11:16:25 GMT ETag: "31b-640b7ee87ceaa" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --93c7ca62-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aarrambha.com"] [uri "/.env.save"] [unique_id "aUcnVuFMyAIK467bZFowhgAAAAo"] Action: Intercepted (phase 1) Stopwatch: 1766270806739006 1048 (- - -) Stopwatch2: 1766270806739006 1048; combined=275, p1=217, p2=0, p3=0, p4=0, p5=58, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --93c7ca62-Z-- --10bf170c-A-- [21/Dec/2025:04:16:47.329148 +0530] aUcnVy8HgPl4JHQFY2ZV9gAAAAs 59.126.247.219 54602 127.0.0.1 7081 --10bf170c-B-- GET /dash/.env HTTP/1.0 Host: aarrambha.com X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) --10bf170c-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 09 Oct 2025 11:16:25 GMT ETag: "31b-640b7ee87ceaa" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --10bf170c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aarrambha.com"] [uri "/dash/.env"] [unique_id "aUcnVy8HgPl4JHQFY2ZV9gAAAAs"] Action: Intercepted (phase 1) Stopwatch: 1766270807326320 2891 (- - -) Stopwatch2: 1766270807326320 2891; combined=276, p1=216, p2=0, p3=0, p4=0, p5=60, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --10bf170c-Z-- --46a5ac25-A-- [21/Dec/2025:04:16:47.329965 +0530] aUcnV2WKHGHSlEBFIJG43AAAAAQ 59.126.247.219 54608 127.0.0.1 7081 --46a5ac25-B-- GET /admin/.env HTTP/1.0 Host: aarrambha.com X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) --46a5ac25-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 09 Oct 2025 11:16:25 GMT ETag: "31b-640b7ee87ceaa" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --46a5ac25-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aarrambha.com"] [uri "/admin/.env"] [unique_id "aUcnV2WKHGHSlEBFIJG43AAAAAQ"] Action: Intercepted (phase 1) Stopwatch: 1766270807329400 625 (- - -) Stopwatch2: 1766270807329400 625; combined=226, p1=175, p2=0, p3=0, p4=0, p5=51, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --46a5ac25-Z-- --a50d711e-A-- [21/Dec/2025:04:16:47.332048 +0530] aUcnV-FMyAIK467bZFowiAAAAAo 59.126.247.219 54622 127.0.0.1 7081 --a50d711e-B-- GET /app/.env HTTP/1.0 Host: aarrambha.com X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) --a50d711e-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 09 Oct 2025 11:16:25 GMT ETag: "31b-640b7ee87ceaa" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --a50d711e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aarrambha.com"] [uri "/app/.env"] [unique_id "aUcnV-FMyAIK467bZFowiAAAAAo"] Action: Intercepted (phase 1) Stopwatch: 1766270807331481 626 (- - -) Stopwatch2: 1766270807331481 626; combined=231, p1=153, p2=0, p3=0, p4=0, p5=78, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --a50d711e-Z-- --06138950-A-- [21/Dec/2025:04:16:47.359504 +0530] aUcnV-FMyAIK467bZFowiQAAAAo 59.126.247.219 54668 127.0.0.1 7081 --06138950-B-- GET /.env.save HTTP/1.0 Host: www.aarrambha.com X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) --06138950-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 09 Oct 2025 11:16:25 GMT ETag: "31b-640b7ee87ceaa" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --06138950-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.aarrambha.com"] [uri "/.env.save"] [unique_id "aUcnV-FMyAIK467bZFowiQAAAAo"] Action: Intercepted (phase 1) Stopwatch: 1766270807358924 651 (- - -) Stopwatch2: 1766270807358924 651; combined=245, p1=192, p2=0, p3=0, p4=0, p5=53, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --06138950-Z-- --3215f861-A-- [21/Dec/2025:04:16:47.365902 +0530] aUcnVy8HgPl4JHQFY2ZV9wAAAAs 59.126.247.219 54654 127.0.0.1 7081 --3215f861-B-- GET /.env HTTP/1.0 Host: www.aarrambha.com X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) --3215f861-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 09 Oct 2025 11:16:25 GMT ETag: "31b-640b7ee87ceaa" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --3215f861-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.aarrambha.com"] [uri "/.env"] [unique_id "aUcnVy8HgPl4JHQFY2ZV9wAAAAs"] Action: Intercepted (phase 1) Stopwatch: 1766270807365168 796 (- - -) Stopwatch2: 1766270807365168 796; combined=233, p1=172, p2=0, p3=0, p4=0, p5=60, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --3215f861-Z-- --141c3115-A-- [21/Dec/2025:04:16:47.366266 +0530] aUcnV2WKHGHSlEBFIJG43QAAAAQ 59.126.247.219 54662 127.0.0.1 7081 --141c3115-B-- GET /core/.env HTTP/1.0 Host: www.aarrambha.com X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) --141c3115-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 09 Oct 2025 11:16:25 GMT ETag: "31b-640b7ee87ceaa" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --141c3115-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.aarrambha.com"] [uri "/core/.env"] [unique_id "aUcnV2WKHGHSlEBFIJG43QAAAAQ"] Action: Intercepted (phase 1) Stopwatch: 1766270807364099 2227 (- - -) Stopwatch2: 1766270807364099 2227; combined=266, p1=220, p2=0, p3=0, p4=0, p5=45, sr=101, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --141c3115-Z-- --9f0a6638-A-- [21/Dec/2025:04:16:47.489675 +0530] aUcnVy8HgPl4JHQFY2ZV-AAAAAs 59.126.247.219 54678 127.0.0.1 7081 --9f0a6638-B-- GET /app/.env HTTP/1.0 Host: www.aarrambha.com X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) --9f0a6638-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 09 Oct 2025 11:16:25 GMT ETag: "31b-640b7ee87ceaa" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --9f0a6638-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.aarrambha.com"] [uri "/app/.env"] [unique_id "aUcnVy8HgPl4JHQFY2ZV-AAAAAs"] Action: Intercepted (phase 1) Stopwatch: 1766270807488239 1500 (- - -) Stopwatch2: 1766270807488239 1500; combined=304, p1=212, p2=0, p3=0, p4=0, p5=91, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --9f0a6638-Z-- --1adc7354-A-- [21/Dec/2025:04:16:47.686171 +0530] aUcnV2vTDShuhFt-CToypAAAAAc 59.126.247.219 54708 127.0.0.1 7081 --1adc7354-B-- GET /admin/.env HTTP/1.0 Host: www.aarrambha.com X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) --1adc7354-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 09 Oct 2025 11:16:25 GMT ETag: "31b-640b7ee87ceaa" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --1adc7354-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.aarrambha.com"] [uri "/admin/.env"] [unique_id "aUcnV2vTDShuhFt-CToypAAAAAc"] Action: Intercepted (phase 1) Stopwatch: 1766270807685491 740 (- - -) Stopwatch2: 1766270807685491 740; combined=265, p1=207, p2=0, p3=0, p4=0, p5=58, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --1adc7354-Z-- --fdf37c78-A-- [21/Dec/2025:04:16:47.723884 +0530] aUcnV2WKHGHSlEBFIJG43wAAAAQ 59.126.247.219 54736 127.0.0.1 7081 --fdf37c78-B-- GET /dash/.env HTTP/1.0 Host: www.aarrambha.com X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) --fdf37c78-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 09 Oct 2025 11:16:25 GMT ETag: "31b-640b7ee87ceaa" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --fdf37c78-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.aarrambha.com"] [uri "/dash/.env"] [unique_id "aUcnV2WKHGHSlEBFIJG43wAAAAQ"] Action: Intercepted (phase 1) Stopwatch: 1766270807722340 1608 (- - -) Stopwatch2: 1766270807722340 1608; combined=274, p1=213, p2=0, p3=0, p4=0, p5=61, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --fdf37c78-Z-- --d9eaa465-A-- [21/Dec/2025:04:24:51.408835 +0530] aUcpO2WKHGHSlEBFIJG6uwAAAAQ 35.168.238.50 42560 127.0.0.1 7081 --d9eaa465-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/thread-self/root/etc&viewfile=//proc/thread-self/root/etc/issue.net HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 35.168.238.50 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --d9eaa465-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --d9eaa465-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/issue" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/issue found within ARGS:viewfile: /proc/thread-self/root/etc/issue.net"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/issue" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/issue found within ARGS:viewfile: /proc/thread-self/root/etc/issue.net"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUcpO2WKHGHSlEBFIJG6uwAAAAQ"] Action: Intercepted (phase 2) Stopwatch: 1766271291216141 192811 (- - -) Stopwatch2: 1766271291216141 192811; combined=382185, p1=321, p2=212, p3=0, p4=0, p5=190860, sr=81, sw=0, l=0, gc=190792 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --d9eaa465-Z-- --39857b69-A-- [21/Dec/2025:04:34:03.911714 +0530] aUcrY0ZjNE-zgZtwxB16EgAAAAU 66.249.65.72 52960 127.0.0.1 7081 --39857b69-B-- GET /?wc-ajax=%%endpoint%% HTTP/1.0 Host: www.remisai.org X-Real-IP: 66.249.65.72 X-Accel-Internal: /internal-nginx-static-location Connection: close AMP-Cache-Transform: google;v="1..8" Accept: text/html,application/xhtml+xml,application/signed-exchange;v=b3,application/xml;q=0.9,*/*;q=0.8 From: googlebot(at)googlebot.com User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.7390.122 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Accept-Encoding: gzip, deflate, br --39857b69-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 16 Dec 2025 08:11:58 GMT ETag: "31b-6460d481681bc" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --39857b69-H-- Message: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt||www.remisai.org|F|4"] [data "REQUEST_URI=/?wc-ajax=%%endpoint%%"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt||www.remisai.org|F|4"] [data "REQUEST_URI=/?wc-ajax=%%endpoint%%"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.remisai.org"] [uri "/"] [unique_id "aUcrY0ZjNE-zgZtwxB16EgAAAAU"] Action: Intercepted (phase 2) Stopwatch: 1766271843909063 2747 (- - -) Stopwatch2: 1766271843909063 2747; combined=1027, p1=366, p2=579, p3=0, p4=0, p5=82, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --39857b69-Z-- --36d96a34-A-- [21/Dec/2025:04:45:38.754534 +0530] aUcuGhtcThKmnT-wRwmosgAAAAU 172.56.220.10 39878 127.0.0.1 7081 --36d96a34-B-- GET /wp-content/themes/muzicon/style.css HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 172.56.220.10 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: text/css,*/*;q=0.1 sec-fetch-site: same-origin referer: https://www.tandonamit.com/ sec-fetch-dest: style accept-language: en-US,en;q=0.9 sec-fetch-mode: no-cors user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 26_2_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/143.0.7499.151 Mobile/15E148 Safari/604.1 priority: u=1, i accept-encoding: gzip, deflate, br --36d96a34-F-- HTTP/1.1 200 OK Vary: Accept-Encoding X-Accel-Version: 0.01 X-Accel-Redirect: /internal-nginx-static-location/wp-content/themes/muzicon/style.css Cache-Control: public Content-Length: 0 Connection: close Content-Type: text/css; charset=utf-8 --36d96a34-H-- Message: collections_remove_stale: Failed deleting collection (name "ip", key "20.120.241.165_3b9480af1e41b87a109d0f3b0403805cb1b80737"): Internal error (specific information not available) Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "20.120.241.165_3b9480af1e41b87a109d0f3b0403805cb1b80737"): Internal error (specific information not available) [hostname "www.tandonamit.com"] [uri "/wp-content/themes/muzicon/style.css"] [unique_id "aUcuGhtcThKmnT-wRwmosgAAAAU"] Stopwatch: 1766272538170648 584100 (- - -) Stopwatch2: 1766272538170648 584100; combined=1164219, p1=267, p2=1123, p3=23, p4=15, p5=581407, sr=73, sw=0, l=0, gc=581384 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --36d96a34-Z-- --2263a41a-A-- [21/Dec/2025:04:51:19.705235 +0530] aUcvb_1C7BJpPiLBv3Gb-AAAAAE 46.101.1.225 46056 127.0.0.1 7081 --2263a41a-B-- GET /.env HTTP/1.0 Host: www.medikonindia.com X-Real-IP: 46.101.1.225 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (l9scan/2.0.5373e21353e21373e2839313; +https://leakix.net) Accept-Encoding: gzip --2263a41a-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 12:49:02 GMT ETag: "31b-621367b68123d" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --2263a41a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.medikonindia.com"] [uri "/.env"] [unique_id "aUcvb_1C7BJpPiLBv3Gb-AAAAAE"] Action: Intercepted (phase 1) Stopwatch: 1766272879704489 813 (- - -) Stopwatch2: 1766272879704489 813; combined=315, p1=258, p2=0, p3=0, p4=0, p5=57, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --2263a41a-Z-- --b260e243-A-- [21/Dec/2025:04:51:21.706259 +0530] aUcvcRtcThKmnT-wRwmrlgAAAAU 46.101.1.225 46428 127.0.0.1 7081 --b260e243-B-- GET /.git/config HTTP/1.0 Host: www.medikonindia.com X-Real-IP: 46.101.1.225 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (l9scan/2.0.5373e21353e21373e2839313; +https://leakix.net) Accept-Encoding: gzip --b260e243-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 12:49:02 GMT ETag: "31b-621367b68123d" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --b260e243-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.medikonindia.com"] [uri "/.git/config"] [unique_id "aUcvcRtcThKmnT-wRwmrlgAAAAU"] Action: Intercepted (phase 1) Stopwatch: 1766272881705545 781 (- - -) Stopwatch2: 1766272881705545 781; combined=285, p1=227, p2=0, p3=0, p4=0, p5=58, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --b260e243-Z-- --c688f565-A-- [21/Dec/2025:04:58:59.870285 +0530] aUcxOySsETRUQV2kRGX0MwAAAAg 146.190.168.68 51148 127.0.0.1 7081 --c688f565-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: starcrest.in X-Real-IP: 146.190.168.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --c688f565-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 08 Oct 2025 12:53:18 GMT ETag: "31b-640a52b2c00e0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --c688f565-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||starcrest.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||starcrest.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "starcrest.in"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUcxOySsETRUQV2kRGX0MwAAAAg"] Action: Intercepted (phase 2) Stopwatch: 1766273339868140 2206 (- - -) Stopwatch2: 1766273339868140 2206; combined=812, p1=318, p2=440, p3=0, p4=0, p5=54, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --c688f565-Z-- --02dceb5c-A-- [21/Dec/2025:05:07:46.253877 +0530] aUczStcwhdcDcZAVJ-ZT9QAAAAU 204.76.203.25 36202 127.0.0.1 7081 --02dceb5c-B-- GET /.env HTTP/1.0 Host: lucidimaging.cstechns.com X-Real-IP: 204.76.203.25 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.3 Accept-Encoding: identity --02dceb5c-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "31b-62143b366eaa6" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --02dceb5c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lucidimaging.cstechns.com"] [uri "/.env"] [unique_id "aUczStcwhdcDcZAVJ-ZT9QAAAAU"] Action: Intercepted (phase 1) Stopwatch: 1766273866253204 738 (- - -) Stopwatch2: 1766273866253204 738; combined=274, p1=221, p2=0, p3=0, p4=0, p5=53, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --02dceb5c-Z-- --87ab5676-A-- [21/Dec/2025:05:08:19.059697 +0530] aUczay8HgPl4JHQFY2ZongAAAAs 188.166.220.97 39680 127.0.0.1 7081 --87ab5676-B-- GET /sftp-config.json HTTP/1.0 Host: www.retaxis.com X-Real-IP: 188.166.220.97 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --87ab5676-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 10:16:50 GMT ETag: "31b-621345b19387f" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --87ab5676-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.retaxis.com"] [uri "/sftp-config.json"] [unique_id "aUczay8HgPl4JHQFY2ZongAAAAs"] Action: Intercepted (phase 1) Stopwatch: 1766273899058886 909 (- - -) Stopwatch2: 1766273899058886 909; combined=298, p1=215, p2=0, p3=0, p4=0, p5=83, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --87ab5676-Z-- --55ab2b01-A-- [21/Dec/2025:05:10:10.649014 +0530] aUcz2q-1IIjMAkIV-t2KWgAAAAo 216.73.216.138 60978 127.0.0.1 7081 --55ab2b01-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fsys%2Fclass%2Finput%2Finput1%2Fsubsystem%2Fevent3%2Fsubsystem%2Finput4%2Fsubsystem%2Fevent3%2Fsubsystem%2Fmouse2 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.138 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --55ab2b01-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3528 Connection: close Content-Type: text/html; charset=UTF-8 --55ab2b01-E-- --55ab2b01-H-- Message: collections_remove_stale: Failed deleting collection (name "ip", key "68.178.206.206_bec5a1ca15e7bd5f87964e2a44ce97b8a3b46508"): Internal error (specific information not available) Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "68.178.206.206_bec5a1ca15e7bd5f87964e2a44ce97b8a3b46508"): Internal error (specific information not available) [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUcz2q-1IIjMAkIV-t2KWgAAAAo"] Apache-Handler: application/x-httpd-php Stopwatch: 1766274010236247 412838 (- - -) Stopwatch2: 1766274010236247 412838; combined=816500, p1=224, p2=1078, p3=32, p4=39, p5=407584, sr=75, sw=1, l=0, gc=407542 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --55ab2b01-Z-- --9cba991e-A-- [21/Dec/2025:05:18:41.945369 +0530] aUc12Q15-DmpfspMf6m3ZAAAAAg 64.23.174.208 45346 127.0.0.1 7081 --9cba991e-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: deccanmarketing.com X-Real-IP: 64.23.174.208 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --9cba991e-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 17 Jul 2025 13:00:32 GMT ETag: "31b-63a1f9835c70c" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --9cba991e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||deccanmarketing.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||deccanmarketing.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "deccanmarketing.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUc12Q15-DmpfspMf6m3ZAAAAAg"] Action: Intercepted (phase 2) Stopwatch: 1766274521943162 2270 (- - -) Stopwatch2: 1766274521943162 2270; combined=853, p1=318, p2=478, p3=0, p4=0, p5=57, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --9cba991e-Z-- --91b99400-A-- [21/Dec/2025:05:27:18.904684 +0530] aUc33tcwhdcDcZAVJ-ZbhgAAAAU 52.230.125.217 46284 127.0.0.1 7081 --91b99400-B-- GET /images/stories/w.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 52.230.125.217 X-Forwarded-For: 28.235.7.209 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36 Referer: https://www.google.com/ Accept: text/html, application/xhtml+xml, application/xml; q=0.9, image/webp, */*; q=0.8 Accept-Language: en-US, en; q=0.5 Upgrade-Insecure-Requests: 1 DNT: 1 Cookie: wordpress_test_cookie=WP%20Cookie%20check --91b99400-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 01 Apr 2025 09:55:02 GMT ETag: "31b-631b487d3bba1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --91b99400-H-- Message: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "archangledesignstudio.com"] [uri "/images/stories/w.php"] [unique_id "aUc33tcwhdcDcZAVJ-ZbhgAAAAU"] Action: Intercepted (phase 2) Stopwatch: 1766275038902264 2539 (- - -) Stopwatch2: 1766275038902264 2539; combined=1061, p1=323, p2=668, p3=0, p4=0, p5=70, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --91b99400-Z-- --4d4be00a-A-- [21/Dec/2025:05:37:01.192820 +0530] aUc6Je2eHYylPydBHlb_UQAAAAM 207.154.197.113 60294 127.0.0.1 7081 --4d4be00a-B-- GET /.env HTTP/1.0 Host: namma.cstechns.com X-Real-IP: 207.154.197.113 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (l9scan/2.0.5373e21353e21373e2839313; +https://leakix.net) Accept-Encoding: gzip --4d4be00a-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "31b-62143b366eaa6" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --4d4be00a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "namma.cstechns.com"] [uri "/.env"] [unique_id "aUc6Je2eHYylPydBHlb_UQAAAAM"] Action: Intercepted (phase 1) Stopwatch: 1766275621191908 977 (- - -) Stopwatch2: 1766275621191908 977; combined=292, p1=237, p2=0, p3=0, p4=0, p5=55, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --4d4be00a-Z-- --2534f158-A-- [21/Dec/2025:05:37:03.191710 +0530] aUc6J-2eHYylPydBHlb_UwAAAAM 207.154.197.113 60442 127.0.0.1 7081 --2534f158-B-- GET /.git/config HTTP/1.0 Host: namma.cstechns.com X-Real-IP: 207.154.197.113 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (l9scan/2.0.5373e21353e21373e2839313; +https://leakix.net) Accept-Encoding: gzip --2534f158-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "31b-62143b366eaa6" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --2534f158-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "namma.cstechns.com"] [uri "/.git/config"] [unique_id "aUc6J-2eHYylPydBHlb_UwAAAAM"] Action: Intercepted (phase 1) Stopwatch: 1766275623191012 765 (- - -) Stopwatch2: 1766275623191012 765; combined=277, p1=214, p2=0, p3=0, p4=0, p5=63, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --2534f158-Z-- --d66c2918-A-- [21/Dec/2025:05:38:40.674783 +0530] aUc6iE4Mz3B6ku_OSz8JlAAAAAk 207.154.212.47 51678 127.0.0.1 7081 --d66c2918-B-- GET /.env HTTP/1.0 Host: www.tryons.ai X-Real-IP: 207.154.212.47 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (l9scan/2.0.5373e21353e21373e2839313; +https://leakix.net) Accept-Encoding: gzip --d66c2918-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 07:47:58 GMT ETag: "31b-62146648d81bb" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --d66c2918-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tryons.ai"] [uri "/.env"] [unique_id "aUc6iE4Mz3B6ku_OSz8JlAAAAAk"] Action: Intercepted (phase 1) Stopwatch: 1766275720674092 755 (- - -) Stopwatch2: 1766275720674092 755; combined=274, p1=220, p2=0, p3=0, p4=0, p5=54, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --d66c2918-Z-- --95828d0e-A-- [21/Dec/2025:05:38:42.708050 +0530] aUc6ig15-DmpfspMf6m9VwAAAAg 207.154.212.47 51880 127.0.0.1 7081 --95828d0e-B-- GET /.git/config HTTP/1.0 Host: www.tryons.ai X-Real-IP: 207.154.212.47 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (l9scan/2.0.5373e21353e21373e2839313; +https://leakix.net) Accept-Encoding: gzip --95828d0e-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 07:47:58 GMT ETag: "31b-62146648d81bb" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --95828d0e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tryons.ai"] [uri "/.git/config"] [unique_id "aUc6ig15-DmpfspMf6m9VwAAAAg"] Action: Intercepted (phase 1) Stopwatch: 1766275722707098 1037 (- - -) Stopwatch2: 1766275722707098 1037; combined=266, p1=208, p2=0, p3=0, p4=0, p5=58, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --95828d0e-Z-- --a0fe8734-A-- [21/Dec/2025:05:51:52.678128 +0530] aUc9nxpJoER4cDbNUK7zzQAAAAA 183.192.188.15 44720 127.0.0.1 7081 --a0fe8734-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 183.192.188.15 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 525 sec-ch-ua-platform: "Linux" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36 sec-ch-ua: "Not;A=Brand";v="99", "Chromium", "Google Chrome" content-type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 accept: */* origin: https://www.retaxis.com sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://www.retaxis.com/sell/sell-organic-products-online accept-encoding: gzip, deflate, br, zstd accept-language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 priority: u=1, i cookie: _gcl_au=1.1.254103093.1766276510; _ga_PETSZCXF5J=GS2.1.s1766276510$o1$g1$t1766276510$j60$l0$h0; _ga=GA1.2.795378861.1766276510; _gid=GA1.2.1789188595.1766276510; _gat_UA-11096829-6=1; _fbp=fb.1.1766276511160.771206350126800402 --a0fe8734-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: _sfs_id=6d6fcc9b34ee826a13e0cc0a1c43ff0f1766276512; expires=Sun, 21 Dec 2025 01:21:52 GMT; Max-Age=3600; path=/; secure; HttpOnly Set-Cookie: PHPSESSID=1la51n6gb7oq7ivu0gp99ahhih; expires=Sat, 21 Mar 2026 00:21:52 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --a0fe8734-E-- --a0fe8734-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aUc9nxpJoER4cDbNUK7zzQAAAAA"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aUc9nxpJoER4cDbNUK7zzQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1766276511324462 1353870 (- - -) Stopwatch2: 1766276511324462 1353870; combined=4589, p1=835, p2=3382, p3=141, p4=42, p5=188, sr=167, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache WebApp-Info: "default" "1766276510" "-" Engine-Mode: "ENABLED" --a0fe8734-Z-- --65174d60-A-- [21/Dec/2025:05:54:22.730677 +0530] aUc-NusJXT82_KrW55tY6AAAAAQ 45.135.193.3 49940 127.0.0.1 7080 --65174d60-B-- GET /.env HTTP/1.0 Host: cstech.in X-Forwarded-Http-Host: cstech.in:80 X-Real-IP: 45.135.193.3 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Unknown; Linux) AppleWebKit/538.1 (KHTML, like Gecko) Chrome/v1.0.0 Safari/538.1 --65174d60-F-- HTTP/1.1 403 Forbidden Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --65174d60-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cstech.in"] [uri "/.env"] [unique_id "aUc-NusJXT82_KrW55tY6AAAAAQ"] Action: Intercepted (phase 1) Stopwatch: 1766276662729919 826 (- - -) Stopwatch2: 1766276662729919 826; combined=393, p1=314, p2=0, p3=0, p4=0, p5=79, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --65174d60-Z-- --c43d8045-A-- [21/Dec/2025:05:54:22.731626 +0530] aUc-Nsh9FUaJcpGHVEZBkwAAAAw 45.135.193.3 49954 127.0.0.1 7080 --c43d8045-B-- GET /.env HTTP/1.0 Host: www.cstech.in X-Forwarded-Http-Host: www.cstech.in:80 X-Real-IP: 45.135.193.3 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 --c43d8045-F-- HTTP/1.1 403 Forbidden Content-Length: 262 Connection: close Content-Type: text/html; charset=iso-8859-1 --c43d8045-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cstech.in"] [uri "/.env"] [unique_id "aUc-Nsh9FUaJcpGHVEZBkwAAAAw"] Action: Intercepted (phase 1) Stopwatch: 1766276662730992 709 (- - -) Stopwatch2: 1766276662730992 709; combined=308, p1=231, p2=0, p3=0, p4=0, p5=77, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --c43d8045-Z-- --e91aa964-A-- [21/Dec/2025:05:54:22.959620 +0530] aUc-NlczevQ-vBslB2QuQAAAAAU 45.135.193.3 58506 127.0.0.1 7081 --e91aa964-B-- GET /.env HTTP/1.0 Host: cstech.in X-Forwarded-Http-Host: cstech.in:443 X-Real-IP: 45.135.193.3 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.27 Safari/532.0 --e91aa964-F-- HTTP/1.1 403 Forbidden Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --e91aa964-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cstech.in"] [uri "/.env"] [unique_id "aUc-NlczevQ-vBslB2QuQAAAAAU"] Action: Intercepted (phase 1) Stopwatch: 1766276662959151 523 (- - -) Stopwatch2: 1766276662959151 523; combined=234, p1=181, p2=0, p3=0, p4=0, p5=53, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --e91aa964-Z-- --890ba807-A-- [21/Dec/2025:05:54:22.960745 +0530] aUc-Ng15-DmpfspMf6nAhwAAAAg 45.135.193.3 58522 127.0.0.1 7081 --890ba807-B-- GET /.env HTTP/1.0 Host: www.cstech.in X-Forwarded-Http-Host: www.cstech.in:443 X-Real-IP: 45.135.193.3 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 OPR/25.0.1614.71 --890ba807-F-- HTTP/1.1 403 Forbidden Content-Length: 263 Connection: close Content-Type: text/html; charset=iso-8859-1 --890ba807-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cstech.in"] [uri "/.env"] [unique_id "aUc-Ng15-DmpfspMf6nAhwAAAAg"] Action: Intercepted (phase 1) Stopwatch: 1766276662960319 479 (- - -) Stopwatch2: 1766276662960319 479; combined=221, p1=171, p2=0, p3=0, p4=0, p5=50, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --890ba807-Z-- --22e40169-A-- [21/Dec/2025:05:54:24.153997 +0530] aUc-OBpJoER4cDbNUK70ZQAAAAA 45.135.193.3 50006 127.0.0.1 7080 --22e40169-B-- GET /api/.env HTTP/1.0 Host: cstech.in X-Forwarded-Http-Host: cstech.in:80 X-Real-IP: 45.135.193.3 Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1 --22e40169-F-- HTTP/1.1 403 Forbidden Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --22e40169-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cstech.in"] [uri "/api/.env"] [unique_id "aUc-OBpJoER4cDbNUK70ZQAAAAA"] Action: Intercepted (phase 1) Stopwatch: 1766276664153531 535 (- - -) Stopwatch2: 1766276664153531 535; combined=224, p1=175, p2=0, p3=0, p4=0, p5=49, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --22e40169-Z-- --d8c45773-A-- [21/Dec/2025:05:54:24.327000 +0530] aUc-OPhx06NfK_1Xf1rDcAAAAAE 45.135.193.3 50020 127.0.0.1 7080 --d8c45773-B-- GET /api/.env HTTP/1.0 Host: www.cstech.in X-Forwarded-Http-Host: www.cstech.in:80 X-Real-IP: 45.135.193.3 Connection: close Accept: */* User-Agent: More Safari 2.0.4 user agents strings -->> --d8c45773-F-- HTTP/1.1 403 Forbidden Content-Length: 262 Connection: close Content-Type: text/html; charset=iso-8859-1 --d8c45773-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cstech.in"] [uri "/api/.env"] [unique_id "aUc-OPhx06NfK_1Xf1rDcAAAAAE"] Action: Intercepted (phase 1) Stopwatch: 1766276664326445 630 (- - -) Stopwatch2: 1766276664326445 630; combined=279, p1=216, p2=0, p3=0, p4=0, p5=62, sr=101, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --d8c45773-Z-- --2817697d-A-- [21/Dec/2025:05:55:33.706509 +0530] aUc-fQ15-DmpfspMf6nA0wAAAAg 142.93.143.8 52522 127.0.0.1 7081 --2817697d-B-- GET /.env HTTP/1.0 Host: www.best-website-designs.com X-Real-IP: 142.93.143.8 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (l9scan/2.0.5373e21353e21373e2839313; +https://leakix.net) Accept-Encoding: gzip --2817697d-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 29 Nov 2024 11:49:32 GMT ETag: "31b-6280bcad52275" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --2817697d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.best-website-designs.com"] [uri "/.env"] [unique_id "aUc-fQ15-DmpfspMf6nA0wAAAAg"] Action: Intercepted (phase 1) Stopwatch: 1766276733705726 874 (- - -) Stopwatch2: 1766276733705726 874; combined=319, p1=241, p2=0, p3=0, p4=0, p5=78, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --2817697d-Z-- --0a46f06b-A-- [21/Dec/2025:05:55:35.707100 +0530] aUc-fw15-DmpfspMf6nA1QAAAAg 142.93.143.8 52700 127.0.0.1 7081 --0a46f06b-B-- GET /.git/config HTTP/1.0 Host: www.best-website-designs.com X-Real-IP: 142.93.143.8 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (l9scan/2.0.5373e21353e21373e2839313; +https://leakix.net) Accept-Encoding: gzip --0a46f06b-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 29 Nov 2024 11:49:32 GMT ETag: "31b-6280bcad52275" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --0a46f06b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.best-website-designs.com"] [uri "/.git/config"] [unique_id "aUc-fw15-DmpfspMf6nA1QAAAAg"] Action: Intercepted (phase 1) Stopwatch: 1766276735706411 754 (- - -) Stopwatch2: 1766276735706411 754; combined=316, p1=224, p2=0, p3=0, p4=0, p5=92, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --0a46f06b-Z-- --770f7d7b-A-- [21/Dec/2025:06:34:27.473268 +0530] aUdHm62x8Uf27OTSxhWU6gAAACk 195.178.110.161 44856 127.0.0.1 7081 --770f7d7b-B-- GET /.git/config HTTP/1.0 Host: starcrest.in X-Real-IP: 195.178.110.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; MI 8 Build/PKQ1.180729.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044851 Mobile Safari/537.36 MMWEBID/2901 MicroMessenger/7.0.6.1460(0x2700066A) Process/tools NetType/4G Language/zh_CN Accept-Charset: utf-8 Accept-Encoding: gzip --770f7d7b-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 08 Oct 2025 12:53:18 GMT ETag: "31b-640a52b2c00e0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --770f7d7b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "starcrest.in"] [uri "/.git/config"] [unique_id "aUdHm62x8Uf27OTSxhWU6gAAACk"] Action: Intercepted (phase 1) Stopwatch: 1766279067472425 914 (- - -) Stopwatch2: 1766279067472425 914; combined=235, p1=181, p2=0, p3=0, p4=0, p5=54, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --770f7d7b-Z-- --f5378f37-A-- [21/Dec/2025:06:34:32.666269 +0530] aUdHoAchdOa68E2XXUmuJwAAADE 45.148.10.159 45916 127.0.0.1 7081 --f5378f37-B-- GET /.env HTTP/1.0 Host: best-website-designs.com X-Real-IP: 45.148.10.159 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0 --f5378f37-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 29 Nov 2024 11:49:32 GMT ETag: "31b-6280bcad52275" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --f5378f37-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "best-website-designs.com"] [uri "/.env"] [unique_id "aUdHoAchdOa68E2XXUmuJwAAADE"] Action: Intercepted (phase 1) Stopwatch: 1766279072665547 821 (- - -) Stopwatch2: 1766279072665547 821; combined=289, p1=212, p2=0, p3=0, p4=0, p5=77, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --f5378f37-Z-- --f45d8c24-A-- [21/Dec/2025:06:34:38.094507 +0530] aUdHpq2x8Uf27OTSxhWVBAAAACk 45.148.10.159 53766 127.0.0.1 7081 --f45d8c24-B-- GET /portal/.env HTTP/1.0 Host: best-website-designs.com X-Real-IP: 45.148.10.159 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0 --f45d8c24-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 29 Nov 2024 11:49:32 GMT ETag: "31b-6280bcad52275" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --f45d8c24-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "best-website-designs.com"] [uri "/portal/.env"] [unique_id "aUdHpq2x8Uf27OTSxhWVBAAAACk"] Action: Intercepted (phase 1) Stopwatch: 1766279078093946 624 (- - -) Stopwatch2: 1766279078093946 624; combined=224, p1=171, p2=0, p3=0, p4=0, p5=53, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --f45d8c24-Z-- --e04a7a58-A-- [21/Dec/2025:06:34:38.438193 +0530] aUdHphT-EuJaZdG5adJFwAAAADM 45.148.10.159 53820 127.0.0.1 7081 --e04a7a58-B-- GET /env/.env HTTP/1.0 Host: best-website-designs.com X-Real-IP: 45.148.10.159 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0 --e04a7a58-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 29 Nov 2024 11:49:32 GMT ETag: "31b-6280bcad52275" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --e04a7a58-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "best-website-designs.com"] [uri "/env/.env"] [unique_id "aUdHphT-EuJaZdG5adJFwAAAADM"] Action: Intercepted (phase 1) Stopwatch: 1766279078437224 1031 (- - -) Stopwatch2: 1766279078437224 1031; combined=256, p1=196, p2=0, p3=0, p4=0, p5=60, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --e04a7a58-Z-- --741d5268-A-- [21/Dec/2025:06:34:39.837674 +0530] aUdHpyCmXIPG3z7udcCa0gAAABo 45.148.10.159 54092 127.0.0.1 7081 --741d5268-B-- GET /api/.env HTTP/1.0 Host: best-website-designs.com X-Real-IP: 45.148.10.159 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0 --741d5268-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 29 Nov 2024 11:49:32 GMT ETag: "31b-6280bcad52275" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --741d5268-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "best-website-designs.com"] [uri "/api/.env"] [unique_id "aUdHpyCmXIPG3z7udcCa0gAAABo"] Action: Intercepted (phase 1) Stopwatch: 1766279079837058 676 (- - -) Stopwatch2: 1766279079837058 676; combined=251, p1=195, p2=0, p3=0, p4=0, p5=55, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --741d5268-Z-- --d0aaa90e-A-- [21/Dec/2025:06:34:40.158186 +0530] aUdHqBT-EuJaZdG5adJFxAAAADM 45.148.10.159 54146 127.0.0.1 7081 --d0aaa90e-B-- GET /app/.env HTTP/1.0 Host: best-website-designs.com X-Real-IP: 45.148.10.159 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0 --d0aaa90e-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 29 Nov 2024 11:49:32 GMT ETag: "31b-6280bcad52275" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --d0aaa90e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "best-website-designs.com"] [uri "/app/.env"] [unique_id "aUdHqBT-EuJaZdG5adJFxAAAADM"] Action: Intercepted (phase 1) Stopwatch: 1766279080156721 1527 (- - -) Stopwatch2: 1766279080156721 1527; combined=368, p1=291, p2=0, p3=0, p4=0, p5=76, sr=121, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --d0aaa90e-Z-- --97a52137-A-- [21/Dec/2025:06:34:40.546391 +0530] aUdHqBT-EuJaZdG5adJFxQAAADM 45.148.10.159 54214 127.0.0.1 7081 --97a52137-B-- GET /dev/.env HTTP/1.0 Host: best-website-designs.com X-Real-IP: 45.148.10.159 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0 --97a52137-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 29 Nov 2024 11:49:32 GMT ETag: "31b-6280bcad52275" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --97a52137-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "best-website-designs.com"] [uri "/dev/.env"] [unique_id "aUdHqBT-EuJaZdG5adJFxQAAADM"] Action: Intercepted (phase 1) Stopwatch: 1766279080545645 809 (- - -) Stopwatch2: 1766279080545645 809; combined=355, p1=295, p2=0, p3=0, p4=0, p5=60, sr=164, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --97a52137-Z-- --1c6a5779-A-- [21/Dec/2025:06:35:57.917719 +0530] aUdH9f15a5LS4wy3oGUe9gAAADI 66.85.173.57 54312 127.0.0.1 7081 --1c6a5779-B-- GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 66.85.173.57 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 --1c6a5779-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 07 Jan 2025 07:31:20 GMT ETag: "31b-62b18bb319e1b" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --1c6a5779-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.csquaretech.com|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.csquaretech.com|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.csquaretech.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aUdH9f15a5LS4wy3oGUe9gAAADI"] Action: Intercepted (phase 2) Stopwatch: 1766279157915290 2503 (- - -) Stopwatch2: 1766279157915290 2503; combined=751, p1=328, p2=365, p3=0, p4=0, p5=57, sr=99, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --1c6a5779-Z-- --724a0d3e-A-- [21/Dec/2025:06:37:11.819114 +0530] aUdIP48E07vso-lmGY83BAAAACo 2.57.122.225 39478 127.0.0.1 7081 --724a0d3e-B-- GET /www/.git/config HTTP/1.0 Host: a2z.cstechns.com X-Real-IP: 2.57.122.225 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 14; SAMSUNG SM-S918B) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/23.0 Chrome/115.0.0.0 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Dnt: 1 Upgrade-Insecure-Requests: 1 --724a0d3e-F-- HTTP/1.1 503 Service Unavailable Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "396-62143b366eaa6" Accept-Ranges: bytes Content-Length: 918 Connection: close Content-Type: text/html --724a0d3e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "a2z.cstechns.com"] [uri "/www/.git/config"] [unique_id "aUdIP48E07vso-lmGY83BAAAACo"] Action: Intercepted (phase 1) Stopwatch: 1766279231818389 837 (- - -) Stopwatch2: 1766279231818389 837; combined=269, p1=208, p2=0, p3=0, p4=0, p5=61, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --724a0d3e-Z-- --b1b9913d-A-- [21/Dec/2025:06:37:23.168658 +0530] aUdIS_15a5LS4wy3oGUfiQAAADI 162.158.48.248 51628 127.0.0.1 7081 --b1b9913d-B-- GET /.env HTTP/1.0 Host: www.sarvasya.com X-Real-IP: 162.158.48.248 X-Forwarded-For: 141.98.11.171 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 cf-ray: 9b137b739b65e4d9-RIX cdn-loop: cloudflare; loops=1 cf-connecting-ip: 141.98.11.171 cf-ipcountry: LT cf-visitor: {"scheme":"https"} x-forwarded-proto: https accept-encoding: gzip, br --b1b9913d-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:26:01 GMT ETag: "31b-62149705b580e" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --b1b9913d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarvasya.com"] [uri "/.env"] [unique_id "aUdIS_15a5LS4wy3oGUfiQAAADI"] Action: Intercepted (phase 1) Stopwatch: 1766279243167873 874 (- - -) Stopwatch2: 1766279243167873 874; combined=304, p1=239, p2=0, p3=0, p4=0, p5=65, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --b1b9913d-Z-- --d732394b-A-- [21/Dec/2025:06:37:23.769908 +0530] aUdIS6E3MB8EHFBTttBmJwAAACE 162.158.48.248 51706 127.0.0.1 7081 --d732394b-B-- GET /.env HTTP/1.0 Host: www.sarvasya.com X-Real-IP: 162.158.48.248 X-Forwarded-For: 141.98.11.171 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 cf-ray: 9b137b792d87e4d9-RIX cdn-loop: cloudflare; loops=1 cf-connecting-ip: 141.98.11.171 cf-ipcountry: LT cf-visitor: {"scheme":"https"} x-forwarded-proto: https accept-encoding: gzip, br --d732394b-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:26:01 GMT ETag: "31b-62149705b580e" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --d732394b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarvasya.com"] [uri "/.env"] [unique_id "aUdIS6E3MB8EHFBTttBmJwAAACE"] Action: Intercepted (phase 1) Stopwatch: 1766279243768914 1081 (- - -) Stopwatch2: 1766279243768914 1081; combined=293, p1=237, p2=0, p3=0, p4=0, p5=56, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --d732394b-Z-- --05b0ae1e-A-- [21/Dec/2025:06:39:13.437700 +0530] aUdIuY8E07vso-lmGY83cwAAACo 147.182.200.94 42342 127.0.0.1 7081 --05b0ae1e-B-- GET /.env HTTP/1.0 Host: vardan.cstechns.com X-Real-IP: 147.182.200.94 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (l9scan/2.0.5373e21353e21373e2839313; +https://leakix.net) Accept-Encoding: gzip --05b0ae1e-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "31b-62143b366eaa6" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --05b0ae1e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vardan.cstechns.com"] [uri "/.env"] [unique_id "aUdIuY8E07vso-lmGY83cwAAACo"] Action: Intercepted (phase 1) Stopwatch: 1766279353436618 1160 (- - -) Stopwatch2: 1766279353436618 1160; combined=247, p1=191, p2=0, p3=0, p4=0, p5=56, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --05b0ae1e-Z-- --51a8bd32-A-- [21/Dec/2025:06:39:15.443262 +0530] aUdIu-SMqMq9HLlYg0od9QAAAAA 147.182.200.94 42694 127.0.0.1 7081 --51a8bd32-B-- GET /.git/config HTTP/1.0 Host: vardan.cstechns.com X-Real-IP: 147.182.200.94 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (l9scan/2.0.5373e21353e21373e2839313; +https://leakix.net) Accept-Encoding: gzip --51a8bd32-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "31b-62143b366eaa6" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --51a8bd32-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vardan.cstechns.com"] [uri "/.git/config"] [unique_id "aUdIu-SMqMq9HLlYg0od9QAAAAA"] Action: Intercepted (phase 1) Stopwatch: 1766279355442223 1112 (- - -) Stopwatch2: 1766279355442223 1112; combined=314, p1=249, p2=0, p3=0, p4=0, p5=65, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --51a8bd32-Z-- --acf99b6b-A-- [21/Dec/2025:06:44:18.023482 +0530] aUdJ6v15a5LS4wy3oGUhPQAAADI 141.98.11.171 36444 127.0.0.1 7080 --acf99b6b-B-- GET /.env HTTP/1.0 Host: www.satyakalra.com X-Real-IP: 141.98.11.171 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 --acf99b6b-F-- HTTP/1.1 403 Forbidden Last-Modified: Sat, 05 Oct 2024 07:56:15 GMT ETag: "31b-623b61f41ac0f" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --acf99b6b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.satyakalra.com"] [uri "/.env"] [unique_id "aUdJ6v15a5LS4wy3oGUhPQAAADI"] Action: Intercepted (phase 1) Stopwatch: 1766279658022713 832 (- - -) Stopwatch2: 1766279658022713 832; combined=319, p1=257, p2=0, p3=0, p4=0, p5=62, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --acf99b6b-Z-- --fe34a956-A-- [21/Dec/2025:06:47:35.131942 +0530] aUdKryCmXIPG3z7udcCe-gAAABo 23.22.105.143 48464 127.0.0.1 7081 --fe34a956-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/thread-self/root/etc/nginx&viewfile=//proc/thread-self/root/etc/nginx/nginx.conf.default HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 23.22.105.143 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --fe34a956-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --fe34a956-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/nginx/nginx.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/nginx/nginx.conf found within ARGS:viewfile: /proc/thread-self/root/etc/nginx/nginx.conf.default"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/nginx/nginx.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/nginx/nginx.conf found within ARGS:viewfile: /proc/thread-self/root/etc/nginx/nginx.conf.default"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUdKryCmXIPG3z7udcCe-gAAABo"] Action: Intercepted (phase 2) Stopwatch: 1766279855130039 1993 (- - -) Stopwatch2: 1766279855130039 1993; combined=648, p1=334, p2=248, p3=0, p4=0, p5=66, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --fe34a956-Z-- --1be7881d-A-- [21/Dec/2025:06:56:17.713212 +0530] aUdMuI8E07vso-lmGY8-MQAAACo 43.173.169.184 48108 127.0.0.1 7081 --1be7881d-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 43.173.169.184 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 516 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.114 Safari/537.36 Accept: */* Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Content-Type: text/plain;charset=UTF-8 Cookie: _ga=GA1.1.2073681497.1766280372; _gcl_au=1.1.2080265359.1766280374; _ga_PETSZCXF5J=GS2.1.s1766280371$o1$g1$t1766280375$j56$l0$h0; _fbp=fb.1.1766280375665.459690567118729847 Origin: https://www.retaxis.com Referer: https://www.retaxis.com/sell/ecommerce-solutions Accept-Encoding: gzip --1be7881d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: _sfs_id=24a2af2b60a0692b547dbae48f4618641766280377; expires=Sun, 21 Dec 2025 02:26:17 GMT; Max-Age=3600; path=/; secure; HttpOnly Set-Cookie: PHPSESSID=og7ijccbtmsq3jp5a7mi4vmq7d; expires=Sat, 21 Mar 2026 01:26:17 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --1be7881d-E-- --1be7881d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aUdMuI8E07vso-lmGY8-MQAAACo"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aUdMuI8E07vso-lmGY8-MQAAACo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1766280376445765 1267583 (- - -) Stopwatch2: 1766280376445765 1267583; combined=4683, p1=565, p2=3225, p3=112, p4=35, p5=745, sr=161, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache WebApp-Info: "default" "1766280372" "-" Engine-Mode: "ENABLED" --1be7881d-Z-- --79e0006e-A-- [21/Dec/2025:07:03:22.594486 +0530] aUdOYti5nbT2CUdP38MOpgAAAAQ 64.23.174.208 54144 127.0.0.1 7081 --79e0006e-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 64.23.174.208 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --79e0006e-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 26 Dec 2024 13:21:14 GMT ETag: "31b-62a2c387059a1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --79e0006e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.tandonamit.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUdOYti5nbT2CUdP38MOpgAAAAQ"] Action: Intercepted (phase 2) Stopwatch: 1766280802592177 2371 (- - -) Stopwatch2: 1766280802592177 2371; combined=871, p1=313, p2=506, p3=0, p4=0, p5=52, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --79e0006e-Z-- --40bca345-A-- [21/Dec/2025:07:14:57.392171 +0530] aUdRGV_14fLiJli-TrXD0gAAAAI 34.203.232.5 60114 127.0.0.1 7081 --40bca345-B-- GET /.git/config HTTP/1.0 Host: best-website-designs.com X-Real-IP: 34.203.232.5 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --40bca345-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 29 Nov 2024 11:49:32 GMT ETag: "31b-6280bcad52275" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --40bca345-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "best-website-designs.com"] [uri "/.git/config"] [unique_id "aUdRGV_14fLiJli-TrXD0gAAAAI"] Action: Intercepted (phase 1) Stopwatch: 1766281497391239 1013 (- - -) Stopwatch2: 1766281497391239 1013; combined=208, p1=167, p2=0, p3=0, p4=0, p5=41, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --40bca345-Z-- --ac6e5676-A-- [21/Dec/2025:07:16:26.924914 +0530] aUdRckgx9-1km2qJt48DbQAAAC4 64.23.174.208 52842 127.0.0.1 7081 --ac6e5676-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.rooferscombine.com X-Real-IP: 64.23.174.208 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --ac6e5676-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 13:25:42 GMT ETag: "31b-6214b1c60bbe1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --ac6e5676-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rooferscombine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rooferscombine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rooferscombine.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUdRckgx9-1km2qJt48DbQAAAC4"] Action: Intercepted (phase 2) Stopwatch: 1766281586921677 3302 (- - -) Stopwatch2: 1766281586921677 3302; combined=966, p1=401, p2=506, p3=0, p4=0, p5=59, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --ac6e5676-Z-- --2e4c4b50-A-- [21/Dec/2025:07:16:38.299511 +0530] aUdRfubM_JPgEZ6lv0vuHgAAAB4 34.203.232.5 51400 127.0.0.1 7081 --2e4c4b50-B-- GET /.git/config HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 34.203.232.5 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0 Accept-Charset: utf-8 Accept-Encoding: gzip --2e4c4b50-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 13:22:32 GMT ETag: "31b-62136f33606a0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --2e4c4b50-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mindscan.edu.in"] [uri "/.git/config"] [unique_id "aUdRfubM_JPgEZ6lv0vuHgAAAB4"] Action: Intercepted (phase 1) Stopwatch: 1766281598298859 720 (- - -) Stopwatch2: 1766281598298859 720; combined=257, p1=204, p2=0, p3=0, p4=0, p5=53, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --2e4c4b50-Z-- --cd3aef39-A-- [21/Dec/2025:07:27:59.591809 +0530] aUdUJ29wJhpmjIbYGzcrUwAAAAM 45.135.193.3 46798 127.0.0.1 7080 --cd3aef39-B-- GET /.env HTTP/1.0 Host: surbhiprintographics.com X-Real-IP: 45.135.193.3 Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20070530 Fedora/1.5.0.12-1.fc6 Firefox/1.5.0.12 --cd3aef39-F-- HTTP/1.1 403 Forbidden Content-Length: 273 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd3aef39-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "surbhiprintographics.com"] [uri "/.env"] [unique_id "aUdUJ29wJhpmjIbYGzcrUwAAAAM"] Action: Intercepted (phase 1) Stopwatch: 1766282279591168 694 (- - -) Stopwatch2: 1766282279591168 694; combined=297, p1=235, p2=0, p3=0, p4=0, p5=62, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --cd3aef39-Z-- --53da2373-A-- [21/Dec/2025:07:27:59.594213 +0530] aUdUJ9iwCMHGjQofrDZifQAAAAg 45.135.193.3 46804 127.0.0.1 7080 --53da2373-B-- GET /.env HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 45.135.193.3 Connection: close Accept: */* User-Agent: Opera/8.10 (Windows NT 5.1; U; en) --53da2373-F-- HTTP/1.1 403 Forbidden Content-Length: 277 Connection: close Content-Type: text/html; charset=iso-8859-1 --53da2373-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/.env"] [unique_id "aUdUJ9iwCMHGjQofrDZifQAAAAg"] Action: Intercepted (phase 1) Stopwatch: 1766282279593771 491 (- - -) Stopwatch2: 1766282279593771 491; combined=221, p1=172, p2=0, p3=0, p4=0, p5=49, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --53da2373-Z-- --0aa22523-A-- [21/Dec/2025:07:28:00.970274 +0530] aUdUKG9wJhpmjIbYGzcrVQAAAAM 45.135.193.3 46874 127.0.0.1 7080 --0aa22523-B-- GET /api/.env HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 45.135.193.3 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3) Gecko/2008020514 Firefox/3.0b3 --0aa22523-F-- HTTP/1.1 403 Forbidden Content-Length: 277 Connection: close Content-Type: text/html; charset=iso-8859-1 --0aa22523-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/api/.env"] [unique_id "aUdUKG9wJhpmjIbYGzcrVQAAAAM"] Action: Intercepted (phase 1) Stopwatch: 1766282280969456 894 (- - -) Stopwatch2: 1766282280969456 894; combined=305, p1=229, p2=0, p3=0, p4=0, p5=75, sr=105, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --0aa22523-Z-- --6865701a-A-- [21/Dec/2025:07:28:01.070858 +0530] aUdUKdiwCMHGjQofrDZifwAAAAg 45.135.193.3 46884 127.0.0.1 7080 --6865701a-B-- GET /api/.env HTTP/1.0 Host: surbhiprintographics.com X-Real-IP: 45.135.193.3 Connection: close Accept: */* User-Agent: Mozilla/5.0 (iPod; CPU iPhone OS 6_1 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B144 Safari/8536.25 --6865701a-F-- HTTP/1.1 403 Forbidden Content-Length: 273 Connection: close Content-Type: text/html; charset=iso-8859-1 --6865701a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "surbhiprintographics.com"] [uri "/api/.env"] [unique_id "aUdUKdiwCMHGjQofrDZifwAAAAg"] Action: Intercepted (phase 1) Stopwatch: 1766282281069771 1164 (- - -) Stopwatch2: 1766282281069771 1164; combined=431, p1=332, p2=0, p3=0, p4=0, p5=99, sr=148, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --6865701a-Z-- --90397a2b-A-- [21/Dec/2025:07:28:01.743407 +0530] aUdUKdiwCMHGjQofrDZigAAAAAg 45.135.193.3 46916 127.0.0.1 7080 --90397a2b-B-- GET /dev/.env HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 45.135.193.3 Connection: close Accept: */* User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1) --90397a2b-F-- HTTP/1.1 403 Forbidden Content-Length: 277 Connection: close Content-Type: text/html; charset=iso-8859-1 --90397a2b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/dev/.env"] [unique_id "aUdUKdiwCMHGjQofrDZigAAAAAg"] Action: Intercepted (phase 1) Stopwatch: 1766282281742305 1155 (- - -) Stopwatch2: 1766282281742305 1155; combined=288, p1=223, p2=0, p3=0, p4=0, p5=65, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --90397a2b-Z-- --251e184b-A-- [21/Dec/2025:07:28:01.839698 +0530] aUdUKa2x8Uf27OTSxhWmqQAAACk 45.135.193.3 46920 127.0.0.1 7080 --251e184b-B-- GET /dev/.env HTTP/1.0 Host: surbhiprintographics.com X-Real-IP: 45.135.193.3 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0 --251e184b-F-- HTTP/1.1 403 Forbidden Content-Length: 273 Connection: close Content-Type: text/html; charset=iso-8859-1 --251e184b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "surbhiprintographics.com"] [uri "/dev/.env"] [unique_id "aUdUKa2x8Uf27OTSxhWmqQAAACk"] Action: Intercepted (phase 1) Stopwatch: 1766282281838996 768 (- - -) Stopwatch2: 1766282281838996 768; combined=330, p1=261, p2=0, p3=0, p4=0, p5=69, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --251e184b-Z-- --f4c38522-A-- [21/Dec/2025:07:28:10.048238 +0530] aUdUMl_14fLiJli-TrXHlAAAAAI 45.139.104.184 52178 127.0.0.1 7081 --f4c38522-B-- GET /.git/config HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 45.139.104.184 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --f4c38522-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 09:00:36 GMT ETag: "31b-621334a764ee0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --f4c38522-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.git/config"] [unique_id "aUdUMl_14fLiJli-TrXHlAAAAAI"] Action: Intercepted (phase 1) Stopwatch: 1766282290047531 774 (- - -) Stopwatch2: 1766282290047531 774; combined=266, p1=210, p2=0, p3=0, p4=0, p5=56, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --f4c38522-Z-- --76f58b34-A-- [21/Dec/2025:07:28:10.411840 +0530] aUdUMm9wJhpmjIbYGzcrXgAAAAM 45.139.104.184 52200 127.0.0.1 7081 --76f58b34-B-- GET /.git/HEAD HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 45.139.104.184 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --76f58b34-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 09:00:36 GMT ETag: "31b-621334a764ee0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --76f58b34-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.git/HEAD"] [unique_id "aUdUMm9wJhpmjIbYGzcrXgAAAAM"] Action: Intercepted (phase 1) Stopwatch: 1766282290410760 1197 (- - -) Stopwatch2: 1766282290410760 1197; combined=352, p1=274, p2=0, p3=0, p4=0, p5=77, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --76f58b34-Z-- --3d2c295a-A-- [21/Dec/2025:07:28:10.727196 +0530] aUdUMt2HSr6Haf-qwx6nqAAAAAY 45.139.104.184 52244 127.0.0.1 7081 --3d2c295a-B-- GET /.git/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 45.139.104.184 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --3d2c295a-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 09:00:36 GMT ETag: "31b-621334a764ee0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --3d2c295a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.git/"] [unique_id "aUdUMt2HSr6Haf-qwx6nqAAAAAY"] Action: Intercepted (phase 1) Stopwatch: 1766282290726540 722 (- - -) Stopwatch2: 1766282290726540 722; combined=255, p1=201, p2=0, p3=0, p4=0, p5=54, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --3d2c295a-Z-- --088cba4f-A-- [21/Dec/2025:07:28:12.343249 +0530] aUdUNEgx9-1km2qJt48GvgAAAC4 45.139.104.184 52406 127.0.0.1 7081 --088cba4f-B-- GET /.env HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 45.139.104.184 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --088cba4f-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 09:00:36 GMT ETag: "31b-621334a764ee0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --088cba4f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env"] [unique_id "aUdUNEgx9-1km2qJt48GvgAAAC4"] Action: Intercepted (phase 1) Stopwatch: 1766282292342118 1287 (- - -) Stopwatch2: 1766282292342118 1287; combined=327, p1=249, p2=0, p3=0, p4=0, p5=77, sr=107, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --088cba4f-Z-- --3556295f-A-- [21/Dec/2025:07:28:12.710953 +0530] aUdUNNiwCMHGjQofrDZiiwAAAAg 45.139.104.184 52442 127.0.0.1 7081 --3556295f-B-- GET /.env HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 45.139.104.184 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --3556295f-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 09:00:36 GMT ETag: "31b-621334a764ee0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --3556295f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env"] [unique_id "aUdUNNiwCMHGjQofrDZiiwAAAAg"] Action: Intercepted (phase 1) Stopwatch: 1766282292710241 1180 (- - -) Stopwatch2: 1766282292710241 1180; combined=274, p1=210, p2=0, p3=0, p4=0, p5=63, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --3556295f-Z-- --5e786c66-A-- [21/Dec/2025:07:33:03.554435 +0530] aUdVV9iwCMHGjQofrDZkUAAAAAg 45.82.13.170 47558 127.0.0.1 7081 --5e786c66-B-- GET /.env HTTP/1.0 Host: best-website-designs.com X-Real-IP: 45.82.13.170 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: SuperBot/4.4.0.60 (Windows XP) Accept-Charset: utf-8 Accept-Encoding: gzip --5e786c66-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 29 Nov 2024 11:49:32 GMT ETag: "31b-6280bcad52275" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --5e786c66-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "best-website-designs.com"] [uri "/.env"] [unique_id "aUdVV9iwCMHGjQofrDZkUAAAAAg"] Action: Intercepted (phase 1) Stopwatch: 1766282583553709 794 (- - -) Stopwatch2: 1766282583553709 794; combined=280, p1=223, p2=0, p3=0, p4=0, p5=57, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --5e786c66-Z-- --f9033754-A-- [21/Dec/2025:07:39:47.077681 +0530] aUdW6-bM_JPgEZ6lv0v1-wAAAB4 35.171.117.160 48856 127.0.0.1 7081 --f9033754-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/thread-self/root/etc&viewfile=//proc/thread-self/root/etc/issue HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 35.171.117.160 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --f9033754-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --f9033754-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/issue" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/issue found within ARGS:viewfile: /proc/thread-self/root/etc/issue"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/issue" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/issue found within ARGS:viewfile: /proc/thread-self/root/etc/issue"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUdW6-bM_JPgEZ6lv0v1-wAAAB4"] Action: Intercepted (phase 2) Stopwatch: 1766282987075795 1951 (- - -) Stopwatch2: 1766282987075795 1951; combined=622, p1=360, p2=208, p3=0, p4=0, p5=54, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --f9033754-Z-- --fe524327-A-- [21/Dec/2025:07:40:46.214908 +0530] aUdXJkgx9-1km2qJt48LHAAAAC4 78.142.18.135 52712 127.0.0.1 7080 --fe524327-B-- GET /.env HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 78.142.18.135 Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --fe524327-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --fe524327-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/.env"] [unique_id "aUdXJkgx9-1km2qJt48LHAAAAC4"] Action: Intercepted (phase 1) Stopwatch: 1766283046214448 513 (- - -) Stopwatch2: 1766283046214448 513; combined=221, p1=175, p2=0, p3=0, p4=0, p5=46, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --fe524327-Z-- --1ad6ca54-A-- [21/Dec/2025:07:40:46.437672 +0530] aUdXJq2x8Uf27OTSxhWrlgAAACk 78.142.18.135 44316 127.0.0.1 7080 --1ad6ca54-B-- GET /.env.bak HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 78.142.18.135 Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --1ad6ca54-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --1ad6ca54-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/.env.bak"] [unique_id "aUdXJq2x8Uf27OTSxhWrlgAAACk"] Action: Intercepted (phase 1) Stopwatch: 1766283046437049 678 (- - -) Stopwatch2: 1766283046437049 678; combined=285, p1=227, p2=0, p3=0, p4=0, p5=58, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --1ad6ca54-Z-- --80b95863-A-- [21/Dec/2025:07:40:46.687952 +0530] aUdXJm9wJhpmjIbYGzcwPwAAAAM 78.142.18.135 44320 127.0.0.1 7080 --80b95863-B-- GET /.env.backup HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 78.142.18.135 Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --80b95863-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --80b95863-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/.env.backup"] [unique_id "aUdXJm9wJhpmjIbYGzcwPwAAAAM"] Action: Intercepted (phase 1) Stopwatch: 1766283046687393 635 (- - -) Stopwatch2: 1766283046687393 635; combined=281, p1=219, p2=0, p3=0, p4=0, p5=62, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --80b95863-Z-- --fd03a92a-A-- [21/Dec/2025:07:40:46.902672 +0530] aUdXJtcRUgc6HgTQNnTXHQAAAAU 78.142.18.135 44322 127.0.0.1 7080 --fd03a92a-B-- GET /.env.old HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 78.142.18.135 Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --fd03a92a-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd03a92a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/.env.old"] [unique_id "aUdXJtcRUgc6HgTQNnTXHQAAAAU"] Action: Intercepted (phase 1) Stopwatch: 1766283046901998 734 (- - -) Stopwatch2: 1766283046901998 734; combined=256, p1=201, p2=0, p3=0, p4=0, p5=55, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --fd03a92a-Z-- --e75a5418-A-- [21/Dec/2025:07:40:47.144418 +0530] aUdXJ1_14fLiJli-TrXL8QAAAAI 78.142.18.135 44326 127.0.0.1 7080 --e75a5418-B-- GET /.env.save HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 78.142.18.135 Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --e75a5418-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --e75a5418-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/.env.save"] [unique_id "aUdXJ1_14fLiJli-TrXL8QAAAAI"] Action: Intercepted (phase 1) Stopwatch: 1766283047143808 665 (- - -) Stopwatch2: 1766283047143808 665; combined=292, p1=235, p2=0, p3=0, p4=0, p5=57, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --e75a5418-Z-- --c757dc66-A-- [21/Dec/2025:07:40:47.371516 +0530] aUdXJ0Yxd_RokpUrwxLEMQAAAAE 78.142.18.135 44328 127.0.0.1 7080 --c757dc66-B-- GET /.env.local HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 78.142.18.135 Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --c757dc66-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --c757dc66-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/.env.local"] [unique_id "aUdXJ0Yxd_RokpUrwxLEMQAAAAE"] Action: Intercepted (phase 1) Stopwatch: 1766283047370938 650 (- - -) Stopwatch2: 1766283047370938 650; combined=279, p1=196, p2=0, p3=0, p4=0, p5=82, sr=90, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --c757dc66-Z-- --e0db1553-A-- [21/Dec/2025:07:44:53.659070 +0530] aUdYHfSxm0oTx3zU08C-gQAAAAM 59.126.247.219 33640 127.0.0.1 7081 --e0db1553-B-- GET /core/.env HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --e0db1553-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --e0db1553-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/core/.env"] [unique_id "aUdYHfSxm0oTx3zU08C-gQAAAAM"] Action: Intercepted (phase 1) Stopwatch: 1766283293658236 900 (- - -) Stopwatch2: 1766283293658236 900; combined=302, p1=242, p2=0, p3=0, p4=0, p5=60, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --e0db1553-Z-- --b67c1036-A-- [21/Dec/2025:07:44:53.660565 +0530] aUdYHebM_JPgEZ6lv0v30gAAAB4 59.126.247.219 33656 127.0.0.1 7081 --b67c1036-B-- GET /.env HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --b67c1036-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --b67c1036-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/.env"] [unique_id "aUdYHebM_JPgEZ6lv0v30gAAAB4"] Action: Intercepted (phase 1) Stopwatch: 1766283293659460 1180 (- - -) Stopwatch2: 1766283293659460 1180; combined=306, p1=225, p2=0, p3=0, p4=0, p5=80, sr=94, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --b67c1036-Z-- --04717e26-A-- [21/Dec/2025:07:44:53.662532 +0530] aUdYHdcRUgc6HgTQNnTYbAAAAAU 59.126.247.219 33670 127.0.0.1 7081 --04717e26-B-- GET /app/.env HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --04717e26-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --04717e26-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/app/.env"] [unique_id "aUdYHdcRUgc6HgTQNnTYbAAAAAU"] Action: Intercepted (phase 1) Stopwatch: 1766283293661834 764 (- - -) Stopwatch2: 1766283293661834 764; combined=302, p1=243, p2=0, p3=0, p4=0, p5=59, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --04717e26-Z-- --ac082c29-A-- [21/Dec/2025:07:44:53.664145 +0530] aUdYHRJ_DuwH5fGThDU7TwAAAAQ 59.126.247.219 33680 127.0.0.1 7081 --ac082c29-B-- GET /.env.save HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --ac082c29-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --ac082c29-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/.env.save"] [unique_id "aUdYHRJ_DuwH5fGThDU7TwAAAAQ"] Action: Intercepted (phase 1) Stopwatch: 1766283293663395 818 (- - -) Stopwatch2: 1766283293663395 818; combined=311, p1=235, p2=0, p3=0, p4=0, p5=76, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --ac082c29-Z-- --8e17d54c-A-- [21/Dec/2025:07:44:53.725454 +0530] aUdYHUgx9-1km2qJt48MdwAAAC4 59.126.247.219 33710 127.0.0.1 7081 --8e17d54c-B-- GET /admin/.env HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --8e17d54c-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --8e17d54c-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/admin/.env"] [unique_id "aUdYHUgx9-1km2qJt48MdwAAAC4"] Action: Intercepted (phase 1) Stopwatch: 1766283293724704 814 (- - -) Stopwatch2: 1766283293724704 814; combined=334, p1=277, p2=0, p3=0, p4=0, p5=57, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --8e17d54c-Z-- --22f29c10-A-- [21/Dec/2025:07:44:53.726202 +0530] aUdYHV_14fLiJli-TrXNTQAAAAI 59.126.247.219 33722 127.0.0.1 7081 --22f29c10-B-- GET /dash/.env HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 59.126.247.219 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --22f29c10-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --22f29c10-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/dash/.env"] [unique_id "aUdYHV_14fLiJli-TrXNTQAAAAI"] Action: Intercepted (phase 1) Stopwatch: 1766283293725494 773 (- - -) Stopwatch2: 1766283293725494 773; combined=299, p1=226, p2=0, p3=0, p4=0, p5=73, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --22f29c10-Z-- --43da0766-A-- [21/Dec/2025:07:47:26.941927 +0530] aUdYtq2x8Uf27OTSxhWtpAAAACk 44.193.115.232 43236 127.0.0.1 7081 --43da0766-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/thread-self/root/etc&viewfile=//proc/thread-self/root/etc/group- HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.193.115.232 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --43da0766-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --43da0766-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/group" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/group found within ARGS:viewfile: /proc/thread-self/root/etc/group-"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/group" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/group found within ARGS:viewfile: /proc/thread-self/root/etc/group-"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUdYtq2x8Uf27OTSxhWtpAAAACk"] Action: Intercepted (phase 2) Stopwatch: 1766283446939483 2527 (- - -) Stopwatch2: 1766283446939483 2527; combined=790, p1=450, p2=262, p3=0, p4=0, p5=78, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --43da0766-Z-- --2c8d5a06-A-- [21/Dec/2025:07:47:46.974887 +0530] aUdYyq2x8Uf27OTSxhWttgAAACk 100.29.155.89 36348 127.0.0.1 7081 --2c8d5a06-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/thread-self/root/etc&viewfile=//proc/thread-self/root/etc/os-release HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 100.29.155.89 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --2c8d5a06-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --2c8d5a06-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/os-release" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/os-release found within ARGS:viewfile: /proc/thread-self/root/etc/os-release"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/os-release" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/os-release found within ARGS:viewfile: /proc/thread-self/root/etc/os-release"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUdYyq2x8Uf27OTSxhWttgAAACk"] Action: Intercepted (phase 2) Stopwatch: 1766283466973005 1948 (- - -) Stopwatch2: 1766283466973005 1948; combined=609, p1=337, p2=219, p3=0, p4=0, p5=53, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --2c8d5a06-Z-- --f7371d0e-A-- [21/Dec/2025:07:50:16.562101 +0530] aUdZYK2x8Uf27OTSxhWudAAAACk 2.57.122.225 51300 127.0.0.1 7080 --f7371d0e-B-- GET /www/.git/config HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 2.57.122.225 Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Dnt: 1 Upgrade-Insecure-Requests: 1 --f7371d0e-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --f7371d0e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/www/.git/config"] [unique_id "aUdZYK2x8Uf27OTSxhWudAAAACk"] Action: Intercepted (phase 1) Stopwatch: 1766283616561421 743 (- - -) Stopwatch2: 1766283616561421 743; combined=298, p1=233, p2=0, p3=0, p4=0, p5=64, sr=107, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --f7371d0e-Z-- --89ccea08-A-- [21/Dec/2025:07:54:30.337858 +0530] aUdaXl_14fLiJli-TrXPlAAAAAI 172.69.134.15 41538 127.0.0.1 7081 --89ccea08-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.sarvasya.com X-Real-IP: 172.69.134.15 X-Forwarded-For: 146.190.149.85 X-Accel-Internal: /internal-nginx-static-location Connection: close accept-encoding: gzip, br cf-ray: 9b13ec6d3d31ffb8-SJC user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 cdn-loop: cloudflare; loops=1 cf-connecting-ip: 146.190.149.85 cf-ipcountry: US cf-visitor: {"scheme":"https"} x-forwarded-proto: https --89ccea08-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:26:01 GMT ETag: "31b-62149705b580e" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --89ccea08-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.sarvasya.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.sarvasya.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.sarvasya.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUdaXl_14fLiJli-TrXPlAAAAAI"] Action: Intercepted (phase 2) Stopwatch: 1766283870335102 2857 (- - -) Stopwatch2: 1766283870335102 2857; combined=1133, p1=426, p2=646, p3=0, p4=0, p5=61, sr=148, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --89ccea08-Z-- --bde0555a-A-- [21/Dec/2025:08:04:03.536103 +0530] aUdcmxJ_DuwH5fGThDU_twAAAAQ 178.252.190.114 56528 127.0.0.1 7080 --bde0555a-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.delsig.com X-Real-IP: 178.252.190.114 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: wordpress_clef_state=V2kQymFrHrBmYaQsYeopfmi7; wordpress_test_cookie=WP%20Cookie%20check User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 --bde0555a-F-- HTTP/1.1 403 Forbidden Content-Length: 263 Connection: close Content-Type: text/html; charset=iso-8859-1 --bde0555a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.delsig.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.delsig.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.delsig.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUdcmxJ_DuwH5fGThDU_twAAAAQ"] Action: Intercepted (phase 2) Stopwatch: 1766284443533177 2997 (- - -) Stopwatch2: 1766284443533177 2997; combined=1463, p1=450, p2=917, p3=0, p4=0, p5=96, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --bde0555a-Z-- --24e79122-A-- [21/Dec/2025:08:06:54.443664 +0530] aUddRtcRUgc6HgTQNnTeXAAAAAU 162.158.48.165 46704 127.0.0.1 7080 --24e79122-B-- GET /.env HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 162.158.48.165 X-Forwarded-For: 141.98.11.171 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 cf-ray: 9b13fe96ff054580-RIX cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 141.98.11.171 CF-IPCountry: LT CF-Visitor: {"scheme":"http"} X-Forwarded-Proto: http accept-encoding: gzip --24e79122-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "31b-623a72f4250b7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --24e79122-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/.env"] [unique_id "aUddRtcRUgc6HgTQNnTeXAAAAAU"] Action: Intercepted (phase 1) Stopwatch: 1766284614442825 981 (- - -) Stopwatch2: 1766284614442825 981; combined=315, p1=229, p2=0, p3=0, p4=0, p5=86, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --24e79122-Z-- --4429311a-A-- [21/Dec/2025:08:14:16.334012 +0530] aUdfABmhKMEeb-QuKxbUkgAAAAA 141.98.11.171 41800 127.0.0.1 7080 --4429311a-B-- GET /.env HTTP/1.0 Host: surbhiprintographics.com X-Real-IP: 141.98.11.171 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 --4429311a-F-- HTTP/1.1 403 Forbidden Content-Length: 273 Connection: close Content-Type: text/html; charset=iso-8859-1 --4429311a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "surbhiprintographics.com"] [uri "/.env"] [unique_id "aUdfABmhKMEeb-QuKxbUkgAAAAA"] Action: Intercepted (phase 1) Stopwatch: 1766285056333219 854 (- - -) Stopwatch2: 1766285056333219 854; combined=337, p1=269, p2=0, p3=0, p4=0, p5=68, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --4429311a-Z-- --82d66641-A-- [21/Dec/2025:08:14:32.222126 +0530] aUdfEJpbrYn6wLl1fa8HiQAAAAE 195.178.110.161 36184 127.0.0.1 7081 --82d66641-B-- GET /.git/config HTTP/1.0 Host: www.starcrest.in X-Real-IP: 195.178.110.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --82d66641-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 08 Oct 2025 12:53:18 GMT ETag: "31b-640a52b2c00e0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --82d66641-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.starcrest.in"] [uri "/.git/config"] [unique_id "aUdfEJpbrYn6wLl1fa8HiQAAAAE"] Action: Intercepted (phase 1) Stopwatch: 1766285072221449 745 (- - -) Stopwatch2: 1766285072221449 745; combined=266, p1=213, p2=0, p3=0, p4=0, p5=53, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --82d66641-Z-- --87cb080d-A-- [21/Dec/2025:08:17:39.474533 +0530] aUdfy9cRUgc6HgTQNnTi5QAAAAU 2.57.122.225 43636 127.0.0.1 7081 --87cb080d-B-- GET /www/.git/config HTTP/1.0 Host: a2z.cstechns.com X-Real-IP: 2.57.122.225 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/119.0.6045.109 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Dnt: 1 Upgrade-Insecure-Requests: 1 --87cb080d-F-- HTTP/1.1 503 Service Unavailable Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "396-62143b366eaa6" Accept-Ranges: bytes Content-Length: 918 Connection: close Content-Type: text/html --87cb080d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "a2z.cstechns.com"] [uri "/www/.git/config"] [unique_id "aUdfy9cRUgc6HgTQNnTi5QAAAAU"] Action: Intercepted (phase 1) Stopwatch: 1766285259473848 760 (- - -) Stopwatch2: 1766285259473848 760; combined=259, p1=203, p2=0, p3=0, p4=0, p5=56, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --87cb080d-Z-- --c785d202-A-- [21/Dec/2025:08:38:51.552150 +0530] aUdkw9cRUgc6HgTQNnTq5wAAAAU 57.141.4.50 34574 127.0.0.1 7081 --c785d202-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?viewfile=//etc/security/pam_env.conf&path=//etc/security HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 57.141.4.50 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) --c785d202-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --c785d202-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/security/pam_env.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/pam_env.conf found within ARGS:viewfile: /etc/security/pam_env.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/security/pam_env.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/pam_env.conf found within ARGS:viewfile: /etc/security/pam_env.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUdkw9cRUgc6HgTQNnTq5wAAAAU"] Action: Intercepted (phase 2) Stopwatch: 1766286531550248 1967 (- - -) Stopwatch2: 1766286531550248 1967; combined=593, p1=338, p2=202, p3=0, p4=0, p5=53, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --c785d202-Z-- --3192e278-A-- [21/Dec/2025:08:41:10.786729 +0530] aUdlTo9j1p8Wl_gfQyBbqgAAAAY 216.73.216.138 53788 127.0.0.1 7081 --3192e278-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fproc%2Fthread-self%2Froot%2Fetc%2Flvm%2Fprofile&viewfile=%2F%2Fproc%2Fthread-self%2Froot%2Fetc%2Flvm%2Fprofile%2Flvmdbusd.profile HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.138 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --3192e278-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --3192e278-H-- Message: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: .profile found within ARGS:viewfile: /proc/thread-self/root/etc/lvm/profile/lvmdbusd.profile"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: .profile found within ARGS:viewfile: /proc/thread-self/root/etc/lvm/profile/lvmdbusd.profile"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUdlTo9j1p8Wl_gfQyBbqgAAAAY"] Action: Intercepted (phase 2) Stopwatch: 1766286670784859 1941 (- - -) Stopwatch2: 1766286670784859 1941; combined=637, p1=342, p2=235, p3=0, p4=0, p5=60, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --3192e278-Z-- --d8b05843-A-- [21/Dec/2025:08:41:38.945440 +0530] aUdlat35HtpQHYKqMLIsswAAAAg 216.73.216.138 49622 127.0.0.1 7081 --d8b05843-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fsnap%2Fcore20%2Fcurrent%2Fetc%2Fld.so.conf.d&viewfile=%2F%2Fsnap%2Fcore20%2Fcurrent%2Fetc%2Fld.so.conf.d%2Flibc.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.138 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --d8b05843-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --d8b05843-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/ld.so.conf" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ld.so.conf found within ARGS:path: /snap/core20/current/etc/ld.so.conf.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/ld.so.conf" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ld.so.conf found within ARGS:path: /snap/core20/current/etc/ld.so.conf.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUdlat35HtpQHYKqMLIsswAAAAg"] Action: Intercepted (phase 2) Stopwatch: 1766286698942929 2581 (- - -) Stopwatch2: 1766286698942929 2581; combined=657, p1=374, p2=221, p3=0, p4=0, p5=61, sr=95, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --d8b05843-Z-- --83aa5356-A-- [21/Dec/2025:08:43:06.408833 +0530] aUdlwq2i3x_6eIhxe3JffwAAAAc 216.73.216.138 40828 127.0.0.1 7081 --83aa5356-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc%2Fapache2%2Fplesk.conf.d&viewfile=%2F%2Fetc%2Fapache2%2Fplesk.conf.d%2Froundcube.htaccess.inc HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.138 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --83aa5356-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --83aa5356-H-- Message: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c%20bipas.phtml"] [unique_id "aUdlwq2i3x_6eIhxe3JffwAAAAc"] Action: Intercepted (phase 1) Stopwatch: 1766286786408167 734 (- - -) Stopwatch2: 1766286786408167 734; combined=276, p1=218, p2=0, p3=0, p4=0, p5=58, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --83aa5356-Z-- --017d100d-A-- [21/Dec/2025:08:43:07.322017 +0530] aUdlw8EqSmRf8edZvI4i5wAAAAo 216.73.216.138 40962 127.0.0.1 7081 --017d100d-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fproc%2Fthread-self%2Froot%2Fproc%2Fself%2Froot%2Fetc&viewfile=%2F%2Fproc%2Fthread-self%2Froot%2Fproc%2Fself%2Froot%2Fetc%2Ftimezone HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.138 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --017d100d-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --017d100d-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/timezone" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/timezone found within ARGS:viewfile: /proc/thread-self/root/proc/self/root/etc/timezone"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/timezone" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/timezone found within ARGS:viewfile: /proc/thread-self/root/proc/self/root/etc/timezone"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUdlw8EqSmRf8edZvI4i5wAAAAo"] Action: Intercepted (phase 2) Stopwatch: 1766286787320044 2071 (- - -) Stopwatch2: 1766286787320044 2071; combined=690, p1=365, p2=264, p3=0, p4=0, p5=61, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --017d100d-Z-- --fa1d162e-A-- [21/Dec/2025:08:43:35.550949 +0530] aUdl39cRUgc6HgTQNnTsDgAAAAU 216.73.216.138 58146 127.0.0.1 7081 --fa1d162e-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fproc%2Fthread-self%2Froot%2Fproc%2Fself%2Ffd&viewfile=%2F%2Fproc%2Fthread-self%2Froot%2Fproc%2Fself%2Ffd%2F130 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.138 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --fa1d162e-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --fa1d162e-H-- Message: Access denied with code 403 (phase 2). Matched phrase "proc/self/fd/1" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/fd/1 found within ARGS:viewfile: /proc/thread-self/root/proc/self/fd/130"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "proc/self/fd/1" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/fd/1 found within ARGS:viewfile: /proc/thread-self/root/proc/self/fd/130"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUdl39cRUgc6HgTQNnTsDgAAAAU"] Action: Intercepted (phase 2) Stopwatch: 1766286815549034 1982 (- - -) Stopwatch2: 1766286815549034 1982; combined=618, p1=323, p2=238, p3=0, p4=0, p5=56, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --fa1d162e-Z-- --13e28c11-A-- [21/Dec/2025:08:43:39.675808 +0530] aUdl49cRUgc6HgTQNnTsFwAAAAU 217.156.8.93 34136 127.0.0.1 7081 --13e28c11-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: www.retaxis.com X-Real-IP: 217.156.8.93 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 DNT: 1 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Cache-Control: max-age=0 Pragma: no-cache Sec-Ch-Ua: "Not_A Brand";v="8", "Chromium";v="119", "Google Chrome";v="119" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "Windows" Cookie: _sfs_id=d0c103f7f30dd2222d291220d212c1671766286817; wordpress_test_cookie=WP%20Cookie%20check --13e28c11-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 10:16:50 GMT ETag: "31b-621345b19387f" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --13e28c11-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.retaxis.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aUdl49cRUgc6HgTQNnTsFwAAAAU"] Action: Intercepted (phase 2) Stopwatch: 1766286819673041 2914 (- - -) Stopwatch2: 1766286819673041 2914; combined=1295, p1=330, p2=887, p3=0, p4=0, p5=78, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --13e28c11-Z-- --1b250b5a-A-- [21/Dec/2025:09:01:21.677937 +0530] aUdqCZHd-4-Zt2xyOFMduQAAAAw 103.77.106.118 43086 127.0.0.1 7081 --1b250b5a-B-- GET /sftp-config.json HTTP/1.0 Host: aarrambha.com X-Real-IP: 103.77.106.118 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --1b250b5a-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 09 Oct 2025 11:16:25 GMT ETag: "31b-640b7ee87ceaa" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --1b250b5a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aarrambha.com"] [uri "/sftp-config.json"] [unique_id "aUdqCZHd-4-Zt2xyOFMduQAAAAw"] Action: Intercepted (phase 1) Stopwatch: 1766287881676866 1142 (- - -) Stopwatch2: 1766287881676866 1142; combined=334, p1=269, p2=0, p3=0, p4=0, p5=65, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --1b250b5a-Z-- --0e09b80d-A-- [21/Dec/2025:09:08:56.220794 +0530] aUdr0Ik2JZPsbmEjkSezHwAAAAk 146.75.253.253 43516 127.0.0.1 7081 --0e09b80d-B-- GET /__nextjs_original-stack-frame?isServer=false&isEdgeServer=false&isAppDirectory=true&errorMessage=ChunkLoadError%3A+Loading+chunk+app%2Flayout+failed.%0A%28error%3A+https%3A%2F%2Fshows.tandonamit.com%2F_next%2Fstatic%2Fchunks%2Fapp%2Flayout.js%29&file=%5Bnative+code%5D&methodName=reduce&arguments=&lineNumber=&column= HTTP/1.0 Host: shows.tandonamit.com X-Real-IP: 146.75.253.253 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-fetch-dest: empty user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.1 Mobile/15E148 Safari/604.1 accept: */* referer: https://shows.tandonamit.com/shows sec-fetch-site: same-origin sec-fetch-mode: cors accept-language: en-US,en;q=0.9 priority: u=3, i accept-encoding: gzip, deflate, br --0e09b80d-F-- HTTP/1.1 403 Forbidden Connection: close Content-Type: text/html; charset=iso-8859-1 --0e09b80d-H-- Message: Access denied with code 403 (phase 3). Match of "validateByteRange 0-31" against "ARGS:arguments" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "6640"] [id "243420"] [rev "4"] [msg "COMODO WAF: Information disclosure vulnerability in Eclipse Jetty before 9.2.9.v20150224 (CVE-2015-2080)||shows.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 3). Match of "validateByteRange 0-31" against "ARGS:arguments" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "6640"] [id "243420"] [rev "4"] [msg "COMODO WAF: Information disclosure vulnerability in Eclipse Jetty before 9.2.9.v20150224 (CVE-2015-2080)||shows.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "shows.tandonamit.com"] [uri "/__nextjs_original-stack-frame"] [unique_id "aUdr0Ik2JZPsbmEjkSezHwAAAAk"] Action: Intercepted (phase 3) Stopwatch: 1766288336213914 6954 (- - -) Stopwatch2: 1766288336213914 6954; combined=3637, p1=304, p2=3179, p3=80, p4=0, p5=74, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --0e09b80d-Z-- --b8843136-A-- [21/Dec/2025:09:08:56.234798 +0530] aUdr0OBG25l8VXeCt7rjpwAAAAs 146.75.253.253 43590 127.0.0.1 7081 --b8843136-B-- GET /__nextjs_original-stack-frame?isServer=false&isEdgeServer=false&isAppDirectory=true&errorMessage=ChunkLoadError%3A+Loading+chunk+app%2Flayout+failed.%0A%28error%3A+https%3A%2F%2Fshows.tandonamit.com%2F_next%2Fstatic%2Fchunks%2Fapp%2Flayout.js%29&file=%5Bnative+code%5D&methodName=reduce&arguments=&lineNumber=&column= HTTP/1.0 Host: shows.tandonamit.com X-Real-IP: 146.75.253.253 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-fetch-dest: empty user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.1 Mobile/15E148 Safari/604.1 accept: */* referer: https://shows.tandonamit.com/shows sec-fetch-site: same-origin sec-fetch-mode: cors accept-language: en-US,en;q=0.9 priority: u=3, i accept-encoding: gzip, deflate, br --b8843136-F-- HTTP/1.1 403 Forbidden Connection: close Content-Type: text/html; charset=iso-8859-1 --b8843136-H-- Message: Access denied with code 403 (phase 3). Match of "validateByteRange 0-31" against "ARGS:arguments" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "6640"] [id "243420"] [rev "4"] [msg "COMODO WAF: Information disclosure vulnerability in Eclipse Jetty before 9.2.9.v20150224 (CVE-2015-2080)||shows.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 3). Match of "validateByteRange 0-31" against "ARGS:arguments" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "6640"] [id "243420"] [rev "4"] [msg "COMODO WAF: Information disclosure vulnerability in Eclipse Jetty before 9.2.9.v20150224 (CVE-2015-2080)||shows.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "shows.tandonamit.com"] [uri "/__nextjs_original-stack-frame"] [unique_id "aUdr0OBG25l8VXeCt7rjpwAAAAs"] Action: Intercepted (phase 3) Stopwatch: 1766288336222931 11949 (- - -) Stopwatch2: 1766288336222931 11949; combined=3851, p1=299, p2=3333, p3=100, p4=0, p5=118, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --b8843136-Z-- --39b07f5d-A-- [21/Dec/2025:09:11:26.140320 +0530] aUdsZjRImS6LYm6NoR2PNAAAABM 208.84.101.102 52688 127.0.0.1 7081 --39b07f5d-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 208.84.101.102 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=2260380a6b5d7e5d5947204466b83ecb1766288481 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --39b07f5d-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 13:22:32 GMT ETag: "31b-62136f33606a0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --39b07f5d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mindscan.edu.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mindscan.edu.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.mindscan.edu.in"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUdsZjRImS6LYm6NoR2PNAAAABM"] Action: Intercepted (phase 2) Stopwatch: 1766288486138032 2391 (- - -) Stopwatch2: 1766288486138032 2391; combined=972, p1=308, p2=575, p3=0, p4=0, p5=88, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --39b07f5d-Z-- --ce8de267-A-- [21/Dec/2025:09:13:24.977958 +0530] aUds3Ik2JZPsbmEjkSez7AAAAAk 223.19.43.14 42144 127.0.0.1 7081 --ce8de267-B-- GET /.env HTTP/1.0 Host: www.rooferscombine.com X-Real-IP: 223.19.43.14 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept-Encoding: gzip, deflate Accept: */* --ce8de267-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 13:25:42 GMT ETag: "31b-6214b1c60bbe1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --ce8de267-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rooferscombine.com"] [uri "/.env"] [unique_id "aUds3Ik2JZPsbmEjkSez7AAAAAk"] Action: Intercepted (phase 1) Stopwatch: 1766288604977188 844 (- - -) Stopwatch2: 1766288604977188 844; combined=312, p1=246, p2=0, p3=0, p4=0, p5=66, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --ce8de267-Z-- --8f00b547-A-- [21/Dec/2025:09:16:28.089458 +0530] aUdtlM04-t8q5l5ICraDlQAAAAY 45.139.104.184 52030 127.0.0.1 7081 --8f00b547-B-- GET /.git/config HTTP/1.0 Host: arrayz.com X-Real-IP: 45.139.104.184 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --8f00b547-F-- HTTP/1.1 403 Forbidden Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "31b-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --8f00b547-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arrayz.com"] [uri "/.git/config"] [unique_id "aUdtlM04-t8q5l5ICraDlQAAAAY"] Action: Intercepted (phase 1) Stopwatch: 1766288788088155 1372 (- - -) Stopwatch2: 1766288788088155 1372; combined=263, p1=206, p2=0, p3=0, p4=0, p5=57, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --8f00b547-Z-- --28fe6d3d-A-- [21/Dec/2025:09:16:28.219654 +0530] aUdtlLJwIwz9o2VerA9HPQAAAAQ 45.139.104.184 52044 127.0.0.1 7081 --28fe6d3d-B-- GET /.git/HEAD HTTP/1.0 Host: arrayz.com X-Real-IP: 45.139.104.184 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --28fe6d3d-F-- HTTP/1.1 403 Forbidden Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "31b-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --28fe6d3d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arrayz.com"] [uri "/.git/HEAD"] [unique_id "aUdtlLJwIwz9o2VerA9HPQAAAAQ"] Action: Intercepted (phase 1) Stopwatch: 1766288788219021 700 (- - -) Stopwatch2: 1766288788219021 700; combined=261, p1=207, p2=0, p3=0, p4=0, p5=54, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --28fe6d3d-Z-- --a392cc27-A-- [21/Dec/2025:09:16:28.348878 +0530] aUdtlDj6mDLjiTN5U7L-LgAAAA0 45.139.104.184 52068 127.0.0.1 7081 --a392cc27-B-- GET /.git/ HTTP/1.0 Host: arrayz.com X-Real-IP: 45.139.104.184 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --a392cc27-F-- HTTP/1.1 403 Forbidden Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "31b-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --a392cc27-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arrayz.com"] [uri "/.git/"] [unique_id "aUdtlDj6mDLjiTN5U7L-LgAAAA0"] Action: Intercepted (phase 1) Stopwatch: 1766288788348278 668 (- - -) Stopwatch2: 1766288788348278 668; combined=237, p1=184, p2=0, p3=0, p4=0, p5=53, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --a392cc27-Z-- --ebced25e-A-- [21/Dec/2025:09:16:30.235181 +0530] aUdtlmsBTnChqaInkEcszwAAAAs 45.139.104.184 52348 127.0.0.1 7081 --ebced25e-B-- GET /.env HTTP/1.0 Host: arrayz.com X-Real-IP: 45.139.104.184 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --ebced25e-F-- HTTP/1.1 403 Forbidden Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "31b-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --ebced25e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arrayz.com"] [uri "/.env"] [unique_id "aUdtlmsBTnChqaInkEcszwAAAAs"] Action: Intercepted (phase 1) Stopwatch: 1766288790233979 1271 (- - -) Stopwatch2: 1766288790233979 1271; combined=269, p1=212, p2=0, p3=0, p4=0, p5=57, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --ebced25e-Z-- --5cb08c1d-A-- [21/Dec/2025:09:16:30.478691 +0530] aUdtls04-t8q5l5ICraDmAAAAAY 45.139.104.184 52376 127.0.0.1 7081 --5cb08c1d-B-- GET /.env HTTP/1.0 Host: arrayz.com X-Real-IP: 45.139.104.184 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --5cb08c1d-F-- HTTP/1.1 403 Forbidden Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "31b-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --5cb08c1d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arrayz.com"] [uri "/.env"] [unique_id "aUdtls04-t8q5l5ICraDmAAAAAY"] Action: Intercepted (phase 1) Stopwatch: 1766288790478042 740 (- - -) Stopwatch2: 1766288790478042 740; combined=280, p1=227, p2=0, p3=0, p4=0, p5=53, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --5cb08c1d-Z-- --0ad96a1e-A-- [21/Dec/2025:09:16:30.600498 +0530] aUdtlrJwIwz9o2VerA9HQQAAAAQ 45.139.104.184 52408 127.0.0.1 7081 --0ad96a1e-B-- GET /.env HTTP/1.0 Host: arrayz.com X-Real-IP: 45.139.104.184 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --0ad96a1e-F-- HTTP/1.1 403 Forbidden Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "31b-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --0ad96a1e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arrayz.com"] [uri "/.env"] [unique_id "aUdtlrJwIwz9o2VerA9HQQAAAAQ"] Action: Intercepted (phase 1) Stopwatch: 1766288790599833 734 (- - -) Stopwatch2: 1766288790599833 734; combined=294, p1=238, p2=0, p3=0, p4=0, p5=56, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --0ad96a1e-Z-- --5cb08c1d-A-- [21/Dec/2025:09:16:30.719644 +0530] aUdtlmsBTnChqaInkEcs0AAAAAs 45.139.104.184 52426 127.0.0.1 7081 --5cb08c1d-B-- GET /.env.local HTTP/1.0 Host: arrayz.com X-Real-IP: 45.139.104.184 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --5cb08c1d-F-- HTTP/1.1 403 Forbidden Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "31b-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --5cb08c1d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arrayz.com"] [uri "/.env.local"] [unique_id "aUdtlmsBTnChqaInkEcs0AAAAAs"] Action: Intercepted (phase 1) Stopwatch: 1766288790718716 1009 (- - -) Stopwatch2: 1766288790718716 1009; combined=259, p1=199, p2=0, p3=0, p4=0, p5=60, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --5cb08c1d-Z-- --cd800548-A-- [21/Dec/2025:09:25:25.367568 +0530] aUdvrRnMy4s8is3Wsec4RgAAAAc 78.153.140.177 34464 127.0.0.1 7080 --cd800548-B-- GET /.env HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 78.153.140.177 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SCH-I545 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36 --cd800548-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --cd800548-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/.env"] [unique_id "aUdvrRnMy4s8is3Wsec4RgAAAAc"] Action: Intercepted (phase 1) Stopwatch: 1766289325366967 656 (- - -) Stopwatch2: 1766289325366967 656; combined=276, p1=214, p2=0, p3=0, p4=0, p5=62, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --cd800548-Z-- --7f382f0d-A-- [21/Dec/2025:09:25:25.857032 +0530] aUdvrTRImS6LYm6NoR2TdwAAABM 78.153.140.177 34468 127.0.0.1 7080 --7f382f0d-B-- GET /api/.env HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 78.153.140.177 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR) AppleWebKit/525.28 (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1 --7f382f0d-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --7f382f0d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/api/.env"] [unique_id "aUdvrTRImS6LYm6NoR2TdwAAABM"] Action: Intercepted (phase 1) Stopwatch: 1766289325856527 564 (- - -) Stopwatch2: 1766289325856527 564; combined=243, p1=189, p2=0, p3=0, p4=0, p5=53, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --7f382f0d-Z-- --30ba414d-A-- [21/Dec/2025:09:25:26.429456 +0530] aUdvrs04-t8q5l5ICraG0QAAAAY 78.153.140.177 44960 127.0.0.1 7080 --30ba414d-B-- GET /backend/.env HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 78.153.140.177 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.109 Safari/537.36 OPR/35.0.2066.68 --30ba414d-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --30ba414d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/backend/.env"] [unique_id "aUdvrs04-t8q5l5ICraG0QAAAAY"] Action: Intercepted (phase 1) Stopwatch: 1766289326429016 489 (- - -) Stopwatch2: 1766289326429016 489; combined=222, p1=171, p2=0, p3=0, p4=0, p5=51, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --30ba414d-Z-- --5a64c950-A-- [21/Dec/2025:09:25:26.801769 +0530] aUdvrjRImS6LYm6NoR2TeQAAABM 78.153.140.177 44964 127.0.0.1 7080 --5a64c950-B-- GET /admin/.env HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 78.153.140.177 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.4 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.4 --5a64c950-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a64c950-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/admin/.env"] [unique_id "aUdvrjRImS6LYm6NoR2TeQAAABM"] Action: Intercepted (phase 1) Stopwatch: 1766289326801033 800 (- - -) Stopwatch2: 1766289326801033 800; combined=321, p1=246, p2=0, p3=0, p4=0, p5=75, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --5a64c950-Z-- --09fa1f5f-A-- [21/Dec/2025:09:25:27.136283 +0530] aUdvrxnMy4s8is3Wsec4SgAAAAc 78.153.140.177 44970 127.0.0.1 7080 --09fa1f5f-B-- GET /.env.example HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 78.153.140.177 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 --09fa1f5f-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --09fa1f5f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/.env.example"] [unique_id "aUdvrxnMy4s8is3Wsec4SgAAAAc"] Action: Intercepted (phase 1) Stopwatch: 1766289327135016 1321 (- - -) Stopwatch2: 1766289327135016 1321; combined=295, p1=225, p2=0, p3=0, p4=0, p5=69, sr=106, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --09fa1f5f-Z-- --ce611033-A-- [21/Dec/2025:09:27:39.274761 +0530] aUdwMwk6MsRCKodPG0CohwAAAAE 78.153.140.222 56138 127.0.0.1 7080 --ce611033-B-- GET /.env HTTP/1.0 Host: www.printotech.com X-Real-IP: 78.153.140.222 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; U; Linux; i686; en-US; rv:1.6) Gecko Galeon/1.3.14 --ce611033-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 27 Dec 2024 11:52:48 GMT ETag: "31b-62a3f1a0472fe" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --ce611033-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.printotech.com"] [uri "/.env"] [unique_id "aUdwMwk6MsRCKodPG0CohwAAAAE"] Action: Intercepted (phase 1) Stopwatch: 1766289459273998 830 (- - -) Stopwatch2: 1766289459273998 830; combined=289, p1=229, p2=0, p3=0, p4=0, p5=59, sr=106, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --ce611033-Z-- --33391157-A-- [21/Dec/2025:09:27:45.115879 +0530] aUdwOaUjF9K_gET4tTdGpQAAAAI 78.153.140.222 56168 127.0.0.1 7080 --33391157-B-- GET /api/.env HTTP/1.0 Host: www.printotech.com X-Real-IP: 78.153.140.222 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Opera/9.80 (Android 2.3.4; Linux; Opera Mobi/ADR-1202231246; U; en-GB) Presto/2.10.254 Version/12.00 --33391157-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 27 Dec 2024 11:52:48 GMT ETag: "31b-62a3f1a0472fe" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --33391157-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.printotech.com"] [uri "/api/.env"] [unique_id "aUdwOaUjF9K_gET4tTdGpQAAAAI"] Action: Intercepted (phase 1) Stopwatch: 1766289465114944 1000 (- - -) Stopwatch2: 1766289465114944 1000; combined=358, p1=299, p2=0, p3=0, p4=0, p5=59, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --33391157-Z-- --87f75267-A-- [21/Dec/2025:09:27:46.621093 +0530] aUdwOgSs9dVR1wvgqG6B7wAAAAA 78.153.140.222 37084 127.0.0.1 7080 --87f75267-B-- GET /dev/.env HTTP/1.0 Host: www.printotech.com X-Real-IP: 78.153.140.222 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:26.0) Gecko/20100101 Firefox/26.0 --87f75267-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 27 Dec 2024 11:52:48 GMT ETag: "31b-62a3f1a0472fe" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --87f75267-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.printotech.com"] [uri "/dev/.env"] [unique_id "aUdwOgSs9dVR1wvgqG6B7wAAAAA"] Action: Intercepted (phase 1) Stopwatch: 1766289466620308 880 (- - -) Stopwatch2: 1766289466620308 880; combined=323, p1=257, p2=0, p3=0, p4=0, p5=66, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --87f75267-Z-- --9e897a64-A-- [21/Dec/2025:09:27:50.655041 +0530] aUdwPsEqSmRf8edZvI4vhAAAAAo 78.153.140.222 37112 127.0.0.1 7080 --9e897a64-B-- GET /admin/.env HTTP/1.0 Host: www.printotech.com X-Real-IP: 78.153.140.222 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG SCH-I545 4G Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36 --9e897a64-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 27 Dec 2024 11:52:48 GMT ETag: "31b-62a3f1a0472fe" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --9e897a64-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.printotech.com"] [uri "/admin/.env"] [unique_id "aUdwPsEqSmRf8edZvI4vhAAAAAo"] Action: Intercepted (phase 1) Stopwatch: 1766289470654279 874 (- - -) Stopwatch2: 1766289470654279 874; combined=307, p1=238, p2=0, p3=0, p4=0, p5=69, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --9e897a64-Z-- --0561572d-A-- [21/Dec/2025:09:27:51.414087 +0530] aUdwPxnMy4s8is3Wsec4xwAAAAc 78.153.140.222 37118 127.0.0.1 7080 --0561572d-B-- GET /laravel/.env HTTP/1.0 Host: www.printotech.com X-Real-IP: 78.153.140.222 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36 --0561572d-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 27 Dec 2024 11:52:48 GMT ETag: "31b-62a3f1a0472fe" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --0561572d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.printotech.com"] [uri "/laravel/.env"] [unique_id "aUdwPxnMy4s8is3Wsec4xwAAAAc"] Action: Intercepted (phase 1) Stopwatch: 1766289471413364 821 (- - -) Stopwatch2: 1766289471413364 821; combined=294, p1=228, p2=0, p3=0, p4=0, p5=65, sr=107, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --0561572d-Z-- --d3bc022b-A-- [21/Dec/2025:09:34:25.483178 +0530] aUdxyc04-t8q5l5ICraJTwAAAAY 172.70.46.244 50666 127.0.0.1 7081 --d3bc022b-B-- GET /.env HTTP/1.0 Host: www.sarvasya.com X-Real-IP: 172.70.46.244 X-Forwarded-For: 77.83.39.58 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 cf-ray: 9b147ec92d770e36-AMS accept-encoding: gzip, br cdn-loop: cloudflare; loops=1 cf-connecting-ip: 77.83.39.58 cf-ipcountry: UA cf-visitor: {"scheme":"https"} x-forwarded-proto: https --d3bc022b-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:26:01 GMT ETag: "31b-62149705b580e" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --d3bc022b-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarvasya.com"] [uri "/.env"] [unique_id "aUdxyc04-t8q5l5ICraJTwAAAAY"] Action: Intercepted (phase 1) Stopwatch: 1766289865482568 700 (- - -) Stopwatch2: 1766289865482568 700; combined=231, p1=180, p2=0, p3=0, p4=0, p5=51, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --d3bc022b-Z-- --d7e92574-A-- [21/Dec/2025:09:39:43.425271 +0530] aUdzB8EqSmRf8edZvI4yzQAAAAo 62.60.131.162 46590 127.0.0.1 7081 --d7e92574-B-- GET /.git/config HTTP/1.0 Host: remisai.org X-Real-IP: 62.60.131.162 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --d7e92574-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 16 Dec 2025 08:11:58 GMT ETag: "31b-6460d481681bc" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --d7e92574-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "remisai.org"] [uri "/.git/config"] [unique_id "aUdzB8EqSmRf8edZvI4yzQAAAAo"] Action: Intercepted (phase 1) Stopwatch: 1766290183424623 713 (- - -) Stopwatch2: 1766290183424623 713; combined=267, p1=210, p2=0, p3=0, p4=0, p5=57, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --d7e92574-Z-- --27282053-A-- [21/Dec/2025:09:40:12.018108 +0530] aUdzJAk6MsRCKodPG0CrtAAAAAE 82.26.93.41 47940 127.0.0.1 7080 --27282053-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 82.26.93.41 Connection: close Content-Length: 241 Upgrade-Insecure-Requests: 1 Accept: */* User-Agent: libredtail-http Content-Type: application/x-www-form-urlencoded --27282053-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --27282053-E-- --27282053-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||default-198-71-51-75|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||default-198-71-51-75|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\\\x5cxadd allow_url_include=1 \\\\x5cxadd auto_prepend_file=php://input: \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "default-198-71-51-75"] [uri "/hello.world"] [unique_id "aUdzJAk6MsRCKodPG0CrtAAAAAE"] Action: Intercepted (phase 2) Stopwatch: 1766290212015694 2491 (- - -) Stopwatch2: 1766290212015694 2491; combined=1170, p1=424, p2=662, p3=0, p4=0, p5=84, sr=148, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --27282053-Z-- --a411424f-A-- [21/Dec/2025:09:40:12.490275 +0530] aUdzJMEqSmRf8edZvI4y_gAAAAo 82.26.93.41 47952 127.0.0.1 7080 --a411424f-B-- POST /?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 82.26.93.41 Connection: close Content-Length: 241 Upgrade-Insecure-Requests: 1 Accept: */* User-Agent: libredtail-http Content-Type: application/x-www-form-urlencoded --a411424f-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --a411424f-E-- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access this resource.</p> <hr> <address>Apache Server at default-198-71-51-75 Port 80</address> </body></html> --a411424f-H-- Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||default-198-71-51-75|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||default-198-71-51-75|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\\\x5cxadd allow_url_include=1 \\\\x5cxadd auto_prepend_file=php://input: \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "default-198-71-51-75"] [uri "/"] [unique_id "aUdzJMEqSmRf8edZvI4y_gAAAAo"] Action: Intercepted (phase 2) Stopwatch: 1766290212488170 2173 (- - -) Stopwatch2: 1766290212488170 2173; combined=987, p1=347, p2=582, p3=0, p4=0, p5=57, sr=93, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --a411424f-Z-- --a6340570-A-- [21/Dec/2025:09:46:01.456246 +0530] aUd0gaPds-ib5QXG8MennwAAAAc 78.153.140.171 58386 127.0.0.1 7080 --a6340570-B-- GET /.env HTTP/1.0 Host: 3econcepts.com X-Real-IP: 78.153.140.171 Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4 --a6340570-F-- HTTP/1.1 403 Forbidden Content-Length: 263 Connection: close Content-Type: text/html; charset=iso-8859-1 --a6340570-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "3econcepts.com"] [uri "/.env"] [unique_id "aUd0gaPds-ib5QXG8MennwAAAAc"] Action: Intercepted (phase 1) Stopwatch: 1766290561455662 646 (- - -) Stopwatch2: 1766290561455662 646; combined=290, p1=236, p2=0, p3=0, p4=0, p5=54, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --a6340570-Z-- --ee311936-A-- [21/Dec/2025:09:46:01.505479 +0530] aUd0gWsBTnChqaInkEc2mAAAAAs 78.153.140.171 58392 127.0.0.1 7080 --ee311936-B-- GET /.env HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 78.153.140.171 Connection: close Accept: */* User-Agent: Mozilla/5.0 (PLAYSTATION 3; 2.00) --ee311936-F-- HTTP/1.1 403 Forbidden Content-Length: 267 Connection: close Content-Type: text/html; charset=iso-8859-1 --ee311936-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.3econcepts.com"] [uri "/.env"] [unique_id "aUd0gWsBTnChqaInkEc2mAAAAAs"] Action: Intercepted (phase 1) Stopwatch: 1766290561504949 582 (- - -) Stopwatch2: 1766290561504949 582; combined=250, p1=182, p2=0, p3=0, p4=0, p5=68, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --ee311936-Z-- --fc3b9848-A-- [21/Dec/2025:09:46:03.312165 +0530] aUd0g7l9-CDuFu7Izf4slgAAAAA 78.153.140.171 58454 127.0.0.1 7080 --fc3b9848-B-- GET /api/.env HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 78.153.140.171 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 --fc3b9848-F-- HTTP/1.1 403 Forbidden Content-Length: 267 Connection: close Content-Type: text/html; charset=iso-8859-1 --fc3b9848-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.3econcepts.com"] [uri "/api/.env"] [unique_id "aUd0g7l9-CDuFu7Izf4slgAAAAA"] Action: Intercepted (phase 1) Stopwatch: 1766290563311524 695 (- - -) Stopwatch2: 1766290563311524 695; combined=308, p1=240, p2=0, p3=0, p4=0, p5=68, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --fc3b9848-Z-- --d9378c1a-A-- [21/Dec/2025:09:46:03.620788 +0530] aUd0g2sBTnChqaInkEc2oQAAAAs 78.153.140.171 58464 127.0.0.1 7080 --d9378c1a-B-- GET /api/.env HTTP/1.0 Host: 3econcepts.com X-Real-IP: 78.153.140.171 Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; FreeBSD amd64) AppleWebKit/536.5 (KHTML like Gecko) Chrome/19.0.1084.56 Safari/536.5 --d9378c1a-F-- HTTP/1.1 403 Forbidden Content-Length: 263 Connection: close Content-Type: text/html; charset=iso-8859-1 --d9378c1a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "3econcepts.com"] [uri "/api/.env"] [unique_id "aUd0g2sBTnChqaInkEc2oQAAAAs"] Action: Intercepted (phase 1) Stopwatch: 1766290563620140 701 (- - -) Stopwatch2: 1766290563620140 701; combined=297, p1=233, p2=0, p3=0, p4=0, p5=63, sr=113, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --d9378c1a-Z-- --e95c871e-A-- [21/Dec/2025:09:46:04.631200 +0530] aUd0hDRImS6LYm6NoR2ZFQAAABM 78.153.140.171 58496 127.0.0.1 7080 --e95c871e-B-- GET /dev/.env HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 78.153.140.171 Connection: close Accept: */* User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Macintosh; Intel Mac OS X 10_7_3; Trident/6.0) --e95c871e-F-- HTTP/1.1 403 Forbidden Content-Length: 267 Connection: close Content-Type: text/html; charset=iso-8859-1 --e95c871e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.3econcepts.com"] [uri "/dev/.env"] [unique_id "aUd0hDRImS6LYm6NoR2ZFQAAABM"] Action: Intercepted (phase 1) Stopwatch: 1766290564630597 656 (- - -) Stopwatch2: 1766290564630597 656; combined=276, p1=215, p2=0, p3=0, p4=0, p5=61, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --e95c871e-Z-- --c6cf6832-A-- [21/Dec/2025:09:46:04.635700 +0530] aUd0hLl9-CDuFu7Izf4sngAAAAA 78.153.140.171 58510 127.0.0.1 7080 --c6cf6832-B-- GET /dev/.env HTTP/1.0 Host: 3econcepts.com X-Real-IP: 78.153.140.171 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 --c6cf6832-F-- HTTP/1.1 403 Forbidden Content-Length: 263 Connection: close Content-Type: text/html; charset=iso-8859-1 --c6cf6832-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "3econcepts.com"] [uri "/dev/.env"] [unique_id "aUd0hLl9-CDuFu7Izf4sngAAAAA"] Action: Intercepted (phase 1) Stopwatch: 1766290564635108 643 (- - -) Stopwatch2: 1766290564635108 643; combined=297, p1=232, p2=0, p3=0, p4=0, p5=65, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --c6cf6832-Z-- --e2134c25-A-- [21/Dec/2025:09:53:55.408333 +0530] aUd2WzRImS6LYm6NoR2b_AAAABM 141.98.11.171 43182 127.0.0.1 7081 --e2134c25-B-- GET /.env HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 141.98.11.171 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 --e2134c25-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 26 Dec 2024 13:21:14 GMT ETag: "31b-62a2c387059a1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --e2134c25-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tandonamit.com"] [uri "/.env"] [unique_id "aUd2WzRImS6LYm6NoR2b_AAAABM"] Action: Intercepted (phase 1) Stopwatch: 1766291035407731 665 (- - -) Stopwatch2: 1766291035407731 665; combined=209, p1=156, p2=0, p3=0, p4=0, p5=53, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --e2134c25-Z-- --ce3c345f-A-- [21/Dec/2025:09:53:56.063681 +0530] aUd2XDRImS6LYm6NoR2b_gAAABM 141.98.11.171 43318 127.0.0.1 7081 --ce3c345f-B-- GET /.env HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 141.98.11.171 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 --ce3c345f-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 26 Dec 2024 13:21:14 GMT ETag: "31b-62a2c387059a1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --ce3c345f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tandonamit.com"] [uri "/.env"] [unique_id "aUd2XDRImS6LYm6NoR2b_gAAABM"] Action: Intercepted (phase 1) Stopwatch: 1766291036062690 1069 (- - -) Stopwatch2: 1766291036062690 1069; combined=319, p1=245, p2=0, p3=0, p4=0, p5=73, sr=103, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --ce3c345f-Z-- --f5313f63-A-- [21/Dec/2025:09:57:32.594544 +0530] aUd3NLJwIwz9o2VerA9VAQAAAAQ 76.70.97.180 44484 127.0.0.1 7081 --f5313f63-B-- GET /__nextjs_original-stack-frame?isServer=false&isEdgeServer=false&isAppDirectory=true&errorMessage=ChunkLoadError%3A+Loading+chunk+app%2Flayout+failed.%0A%28error%3A+https%3A%2F%2Fshows.tandonamit.com%2F_next%2Fstatic%2Fchunks%2Fapp%2Flayout.js%29&file=%5Bnative+code%5D&methodName=reduce&arguments=&lineNumber=&column= HTTP/1.0 Host: shows.tandonamit.com X-Real-IP: 76.70.97.180 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-fetch-dest: empty user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_6_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.6 Mobile/15E148 Safari/604.1 accept: */* referer: https://shows.tandonamit.com/shows sec-fetch-site: same-origin sec-fetch-mode: cors accept-language: en-CA,en-US;q=0.9,en;q=0.8 priority: u=3, i accept-encoding: gzip, deflate, br cookie: _ga=GA1.1.401311923.1766213398; _ga_RCLQTEVD36=GS2.1.s1766213397$o1$g1$t1766214738$j60$l0$h0 --f5313f63-F-- HTTP/1.1 403 Forbidden Connection: close Content-Type: text/html; charset=iso-8859-1 --f5313f63-H-- Message: Access denied with code 403 (phase 3). Match of "validateByteRange 0-31" against "ARGS:arguments" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "6640"] [id "243420"] [rev "4"] [msg "COMODO WAF: Information disclosure vulnerability in Eclipse Jetty before 9.2.9.v20150224 (CVE-2015-2080)||shows.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 3). Match of "validateByteRange 0-31" against "ARGS:arguments" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "6640"] [id "243420"] [rev "4"] [msg "COMODO WAF: Information disclosure vulnerability in Eclipse Jetty before 9.2.9.v20150224 (CVE-2015-2080)||shows.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "shows.tandonamit.com"] [uri "/__nextjs_original-stack-frame"] [unique_id "aUd3NLJwIwz9o2VerA9VAQAAAAQ"] Action: Intercepted (phase 3) Stopwatch: 1766291252585572 9064 (- - -) Stopwatch2: 1766291252585572 9064; combined=5221, p1=380, p2=4655, p3=101, p4=0, p5=84, sr=145, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache WebApp-Info: "default" "1766213398" "-" Engine-Mode: "ENABLED" --f5313f63-Z-- --2f2bc02a-A-- [21/Dec/2025:09:57:32.597119 +0530] aUd3NKPds-ib5QXG8MeszAAAAAc 76.70.97.180 44514 127.0.0.1 7081 --2f2bc02a-B-- GET /__nextjs_original-stack-frame?isServer=false&isEdgeServer=false&isAppDirectory=true&errorMessage=ChunkLoadError%3A+Loading+chunk+app%2Flayout+failed.%0A%28error%3A+https%3A%2F%2Fshows.tandonamit.com%2F_next%2Fstatic%2Fchunks%2Fapp%2Flayout.js%29&file=%5Bnative+code%5D&methodName=reduce&arguments=&lineNumber=&column= HTTP/1.0 Host: shows.tandonamit.com X-Real-IP: 76.70.97.180 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-fetch-dest: empty user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_6_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.6 Mobile/15E148 Safari/604.1 accept: */* referer: https://shows.tandonamit.com/shows sec-fetch-site: same-origin sec-fetch-mode: cors accept-language: en-CA,en-US;q=0.9,en;q=0.8 priority: u=3, i accept-encoding: gzip, deflate, br cookie: _ga=GA1.1.401311923.1766213398; _ga_RCLQTEVD36=GS2.1.s1766213397$o1$g1$t1766214738$j60$l0$h0 --2f2bc02a-F-- HTTP/1.1 403 Forbidden Connection: close Content-Type: text/html; charset=iso-8859-1 --2f2bc02a-H-- Message: Access denied with code 403 (phase 3). Match of "validateByteRange 0-31" against "ARGS:arguments" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "6640"] [id "243420"] [rev "4"] [msg "COMODO WAF: Information disclosure vulnerability in Eclipse Jetty before 9.2.9.v20150224 (CVE-2015-2080)||shows.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 3). Match of "validateByteRange 0-31" against "ARGS:arguments" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "6640"] [id "243420"] [rev "4"] [msg "COMODO WAF: Information disclosure vulnerability in Eclipse Jetty before 9.2.9.v20150224 (CVE-2015-2080)||shows.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "shows.tandonamit.com"] [uri "/__nextjs_original-stack-frame"] [unique_id "aUd3NKPds-ib5QXG8MeszAAAAAc"] Action: Intercepted (phase 3) Stopwatch: 1766291252591004 6191 (- - -) Stopwatch2: 1766291252591004 6191; combined=3707, p1=258, p2=3297, p3=82, p4=0, p5=70, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache WebApp-Info: "default" "1766213398" "-" Engine-Mode: "ENABLED" --2f2bc02a-Z-- --31b86b20-A-- [21/Dec/2025:09:59:12.075248 +0530] aUd3mGsBTnChqaInkEc8FAAAAAs 146.190.149.85 38462 127.0.0.1 7081 --31b86b20-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 146.190.149.85 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --31b86b20-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 07 Jan 2025 07:31:20 GMT ETag: "31b-62b18bb319e1b" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --31b86b20-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.csquaretech.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUd3mGsBTnChqaInkEc8FAAAAAs"] Action: Intercepted (phase 2) Stopwatch: 1766291352072932 2378 (- - -) Stopwatch2: 1766291352072932 2378; combined=859, p1=366, p2=441, p3=0, p4=0, p5=52, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --31b86b20-Z-- --8eb66d17-A-- [21/Dec/2025:10:11:07.139984 +0530] aUd6Y4ztHPvWM-m_k0WWZgAAAAg 217.156.8.96 48362 127.0.0.1 7081 --8eb66d17-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: starcrest.in X-Real-IP: 217.156.8.96 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9,ar;q=0.8 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Cache-Control: max-age=0 Referer: https://duckduckgo.com/ Sec-Ch-Ua: "Not_A Brand";v="8", "Chromium";v="121", "Google Chrome";v="121" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "macOS" Cookie: wordpress_test_cookie=WP%20Cookie%20check --8eb66d17-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 08 Oct 2025 12:53:18 GMT ETag: "31b-640a52b2c00e0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --8eb66d17-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||starcrest.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||starcrest.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "starcrest.in"] [uri "/wp-json/wp/v2/users"] [unique_id "aUd6Y4ztHPvWM-m_k0WWZgAAAAg"] Action: Intercepted (phase 2) Stopwatch: 1766292067137363 2757 (- - -) Stopwatch2: 1766292067137363 2757; combined=1260, p1=320, p2=880, p3=0, p4=0, p5=60, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --8eb66d17-Z-- --bc11871f-A-- [21/Dec/2025:10:12:45.973411 +0530] aUd6xd_HuRkb5cXUUfP7EAAAACY 104.22.1.176 56190 127.0.0.1 7081 --bc11871f-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.getcalley.com X-Real-IP: 104.22.1.176 X-Forwarded-For: 34.75.9.77 Connection: close accept-encoding: gzip, br cf-ray: 9b14b6f51a30c636-ATL user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 cdn-loop: cloudflare; loops=1 cf-connecting-ip: 34.75.9.77 cf-ipcountry: US cf-visitor: {"scheme":"https"} x-forwarded-proto: https --bc11871f-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 00:48:36 GMT ETag: "31b-6212c6aeef54c" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --bc11871f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.getcalley.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUd6xd_HuRkb5cXUUfP7EAAAACY"] Action: Intercepted (phase 2) Stopwatch: 1766292165970703 2794 (- - -) Stopwatch2: 1766292165970703 2794; combined=973, p1=337, p2=586, p3=0, p4=0, p5=50, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --bc11871f-Z-- --2ebb000d-A-- [21/Dec/2025:10:12:47.245478 +0530] aUd6xz-CXRAo7R4iA2mRYgAAABM 34.194.165.45 44754 127.0.0.1 7081 --2ebb000d-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/self/fd&viewfile=//proc/self/fd/16 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.194.165.45 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --2ebb000d-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --2ebb000d-H-- Message: Access denied with code 403 (phase 2). Matched phrase "proc/self/fd/1" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/fd/1 found within ARGS:viewfile: /proc/self/fd/16"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "proc/self/fd/1" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/fd/1 found within ARGS:viewfile: /proc/self/fd/16"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUd6xz-CXRAo7R4iA2mRYgAAABM"] Action: Intercepted (phase 2) Stopwatch: 1766292167243286 2263 (- - -) Stopwatch2: 1766292167243286 2263; combined=720, p1=404, p2=220, p3=0, p4=0, p5=95, sr=113, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --2ebb000d-Z-- --798da708-A-- [21/Dec/2025:10:12:48.021267 +0530] aUd6yMI-2DSgJ5LqOcbXwgAAAA0 64.23.174.208 44948 127.0.0.1 7081 --798da708-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.medikonindia.com X-Real-IP: 64.23.174.208 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --798da708-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 12:49:02 GMT ETag: "31b-621367b68123d" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --798da708-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.medikonindia.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.medikonindia.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.medikonindia.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUd6yMI-2DSgJ5LqOcbXwgAAAA0"] Action: Intercepted (phase 2) Stopwatch: 1766292168019313 2015 (- - -) Stopwatch2: 1766292168019313 2015; combined=831, p1=329, p2=452, p3=0, p4=0, p5=50, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --798da708-Z-- --0a63bd47-A-- [21/Dec/2025:10:14:06.020582 +0530] aUd7FmS2HqJOB_ejceO1PwAAAAo 152.69.212.11 37098 127.0.0.1 7081 --0a63bd47-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 152.69.212.11 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_6_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15 Accept-Encoding: gzip, deflate, br Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9,ar;q=0.8 DNT: 1 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Cache-Control: no-cache Pragma: no-cache Cookie: wordpress_test_cookie=WP%20Cookie%20check --0a63bd47-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 01 Apr 2025 09:55:02 GMT ETag: "31b-631b487d3bba1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --0a63bd47-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "archangledesignstudio.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aUd7FmS2HqJOB_ejceO1PwAAAAo"] Action: Intercepted (phase 2) Stopwatch: 1766292246017802 2883 (- - -) Stopwatch2: 1766292246017802 2883; combined=1337, p1=348, p2=933, p3=0, p4=0, p5=56, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --0a63bd47-Z-- --7d07376c-A-- [21/Dec/2025:10:17:39.210601 +0530] aUd769e5nw9-vGm5WflbjgAAAAU 104.196.202.143 55802 127.0.0.1 7081 --7d07376c-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 104.196.202.143 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=5b48df3f0599b2de77a9abdc0b307a8d1766292453 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --7d07376c-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 13:22:32 GMT ETag: "31b-62136f33606a0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --7d07376c-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mindscan.edu.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mindscan.edu.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.mindscan.edu.in"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUd769e5nw9-vGm5WflbjgAAAAU"] Action: Intercepted (phase 2) Stopwatch: 1766292459207708 3000 (- - -) Stopwatch2: 1766292459207708 3000; combined=1359, p1=430, p2=853, p3=0, p4=0, p5=76, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --7d07376c-Z-- --7a80fd14-A-- [21/Dec/2025:10:18:02.596775 +0530] aUd8AvF-0w6ZqelqawVHiQAAAAY 34.133.83.94 52196 127.0.0.1 7081 --7a80fd14-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 34.133.83.94 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --7a80fd14-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 01 Apr 2025 09:55:02 GMT ETag: "31b-631b487d3bba1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --7a80fd14-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "archangledesignstudio.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUd8AvF-0w6ZqelqawVHiQAAAAY"] Action: Intercepted (phase 2) Stopwatch: 1766292482594422 2417 (- - -) Stopwatch2: 1766292482594422 2417; combined=907, p1=323, p2=496, p3=0, p4=0, p5=87, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --7a80fd14-Z-- --f7943b47-A-- [21/Dec/2025:10:18:20.884539 +0530] aUd8FF53GexfKio11gmNVQAAABs 34.139.106.155 48130 127.0.0.1 7081 --f7943b47-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.rooferscombine.com X-Real-IP: 34.139.106.155 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --f7943b47-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 13:25:42 GMT ETag: "31b-6214b1c60bbe1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --f7943b47-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rooferscombine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rooferscombine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rooferscombine.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUd8FF53GexfKio11gmNVQAAABs"] Action: Intercepted (phase 2) Stopwatch: 1766292500882550 2051 (- - -) Stopwatch2: 1766292500882550 2051; combined=824, p1=285, p2=484, p3=0, p4=0, p5=54, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --f7943b47-Z-- --a1b18540-A-- [21/Dec/2025:10:18:37.270322 +0530] aUd8JYv-75TLlyZi5YqO3gAAAAQ 35.245.197.113 46290 127.0.0.1 7081 --a1b18540-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 35.245.197.113 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=8f00d31d1a92707cdec6b75e98e115b81766292512 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --a1b18540-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 13:22:32 GMT ETag: "31b-62136f33606a0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --a1b18540-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mindscan.edu.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mindscan.edu.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.mindscan.edu.in"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUd8JYv-75TLlyZi5YqO3gAAAAQ"] Action: Intercepted (phase 2) Stopwatch: 1766292517267642 2746 (- - -) Stopwatch2: 1766292517267642 2746; combined=1276, p1=367, p2=854, p3=0, p4=0, p5=55, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --a1b18540-Z-- --f9778476-A-- [21/Dec/2025:10:18:51.090515 +0530] aUd8MzMYtMfr-dEh2ev35wAAAAA 35.245.80.44 57898 127.0.0.1 7081 --f9778476-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 35.245.80.44 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --f9778476-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 07 Jan 2025 07:31:20 GMT ETag: "31b-62b18bb319e1b" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --f9778476-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.csquaretech.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUd8MzMYtMfr-dEh2ev35wAAAAA"] Action: Intercepted (phase 2) Stopwatch: 1766292531088256 2321 (- - -) Stopwatch2: 1766292531088256 2321; combined=814, p1=310, p2=453, p3=0, p4=0, p5=51, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --f9778476-Z-- --8072c65b-A-- [21/Dec/2025:10:22:52.402139 +0530] aUd9JF53GexfKio11gmOrgAAABs 34.11.45.190 33782 127.0.0.1 7081 --8072c65b-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: best-website-designs.com X-Real-IP: 34.11.45.190 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --8072c65b-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 29 Nov 2024 11:49:32 GMT ETag: "31b-6280bcad52275" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --8072c65b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "best-website-designs.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUd9JF53GexfKio11gmOrgAAABs"] Action: Intercepted (phase 2) Stopwatch: 1766292772399976 2225 (- - -) Stopwatch2: 1766292772399976 2225; combined=848, p1=309, p2=482, p3=0, p4=0, p5=57, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --8072c65b-Z-- --4a184100-A-- [21/Dec/2025:10:23:24.319207 +0530] aUd9RNpPEUvVkFozP2UUfAAAAAg 107.189.10.79 60426 127.0.0.1 7081 --4a184100-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 107.189.10.79 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate Accept: */* User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299 --4a184100-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 09:00:36 GMT ETag: "31b-621334a764ee0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --4a184100-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aUd9RNpPEUvVkFozP2UUfAAAAAg"] Action: Intercepted (phase 2) Stopwatch: 1766292804316665 2617 (- - -) Stopwatch2: 1766292804316665 2617; combined=949, p1=343, p2=546, p3=0, p4=0, p5=59, sr=94, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --4a184100-Z-- --d37b0708-A-- [21/Dec/2025:10:24:51.098087 +0530] aUd9mzMYtMfr-dEh2ev5QwAAAAA 18.206.47.187 58604 127.0.0.1 7081 --d37b0708-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/self/fd&viewfile=//proc/self/fd/49 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 18.206.47.187 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --d37b0708-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --d37b0708-H-- Message: Access denied with code 403 (phase 2). Matched phrase "proc/self/fd/4" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/fd/4 found within ARGS:viewfile: /proc/self/fd/49"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "proc/self/fd/4" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/fd/4 found within ARGS:viewfile: /proc/self/fd/49"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUd9mzMYtMfr-dEh2ev5QwAAAAA"] Action: Intercepted (phase 2) Stopwatch: 1766292891096124 3027 (- - -) Stopwatch2: 1766292891096124 3027; combined=633, p1=351, p2=220, p3=0, p4=0, p5=61, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --d37b0708-Z-- --a785162e-A-- [21/Dec/2025:10:25:03.843855 +0530] aUd9p4v-75TLlyZi5YqQPwAAAAQ 34.74.187.37 44780 127.0.0.1 7081 --a785162e-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.bspsons.com X-Real-IP: 34.74.187.37 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --a785162e-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 04:18:02 GMT ETag: "31b-6212f57eda023" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --a785162e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.bspsons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.bspsons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.bspsons.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUd9p4v-75TLlyZi5YqQPwAAAAQ"] Action: Intercepted (phase 2) Stopwatch: 1766292903841617 2316 (- - -) Stopwatch2: 1766292903841617 2316; combined=904, p1=333, p2=496, p3=0, p4=0, p5=75, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --a785162e-Z-- --47b94834-A-- [21/Dec/2025:10:25:05.178100 +0530] aUd9qTMYtMfr-dEh2ev5UwAAAAA 34.187.248.176 44998 127.0.0.1 7081 --47b94834-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.retaxis.com X-Real-IP: 34.187.248.176 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=f3d288a38fcfada8b7768fc46d6270741766292904 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --47b94834-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 10:16:50 GMT ETag: "31b-621345b19387f" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --47b94834-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.retaxis.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUd9qTMYtMfr-dEh2ev5UwAAAAA"] Action: Intercepted (phase 2) Stopwatch: 1766292905174823 3372 (- - -) Stopwatch2: 1766292905174823 3372; combined=1393, p1=402, p2=908, p3=0, p4=0, p5=83, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --47b94834-Z-- --5d25175b-A-- [21/Dec/2025:10:26:30.214529 +0530] aUd9_jMYtMfr-dEh2ev5rAAAAAA 35.197.109.146 32784 127.0.0.1 7081 --5d25175b-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: starcrest.in X-Real-IP: 35.197.109.146 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --5d25175b-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 08 Oct 2025 12:53:18 GMT ETag: "31b-640a52b2c00e0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --5d25175b-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||starcrest.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||starcrest.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "starcrest.in"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUd9_jMYtMfr-dEh2ev5rAAAAAA"] Action: Intercepted (phase 2) Stopwatch: 1766292990212135 2481 (- - -) Stopwatch2: 1766292990212135 2481; combined=871, p1=325, p2=490, p3=0, p4=0, p5=56, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --5d25175b-Z-- --4cd7bb52-A-- [21/Dec/2025:10:26:49.982842 +0530] aUd-ETMYtMfr-dEh2ev5wwAAAAA 45.82.13.170 58702 127.0.0.1 7081 --4cd7bb52-B-- GET /.env HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 45.82.13.170 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 7.0; TRT-L21A) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --4cd7bb52-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 13:22:32 GMT ETag: "31b-62136f33606a0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --4cd7bb52-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mindscan.edu.in"] [uri "/.env"] [unique_id "aUd-ETMYtMfr-dEh2ev5wwAAAAA"] Action: Intercepted (phase 1) Stopwatch: 1766293009982220 691 (- - -) Stopwatch2: 1766293009982220 691; combined=230, p1=176, p2=0, p3=0, p4=0, p5=53, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --4cd7bb52-Z-- --9d0dbf74-A-- [21/Dec/2025:10:27:26.181511 +0530] aUd-NnAD_nobkkG4gkZa6AAAAAc 172.70.39.58 43732 127.0.0.1 7081 --9d0dbf74-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.sarvasya.com X-Real-IP: 172.70.39.58 X-Forwarded-For: 35.245.80.44 X-Accel-Internal: /internal-nginx-static-location Connection: close accept-encoding: gzip, br cf-ray: 9b14cc725cd0084c-IAD user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 cdn-loop: cloudflare; loops=1 cf-connecting-ip: 35.245.80.44 cf-ipcountry: US cf-visitor: {"scheme":"https"} x-forwarded-proto: https --9d0dbf74-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:26:01 GMT ETag: "31b-62149705b580e" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --9d0dbf74-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.sarvasya.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.sarvasya.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.sarvasya.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUd-NnAD_nobkkG4gkZa6AAAAAc"] Action: Intercepted (phase 2) Stopwatch: 1766293046178731 2882 (- - -) Stopwatch2: 1766293046178731 2882; combined=1034, p1=340, p2=635, p3=0, p4=0, p5=59, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --9d0dbf74-Z-- --8c2a6613-A-- [21/Dec/2025:10:28:51.433686 +0530] aUd-i9e5nw9-vGm5WfldzwAAAAU 34.145.172.140 56566 127.0.0.1 7081 --8c2a6613-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 34.145.172.140 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --8c2a6613-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 26 Dec 2024 13:21:14 GMT ETag: "31b-62a2c387059a1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --8c2a6613-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.tandonamit.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUd-i9e5nw9-vGm5WfldzwAAAAU"] Action: Intercepted (phase 2) Stopwatch: 1766293131431146 2603 (- - -) Stopwatch2: 1766293131431146 2603; combined=948, p1=394, p2=498, p3=0, p4=0, p5=56, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --8c2a6613-Z-- --d5681f22-A-- [21/Dec/2025:10:32:33.567892 +0530] aUd_aWS2HqJOB_ejceO5_QAAAAo 34.11.98.43 33448 127.0.0.1 7081 --d5681f22-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: aarrambha.com X-Real-IP: 34.11.98.43 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --d5681f22-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 09 Oct 2025 11:16:25 GMT ETag: "31b-640b7ee87ceaa" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --d5681f22-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||aarrambha.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||aarrambha.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "aarrambha.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUd_aWS2HqJOB_ejceO5_QAAAAo"] Action: Intercepted (phase 2) Stopwatch: 1766293353565327 2630 (- - -) Stopwatch2: 1766293353565327 2630; combined=974, p1=375, p2=545, p3=0, p4=0, p5=54, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --d5681f22-Z-- --e9fb8064-A-- [21/Dec/2025:10:33:24.187072 +0530] aUd_nPF-0w6ZqelqawVL4AAAAAY 44.218.170.184 42340 127.0.0.1 7081 --e9fb8064-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/self/fd&viewfile=//proc/self/fd/76 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.218.170.184 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --e9fb8064-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --e9fb8064-H-- Message: Access denied with code 403 (phase 2). Matched phrase "proc/self/fd/7" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/fd/7 found within ARGS:viewfile: /proc/self/fd/76"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "proc/self/fd/7" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/fd/7 found within ARGS:viewfile: /proc/self/fd/76"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUd_nPF-0w6ZqelqawVL4AAAAAY"] Action: Intercepted (phase 2) Stopwatch: 1766293404185208 1931 (- - -) Stopwatch2: 1766293404185208 1931; combined=606, p1=331, p2=218, p3=0, p4=0, p5=57, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --e9fb8064-Z-- --16f75f17-A-- [21/Dec/2025:10:40:11.502677 +0530] aUeBM_F-0w6ZqelqawVOqgAAAAY 44.196.118.6 39474 127.0.0.1 7081 --16f75f17-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//snap/core20/2582/etc&viewfile=//snap/core20/2582/etc/ca-certificates.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.196.118.6 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --16f75f17-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --16f75f17-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/ca-certificates.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ca-certificates.conf found within ARGS:viewfile: /snap/core20/2582/etc/ca-certificates.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/ca-certificates.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ca-certificates.conf found within ARGS:viewfile: /snap/core20/2582/etc/ca-certificates.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUeBM_F-0w6ZqelqawVOqgAAAAY"] Action: Intercepted (phase 2) Stopwatch: 1766293811500802 1949 (- - -) Stopwatch2: 1766293811500802 1949; combined=614, p1=319, p2=210, p3=0, p4=0, p5=85, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --16f75f17-Z-- --d6c5d03d-A-- [21/Dec/2025:10:43:38.693631 +0530] aUeCAl53GexfKio11gmV3QAAABs 66.85.173.57 46520 127.0.0.1 7081 --d6c5d03d-B-- GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 66.85.173.57 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8 --d6c5d03d-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 09:00:36 GMT ETag: "31b-621334a764ee0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --d6c5d03d-H-- Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dealsdray.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aUeCAl53GexfKio11gmV3QAAABs"] Action: Intercepted (phase 2) Stopwatch: 1766294018691305 2387 (- - -) Stopwatch2: 1766294018691305 2387; combined=754, p1=334, p2=368, p3=0, p4=0, p5=52, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --d6c5d03d-Z-- --f9aeb755-A-- [21/Dec/2025:10:58:50.968261 +0530] aUeFkvF-0w6ZqelqawVUMQAAAAY 44.209.187.99 44620 127.0.0.1 7081 --f9aeb755-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/self/fd&viewfile=//proc/self/fd/112 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.209.187.99 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --f9aeb755-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --f9aeb755-H-- Message: Access denied with code 403 (phase 2). Matched phrase "proc/self/fd/1" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/fd/1 found within ARGS:viewfile: /proc/self/fd/112"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "proc/self/fd/1" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/fd/1 found within ARGS:viewfile: /proc/self/fd/112"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUeFkvF-0w6ZqelqawVUMQAAAAY"] Action: Intercepted (phase 2) Stopwatch: 1766294930966369 1958 (- - -) Stopwatch2: 1766294930966369 1958; combined=609, p1=334, p2=217, p3=0, p4=0, p5=58, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --f9aeb755-Z-- --f22d9335-A-- [21/Dec/2025:10:58:54.553924 +0530] aUeFll53GexfKio11gmamQAAABs 45.144.212.43 44922 127.0.0.1 7081 --f22d9335-B-- GET /.git/config HTTP/1.0 Host: remisai.org X-Real-IP: 45.144.212.43 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20100101 Firefox/5.0 Accept-Charset: utf-8 Accept-Encoding: gzip --f22d9335-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 16 Dec 2025 08:11:58 GMT ETag: "31b-6460d481681bc" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --f22d9335-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "remisai.org"] [uri "/.git/config"] [unique_id "aUeFll53GexfKio11gmamQAAABs"] Action: Intercepted (phase 1) Stopwatch: 1766294934553159 833 (- - -) Stopwatch2: 1766294934553159 833; combined=324, p1=265, p2=0, p3=0, p4=0, p5=58, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --f22d9335-Z-- --8dfdac62-A-- [21/Dec/2025:11:07:56.608708 +0530] aUeHtJ7dFviRhIH2uZVF9QAAAAI 64.23.174.208 36306 127.0.0.1 7081 --8dfdac62-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.tryons.ai X-Real-IP: 64.23.174.208 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --8dfdac62-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 07:47:58 GMT ETag: "31b-62146648d81bb" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --8dfdac62-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.tryons.ai|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.tryons.ai|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.tryons.ai"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUeHtJ7dFviRhIH2uZVF9QAAAAI"] Action: Intercepted (phase 2) Stopwatch: 1766295476606294 2504 (- - -) Stopwatch2: 1766295476606294 2504; combined=870, p1=326, p2=472, p3=0, p4=0, p5=72, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --8dfdac62-Z-- --a917051f-A-- [21/Dec/2025:11:08:11.103894 +0530] aUeHw2S2HqJOB_ejcePFYQAAAAo 34.195.248.30 60476 127.0.0.1 7081 --a917051f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/self/fd&viewfile=//proc/self/fd/97 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.195.248.30 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --a917051f-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --a917051f-H-- Message: Access denied with code 403 (phase 2). Matched phrase "proc/self/fd/9" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/fd/9 found within ARGS:viewfile: /proc/self/fd/97"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "proc/self/fd/9" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/fd/9 found within ARGS:viewfile: /proc/self/fd/97"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUeHw2S2HqJOB_ejcePFYQAAAAo"] Action: Intercepted (phase 2) Stopwatch: 1766295491102126 1833 (- - -) Stopwatch2: 1766295491102126 1833; combined=569, p1=307, p2=207, p3=0, p4=0, p5=55, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --a917051f-Z-- --d7cd8f73-A-- [21/Dec/2025:11:11:32.865784 +0530] aUeIjGoFpVFgmpM9afP8uQAAAAQ 172.64.213.41 39724 127.0.0.1 7080 --d7cd8f73-B-- GET /images/stories/w.php HTTP/1.0 Host: leapfrogsystems.in X-Real-IP: 172.64.213.41 X-Forwarded-For: 254.108.101.31,4.189.129.123 Connection: close accept-encoding: gzip Accept-Language: en-US, en; q=0.5 Upgrade-Insecure-Requests: 1 DNT: 1 cf-ray: 9b150d0fee96869d-NRT User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1 Referer: https://www.google.com/ Accept: text/html, application/xhtml+xml, application/xml; q=0.9, image/webp, */*; q=0.8 cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 4.189.129.123 CF-IPCountry: JP CF-Visitor: {"scheme":"http"} X-Forwarded-Proto: http --d7cd8f73-F-- HTTP/1.1 403 Forbidden Content-Length: 267 Connection: close Content-Type: text/html; charset=iso-8859-1 --d7cd8f73-H-- Message: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||leapfrogsystems.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||leapfrogsystems.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "leapfrogsystems.in"] [uri "/images/stories/w.php"] [unique_id "aUeIjGoFpVFgmpM9afP8uQAAAAQ"] Action: Intercepted (phase 2) Stopwatch: 1766295692863661 2214 (- - -) Stopwatch2: 1766295692863661 2214; combined=1007, p1=404, p2=552, p3=0, p4=0, p5=51, sr=152, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --d7cd8f73-Z-- --068c547f-A-- [21/Dec/2025:11:18:05.656836 +0530] aUeKFTMYtMfr-dEh2esK-QAAAAA 146.190.149.85 40264 127.0.0.1 7080 --068c547f-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.delsig.com X-Real-IP: 146.190.149.85 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --068c547f-F-- HTTP/1.1 403 Forbidden Content-Length: 263 Connection: close Content-Type: text/html; charset=iso-8859-1 --068c547f-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.delsig.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.delsig.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.delsig.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUeKFTMYtMfr-dEh2esK-QAAAAA"] Action: Intercepted (phase 2) Stopwatch: 1766296085654767 2124 (- - -) Stopwatch2: 1766296085654767 2124; combined=888, p1=342, p2=489, p3=0, p4=0, p5=57, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --068c547f-Z-- --958a6b70-A-- [21/Dec/2025:11:21:13.165897 +0530] aUeK0ckif9JpPMbFOa3_4gAAAAc 2.57.122.225 52300 127.0.0.1 7081 --958a6b70-B-- GET /web/.git/config HTTP/1.0 Host: a2z.cstechns.com X-Real-IP: 2.57.122.225 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Dnt: 1 Upgrade-Insecure-Requests: 1 --958a6b70-F-- HTTP/1.1 503 Service Unavailable Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "396-62143b366eaa6" Accept-Ranges: bytes Content-Length: 918 Connection: close Content-Type: text/html --958a6b70-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "a2z.cstechns.com"] [uri "/web/.git/config"] [unique_id "aUeK0ckif9JpPMbFOa3_4gAAAAc"] Action: Intercepted (phase 1) Stopwatch: 1766296273164970 1025 (- - -) Stopwatch2: 1766296273164970 1025; combined=262, p1=203, p2=0, p3=0, p4=0, p5=59, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --958a6b70-Z-- --3b53be35-A-- [21/Dec/2025:11:26:19.316628 +0530] aUeMA2S2HqJOB_ejcePLhQAAAAo 198.38.81.1 46732 127.0.0.1 7081 --3b53be35-B-- GET /.env HTTP/1.0 Host: www.home9ine.com X-Real-IP: 198.38.81.1 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --3b53be35-F-- HTTP/1.1 503 Service Unavailable Last-Modified: Tue, 03 Sep 2024 09:46:24 GMT ETag: "396-62133ee42558a" Accept-Ranges: bytes Content-Length: 918 Connection: close Content-Type: text/html --3b53be35-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.home9ine.com"] [uri "/.env"] [unique_id "aUeMA2S2HqJOB_ejcePLhQAAAAo"] Action: Intercepted (phase 1) Stopwatch: 1766296579315511 1190 (- - -) Stopwatch2: 1766296579315511 1190; combined=272, p1=216, p2=0, p3=0, p4=0, p5=56, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --3b53be35-Z-- --a60f5703-A-- [21/Dec/2025:11:26:19.421701 +0530] aUeMA8kif9JpPMbFOa0BIAAAAAc 198.38.81.1 46782 127.0.0.1 7081 --a60f5703-B-- GET /core/.env HTTP/1.0 Host: www.home9ine.com X-Real-IP: 198.38.81.1 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --a60f5703-F-- HTTP/1.1 503 Service Unavailable Last-Modified: Tue, 03 Sep 2024 09:46:24 GMT ETag: "396-62133ee42558a" Accept-Ranges: bytes Content-Length: 918 Connection: close Content-Type: text/html --a60f5703-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.home9ine.com"] [uri "/core/.env"] [unique_id "aUeMA8kif9JpPMbFOa0BIAAAAAc"] Action: Intercepted (phase 1) Stopwatch: 1766296579420350 1420 (- - -) Stopwatch2: 1766296579420350 1420; combined=257, p1=198, p2=0, p3=0, p4=0, p5=59, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --a60f5703-Z-- --cb8f0d35-A-- [21/Dec/2025:11:26:19.433302 +0530] aUeMA2tym6MJkXyhpoUdxAAAAAU 198.38.81.1 46788 127.0.0.1 7081 --cb8f0d35-B-- GET /.env.save HTTP/1.0 Host: www.home9ine.com X-Real-IP: 198.38.81.1 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --cb8f0d35-F-- HTTP/1.1 503 Service Unavailable Last-Modified: Tue, 03 Sep 2024 09:46:24 GMT ETag: "396-62133ee42558a" Accept-Ranges: bytes Content-Length: 918 Connection: close Content-Type: text/html --cb8f0d35-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.home9ine.com"] [uri "/.env.save"] [unique_id "aUeMA2tym6MJkXyhpoUdxAAAAAU"] Action: Intercepted (phase 1) Stopwatch: 1766296579432343 1061 (- - -) Stopwatch2: 1766296579432343 1061; combined=284, p1=219, p2=0, p3=0, p4=0, p5=65, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --cb8f0d35-Z-- --5dac3303-A-- [21/Dec/2025:11:26:19.446063 +0530] aUeMA_F-0w6ZqelqawVeaAAAAAY 198.38.81.1 46800 127.0.0.1 7081 --5dac3303-B-- GET /app/.env HTTP/1.0 Host: www.home9ine.com X-Real-IP: 198.38.81.1 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 --5dac3303-F-- HTTP/1.1 503 Service Unavailable Last-Modified: Tue, 03 Sep 2024 09:46:24 GMT ETag: "396-62133ee42558a" Accept-Ranges: bytes Content-Length: 918 Connection: close Content-Type: text/html --5dac3303-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.home9ine.com"] [uri "/app/.env"] [unique_id "aUeMA_F-0w6ZqelqawVeaAAAAAY"] Action: Intercepted (phase 1) Stopwatch: 1766296579445169 959 (- - -) Stopwatch2: 1766296579445169 959; combined=275, p1=215, p2=0, p3=0, p4=0, p5=59, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --5dac3303-Z-- --8ea0cf5e-A-- [21/Dec/2025:11:26:20.050852 +0530] aUeMBMkif9JpPMbFOa0BIgAAAAc 198.38.81.1 46942 127.0.0.1 7081 --8ea0cf5e-B-- GET /core/.env HTTP/1.0 Host: www.home9ine.com X-Real-IP: 198.38.81.1 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 Referer: https://home9ine.com/core/.env --8ea0cf5e-F-- HTTP/1.1 503 Service Unavailable Last-Modified: Tue, 03 Sep 2024 09:46:24 GMT ETag: "396-62133ee42558a" Accept-Ranges: bytes Content-Length: 918 Connection: close Content-Type: text/html --8ea0cf5e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.home9ine.com"] [uri "/core/.env"] [unique_id "aUeMBMkif9JpPMbFOa0BIgAAAAc"] Action: Intercepted (phase 1) Stopwatch: 1766296580049894 1031 (- - -) Stopwatch2: 1766296580049894 1031; combined=260, p1=183, p2=0, p3=0, p4=0, p5=77, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --8ea0cf5e-Z-- --f6c74d14-A-- [21/Dec/2025:11:26:20.071575 +0530] aUeMBPF-0w6ZqelqawVeagAAAAY 198.38.81.1 46972 127.0.0.1 7081 --f6c74d14-B-- GET /app/.env HTTP/1.0 Host: www.home9ine.com X-Real-IP: 198.38.81.1 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 Referer: https://home9ine.com/app/.env --f6c74d14-F-- HTTP/1.1 503 Service Unavailable Last-Modified: Tue, 03 Sep 2024 09:46:24 GMT ETag: "396-62133ee42558a" Accept-Ranges: bytes Content-Length: 918 Connection: close Content-Type: text/html --f6c74d14-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.home9ine.com"] [uri "/app/.env"] [unique_id "aUeMBPF-0w6ZqelqawVeagAAAAY"] Action: Intercepted (phase 1) Stopwatch: 1766296580070836 819 (- - -) Stopwatch2: 1766296580070836 819; combined=281, p1=223, p2=0, p3=0, p4=0, p5=57, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --f6c74d14-Z-- --29eacb76-A-- [21/Dec/2025:11:26:20.073072 +0530] aUeMBGtym6MJkXyhpoUdxgAAAAU 198.38.81.1 46958 127.0.0.1 7081 --29eacb76-B-- GET /.env HTTP/1.0 Host: www.home9ine.com X-Real-IP: 198.38.81.1 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 Referer: https://home9ine.com/.env --29eacb76-F-- HTTP/1.1 503 Service Unavailable Last-Modified: Tue, 03 Sep 2024 09:46:24 GMT ETag: "396-62133ee42558a" Accept-Ranges: bytes Content-Length: 918 Connection: close Content-Type: text/html --29eacb76-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.home9ine.com"] [uri "/.env"] [unique_id "aUeMBGtym6MJkXyhpoUdxgAAAAU"] Action: Intercepted (phase 1) Stopwatch: 1766296580072295 859 (- - -) Stopwatch2: 1766296580072295 859; combined=302, p1=232, p2=0, p3=0, p4=0, p5=69, sr=100, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --29eacb76-Z-- --d870d73e-A-- [21/Dec/2025:11:26:20.085652 +0530] aUeMBHq9iSqoNZdTZHtwYgAAAAg 198.38.81.1 46980 127.0.0.1 7081 --d870d73e-B-- GET /.env.save HTTP/1.0 Host: www.home9ine.com X-Real-IP: 198.38.81.1 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Range: bytes=0-4000 Referer: https://home9ine.com/.env.save --d870d73e-F-- HTTP/1.1 503 Service Unavailable Last-Modified: Tue, 03 Sep 2024 09:46:24 GMT ETag: "396-62133ee42558a" Accept-Ranges: bytes Content-Length: 918 Connection: close Content-Type: text/html --d870d73e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.home9ine.com"] [uri "/.env.save"] [unique_id "aUeMBHq9iSqoNZdTZHtwYgAAAAg"] Action: Intercepted (phase 1) Stopwatch: 1766296580084997 721 (- - -) Stopwatch2: 1766296580084997 721; combined=260, p1=204, p2=0, p3=0, p4=0, p5=56, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --d870d73e-Z-- --1e6d956e-A-- [21/Dec/2025:11:27:05.865544 +0530] aUeMMV53GexfKio11gmj6QAAABs 217.156.8.96 56894 127.0.0.1 7081 --1e6d956e-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: www.thebrandwagon.in X-Real-IP: 217.156.8.96 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 DNT: 1 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Pragma: no-cache Sec-Ch-Ua: "Not_A Brand";v="8", "Chromium";v="120", "Google Chrome";v="120" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "Linux" Cookie: _sfs_id=811a625aa3388548a5e261da8131a55a1766296623; wordpress_test_cookie=WP%20Cookie%20check --1e6d956e-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 10:07:10 GMT ETag: "31b-62148565dc4c7" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --1e6d956e-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.thebrandwagon.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.thebrandwagon.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.thebrandwagon.in"] [uri "/wp-json/wp/v2/users"] [unique_id "aUeMMV53GexfKio11gmj6QAAABs"] Action: Intercepted (phase 2) Stopwatch: 1766296625863326 2340 (- - -) Stopwatch2: 1766296625863326 2340; combined=1146, p1=238, p2=843, p3=0, p4=0, p5=65, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --1e6d956e-Z-- --463dc34d-A-- [21/Dec/2025:11:28:50.143950 +0530] aUeMmmoFpVFgmpM9afMDpQAAAAQ 45.82.13.170 44634 127.0.0.1 7081 --463dc34d-B-- GET /.env HTTP/1.0 Host: cstech.in X-Forwarded-Http-Host: cstech.in:443 X-Real-IP: 45.82.13.170 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3803.0 Safari/537.36 Edg/76.0.174.0 Accept-Charset: utf-8 Accept-Encoding: gzip --463dc34d-F-- HTTP/1.1 403 Forbidden Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --463dc34d-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cstech.in"] [uri "/.env"] [unique_id "aUeMmmoFpVFgmpM9afMDpQAAAAQ"] Action: Intercepted (phase 1) Stopwatch: 1766296730143349 714 (- - -) Stopwatch2: 1766296730143349 714; combined=289, p1=210, p2=0, p3=0, p4=0, p5=79, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --463dc34d-Z-- --8a21102a-A-- [21/Dec/2025:11:38:07.807043 +0530] aUeOx8kif9JpPMbFOa0FrQAAAAc 138.199.35.5 47506 127.0.0.1 7081 --8a21102a-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 138.199.35.5 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=183480fa24b2df389db7ca9da8378e961766297282 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --8a21102a-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 13:22:32 GMT ETag: "31b-62136f33606a0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --8a21102a-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mindscan.edu.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mindscan.edu.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.mindscan.edu.in"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUeOx8kif9JpPMbFOa0FrQAAAAc"] Action: Intercepted (phase 2) Stopwatch: 1766297287804644 2468 (- - -) Stopwatch2: 1766297287804644 2468; combined=1097, p1=332, p2=705, p3=0, p4=0, p5=60, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --8a21102a-Z-- --f2ddce09-A-- [21/Dec/2025:11:39:52.745928 +0530] aUePMGoFpVFgmpM9afMIkAAAAAQ 217.156.8.96 50434 127.0.0.1 7081 --f2ddce09-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 217.156.8.96 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:118.0) Gecko/20100101 Firefox/118.0 Accept-Encoding: gzip, deflate, br Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9,fr;q=0.8 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Pragma: no-cache Cookie: wordpress_test_cookie=WP%20Cookie%20check --f2ddce09-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 26 Dec 2024 13:21:14 GMT ETag: "31b-62a2c387059a1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --f2ddce09-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.tandonamit.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aUePMGoFpVFgmpM9afMIkAAAAAQ"] Action: Intercepted (phase 2) Stopwatch: 1766297392743331 2692 (- - -) Stopwatch2: 1766297392743331 2692; combined=1131, p1=304, p2=773, p3=0, p4=0, p5=54, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --f2ddce09-Z-- --6f66e612-A-- [21/Dec/2025:11:45:50.698666 +0530] aUeQlifcvrOcOCriOu-Q4QAAAAg 16.146.22.21 34980 127.0.0.1 7081 --6f66e612-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 16.146.22.21 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --6f66e612-F-- HTTP/1.1 403 Forbidden Last-Modified: Thu, 26 Dec 2024 13:21:14 GMT ETag: "31b-62a2c387059a1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --6f66e612-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.tandonamit.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUeQlifcvrOcOCriOu-Q4QAAAAg"] Action: Intercepted (phase 2) Stopwatch: 1766297750696155 2577 (- - -) Stopwatch2: 1766297750696155 2577; combined=885, p1=326, p2=501, p3=0, p4=0, p5=57, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --6f66e612-Z-- --2b25e36f-A-- [21/Dec/2025:11:52:24.669280 +0530] aUeSIFCTuzGEH4N2I9m8OgAAAA0 45.82.13.170 46854 127.0.0.1 7081 --2b25e36f-B-- GET /.env HTTP/1.0 Host: www.best-website-designs.com X-Real-IP: 45.82.13.170 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows Phone 8.0; Trident/6.0; IEMobile/10.0; ARM; Touch) Accept-Charset: utf-8 Accept-Encoding: gzip --2b25e36f-F-- HTTP/1.1 403 Forbidden Last-Modified: Fri, 29 Nov 2024 11:49:32 GMT ETag: "31b-6280bcad52275" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --2b25e36f-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.best-website-designs.com"] [uri "/.env"] [unique_id "aUeSIFCTuzGEH4N2I9m8OgAAAA0"] Action: Intercepted (phase 1) Stopwatch: 1766298144668377 1000 (- - -) Stopwatch2: 1766298144668377 1000; combined=348, p1=271, p2=0, p3=0, p4=0, p5=76, sr=116, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --2b25e36f-Z-- --7df7fe36-A-- [21/Dec/2025:11:56:35.038073 +0530] aUeTG2szWNmW-TeVowI8YAAAAAs 3.219.81.66 58958 127.0.0.1 7081 --7df7fe36-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/self/root/etc/init.d&viewfile=//proc/self/root/etc/init.d/ssh HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.219.81.66 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --7df7fe36-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --7df7fe36-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /proc/self/root/etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /proc/self/root/etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUeTG2szWNmW-TeVowI8YAAAAAs"] Action: Intercepted (phase 2) Stopwatch: 1766298395035898 2282 (- - -) Stopwatch2: 1766298395035898 2282; combined=500, p1=260, p2=168, p3=0, p4=0, p5=72, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --7df7fe36-Z-- --6a8f895e-A-- [21/Dec/2025:11:56:52.007792 +0530] aUeTLGS2HqJOB_ejcePWXwAAAAo 129.212.231.37 55168 127.0.0.1 7080 --6a8f895e-B-- GET /.env HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 129.212.231.37 Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --6a8f895e-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --6a8f895e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/.env"] [unique_id "aUeTLGS2HqJOB_ejcePWXwAAAAo"] Action: Intercepted (phase 1) Stopwatch: 1766298412007073 814 (- - -) Stopwatch2: 1766298412007073 814; combined=355, p1=259, p2=0, p3=0, p4=0, p5=96, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --6a8f895e-Z-- --b81e2f21-A-- [21/Dec/2025:11:56:52.479837 +0530] aUeTLDuVxDalgCfFy7wyygAAAAw 129.212.231.37 55184 127.0.0.1 7080 --b81e2f21-B-- GET /.git/config HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 129.212.231.37 Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --b81e2f21-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --b81e2f21-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/.git/config"] [unique_id "aUeTLDuVxDalgCfFy7wyygAAAAw"] Action: Intercepted (phase 1) Stopwatch: 1766298412479102 809 (- - -) Stopwatch2: 1766298412479102 809; combined=318, p1=235, p2=0, p3=0, p4=0, p5=83, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --b81e2f21-Z-- --6cd9a17a-A-- [21/Dec/2025:12:05:38.123064 +0530] aUeVOmoFpVFgmpM9afMPSgAAAAQ 103.77.107.222 35036 127.0.0.1 7081 --6cd9a17a-B-- GET /sftp-config.json HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 103.77.107.222 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --6cd9a17a-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 07 Jan 2025 07:31:20 GMT ETag: "31b-62b18bb319e1b" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --6cd9a17a-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.csquaretech.com"] [uri "/sftp-config.json"] [unique_id "aUeVOmoFpVFgmpM9afMPSgAAAAQ"] Action: Intercepted (phase 1) Stopwatch: 1766298938122405 727 (- - -) Stopwatch2: 1766298938122405 727; combined=265, p1=205, p2=0, p3=0, p4=0, p5=60, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --6cd9a17a-Z-- --14212b6a-A-- [21/Dec/2025:12:10:55.976067 +0530] aUeWd1CTuzGEH4N2I9nBNgAAAA0 34.231.45.47 42348 127.0.0.1 7081 --14212b6a-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/self/fd&viewfile=//proc/self/fd/120 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.231.45.47 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --14212b6a-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --14212b6a-H-- Message: Access denied with code 403 (phase 2). Matched phrase "proc/self/fd/1" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/fd/1 found within ARGS:viewfile: /proc/self/fd/120"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "proc/self/fd/1" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/fd/1 found within ARGS:viewfile: /proc/self/fd/120"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUeWd1CTuzGEH4N2I9nBNgAAAA0"] Action: Intercepted (phase 2) Stopwatch: 1766299255974229 1903 (- - -) Stopwatch2: 1766299255974229 1903; combined=616, p1=338, p2=202, p3=0, p4=0, p5=76, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --14212b6a-Z-- --32a9400d-A-- [21/Dec/2025:12:12:23.433817 +0530] aUeWz38dQkagOtbV6HHJsAAAAAI 44.234.56.74 52130 127.0.0.1 7081 --32a9400d-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 44.234.56.74 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=7afafd5262ee94de0c43499411d086051766299327 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --32a9400d-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 13:22:32 GMT ETag: "31b-62136f33606a0" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --32a9400d-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mindscan.edu.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mindscan.edu.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.mindscan.edu.in"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUeWz38dQkagOtbV6HHJsAAAAAI"] Action: Intercepted (phase 2) Stopwatch: 1766299343431255 2633 (- - -) Stopwatch2: 1766299343431255 2633; combined=1133, p1=337, p2=734, p3=0, p4=0, p5=62, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --32a9400d-Z-- --8b08ef00-A-- [21/Dec/2025:12:21:10.870406 +0530] aUeY3TuVxDalgCfFy7w4rwAAAAw 60.243.13.193 60990 127.0.0.1 7081 --8b08ef00-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 60.243.13.193 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 563 sec-ch-ua-platform: "macOS" user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="143", "Chromium";v="143", "Not A(Brand";v="24" content-type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 accept: */* origin: https://www.retaxis.com sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://www.retaxis.com/best-multivendor-ecommerce-marketplace-platform/ accept-encoding: gzip, deflate, br, zstd accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=1, i cookie: _gcl_au=1.1.1869931808.1766299869; _ga_PETSZCXF5J=GS2.1.s1766299868$o1$g1$t1766299868$j60$l0$h0; _ga=GA1.2.2114679328.1766299869; _gid=GA1.2.1527727349.1766299869; _gat_UA-11096829-6=1; _fbp=fb.1.1766299869350.689924414761273624 --8b08ef00-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: _sfs_id=ffd41c7d5d955562bda0f26b7f3bf8541766299870; expires=Sun, 21 Dec 2025 07:51:10 GMT; Max-Age=3600; path=/; secure; HttpOnly Set-Cookie: PHPSESSID=l2rcrg08jp6kt2g3eecelj3rfa; expires=Sat, 21 Mar 2026 06:51:10 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --8b08ef00-E-- --8b08ef00-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aUeY3TuVxDalgCfFy7w4rwAAAAw"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aUeY3TuVxDalgCfFy7w4rwAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1766299869600196 1270414 (- - -) Stopwatch2: 1766299869600196 1270414; combined=4905, p1=534, p2=3990, p3=154, p4=47, p5=179, sr=163, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache WebApp-Info: "default" "1766299869" "-" Engine-Mode: "ENABLED" --8b08ef00-Z-- --7130fd42-A-- [21/Dec/2025:12:21:16.258753 +0530] aUeY42mkoa1WEGEu29n3nAAAAAY 60.243.13.193 33306 127.0.0.1 7081 --7130fd42-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 60.243.13.193 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 589 sec-ch-ua-platform: "macOS" user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="143", "Chromium";v="143", "Not A(Brand";v="24" content-type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 accept: */* origin: https://www.retaxis.com sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://www.retaxis.com/sell/sell-grocery-online/ accept-encoding: gzip, deflate, br, zstd accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=1, i cookie: _gcl_au=1.1.1869931808.1766299869; _gid=GA1.2.1527727349.1766299869; _gat_UA-11096829-6=1; _fbp=fb.1.1766299869350.689924414761273624; _sfs_id=ffd41c7d5d955562bda0f26b7f3bf8541766299870; PHPSESSID=l2rcrg08jp6kt2g3eecelj3rfa; twk_idm_key=09_55D25ZGgmYw0z-upFx; TawkConnectionTime=0; twk_uuid_56d47e43ba96cf5d2ca9404e=%7B%22uuid%22%3A%221.70j4OadqxHPzdC1Uwz569REN7b0dCniy7ozLaMyKqqbDdoj6S73hklK53SKVVwKh23Sa1rIx611QyjZGHAyQIscXpt3UNASV39UQxJ3qxl6NwoQuKdve%22%2C%22version%22%3A3%2C%22domain%22%3A%22retaxis.com%22%2C%22ts%22%3A1766299872043%7D; _ga_PETSZCXF5J=GS2.1.s1766299868$o1$g1$t1766299875$j53$l0$h0; _ga=GA1.2.2114679328.1766299869 --7130fd42-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --7130fd42-E-- --7130fd42-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aUeY42mkoa1WEGEu29n3nAAAAAY"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aUeY42mkoa1WEGEu29n3nAAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1766299875260597 998317 (- - -) Stopwatch2: 1766299875260597 998317; combined=6410, p1=439, p2=5675, p3=128, p4=32, p5=135, sr=128, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache WebApp-Info: "default" "1766299869" "-" Engine-Mode: "ENABLED" --7130fd42-Z-- --7e235966-A-- [21/Dec/2025:12:21:23.387145 +0530] aUeY6g76ffyIFb4XRDkgUAAAAAE 60.243.13.193 46238 127.0.0.1 7081 --7e235966-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 60.243.13.193 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 581 sec-ch-ua-platform: "macOS" user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="143", "Chromium";v="143", "Not A(Brand";v="24" content-type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 accept: */* origin: https://www.retaxis.com sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://www.retaxis.com/custom-ecommerce-website-design-company/ accept-encoding: gzip, deflate, br, zstd accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=1, i cookie: _gcl_au=1.1.1869931808.1766299869; _gid=GA1.2.1527727349.1766299869; _gat_UA-11096829-6=1; _fbp=fb.1.1766299869350.689924414761273624; _sfs_id=ffd41c7d5d955562bda0f26b7f3bf8541766299870; PHPSESSID=l2rcrg08jp6kt2g3eecelj3rfa; twk_idm_key=09_55D25ZGgmYw0z-upFx; TawkConnectionTime=0; twk_uuid_56d47e43ba96cf5d2ca9404e=%7B%22uuid%22%3A%221.70j4OadqxHPzdC1Uwz569REN7b0dCniy7ozLaMyKqqbDdoj6S73hklK53SKVVwKh23Sa1rIx611QyjZGHAyQIscXpt3UNASV39UQxJ3qxl6NwoQuKdve%22%2C%22version%22%3A3%2C%22domain%22%3A%22retaxis.com%22%2C%22ts%22%3A1766299877618%7D; _ga_PETSZCXF5J=GS2.1.s1766299868$o1$g1$t1766299882$j46$l0$h0; _ga=GA1.2.2114679328.1766299869 --7e235966-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --7e235966-E-- --7e235966-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aUeY6g76ffyIFb4XRDkgUAAAAAE"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aUeY6g76ffyIFb4XRDkgUAAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1766299882346373 1040903 (- - -) Stopwatch2: 1766299882346373 1040903; combined=7658, p1=497, p2=6863, p3=129, p4=31, p5=137, sr=164, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache WebApp-Info: "default" "1766299869" "-" Engine-Mode: "ENABLED" --7e235966-Z-- --0a774e04-A-- [21/Dec/2025:12:21:31.735822 +0530] aUeY8n8dQkagOtbV6HHMWAAAAAI 60.243.13.193 35124 127.0.0.1 7081 --0a774e04-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 60.243.13.193 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 589 sec-ch-ua-platform: "macOS" user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="143", "Chromium";v="143", "Not A(Brand";v="24" content-type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 accept: */* origin: https://www.retaxis.com sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://www.retaxis.com/sell/sell-grocery-online/ accept-encoding: gzip, deflate, br, zstd accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=1, i cookie: _gcl_au=1.1.1869931808.1766299869; _gid=GA1.2.1527727349.1766299869; _gat_UA-11096829-6=1; _fbp=fb.1.1766299869350.689924414761273624; _sfs_id=ffd41c7d5d955562bda0f26b7f3bf8541766299870; PHPSESSID=l2rcrg08jp6kt2g3eecelj3rfa; twk_idm_key=09_55D25ZGgmYw0z-upFx; TawkConnectionTime=0; twk_uuid_56d47e43ba96cf5d2ca9404e=%7B%22uuid%22%3A%221.70j4OadqxHPzdC1Uwz569REN7b0dCniy7ozLaMyKqqbDdoj6S73hklK53SKVVwKh23Sa1rIx611QyjZGHAyQIscXpt3UNASV39UQxJ3qxl6NwoQuKdve%22%2C%22version%22%3A3%2C%22domain%22%3A%22retaxis.com%22%2C%22ts%22%3A1766299883750%7D; _ga_PETSZCXF5J=GS2.1.s1766299868$o1$g1$t1766299890$j38$l0$h0; _ga=GA1.2.2114679328.1766299869 --0a774e04-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --0a774e04-E-- --0a774e04-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aUeY8n8dQkagOtbV6HHMWAAAAAI"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aUeY8n8dQkagOtbV6HHMWAAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1766299890708438 1027527 (- - -) Stopwatch2: 1766299890708438 1027527; combined=6363, p1=528, p2=5579, p3=113, p4=28, p5=115, sr=138, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache WebApp-Info: "default" "1766299869" "-" Engine-Mode: "ENABLED" --0a774e04-Z-- --9daa116b-A-- [21/Dec/2025:12:21:32.678538 +0530] aUeY82szWNmW-TeVowJBjQAAAAs 60.243.13.193 35244 127.0.0.1 7081 --9daa116b-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 60.243.13.193 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 589 sec-ch-ua-platform: "macOS" user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="143", "Chromium";v="143", "Not A(Brand";v="24" content-type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 accept: */* origin: https://www.retaxis.com sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://www.retaxis.com/sell/sell-grocery-online/ accept-encoding: gzip, deflate, br, zstd accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=1, i cookie: _gcl_au=1.1.1869931808.1766299869; _gid=GA1.2.1527727349.1766299869; _gat_UA-11096829-6=1; _fbp=fb.1.1766299869350.689924414761273624; _sfs_id=ffd41c7d5d955562bda0f26b7f3bf8541766299870; PHPSESSID=l2rcrg08jp6kt2g3eecelj3rfa; twk_idm_key=09_55D25ZGgmYw0z-upFx; _ga=GA1.2.2114679328.1766299869; TawkConnectionTime=0; twk_uuid_56d47e43ba96cf5d2ca9404e=%7B%22uuid%22%3A%221.70j4OadqxHPzdC1Uwz569REN7b0dCniy7ozLaMyKqqbDdoj6S73hklK53SKVVwKh23Sa1rIx611QyjZGHAyQIscXpt3UNASV39UQxJ3qxl6NwoQuKdve%22%2C%22version%22%3A3%2C%22domain%22%3A%22retaxis.com%22%2C%22ts%22%3A1766299891228%7D; _ga_PETSZCXF5J=GS2.1.s1766299868$o1$g1$t1766299891$j37$l0$h0 --9daa116b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --9daa116b-E-- --9daa116b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aUeY82szWNmW-TeVowJBjQAAAAs"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aUeY82szWNmW-TeVowJBjQAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1766299891710312 968445 (- - -) Stopwatch2: 1766299891710312 968445; combined=6892, p1=493, p2=5939, p3=219, p4=48, p5=192, sr=138, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache WebApp-Info: "default" "1766299869" "-" Engine-Mode: "ENABLED" --9daa116b-Z-- --fafaab7d-A-- [21/Dec/2025:12:21:32.833625 +0530] aUeY8zuVxDalgCfFy7w4ygAAAAw 60.243.13.193 35246 127.0.0.1 7081 --fafaab7d-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 60.243.13.193 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 563 sec-ch-ua-platform: "macOS" user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="143", "Chromium";v="143", "Not A(Brand";v="24" content-type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 accept: */* origin: https://www.retaxis.com sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://www.retaxis.com/best-multivendor-ecommerce-marketplace-platform/ accept-encoding: gzip, deflate, br, zstd accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=1, i cookie: _gcl_au=1.1.1869931808.1766299869; _gid=GA1.2.1527727349.1766299869; _gat_UA-11096829-6=1; _fbp=fb.1.1766299869350.689924414761273624; _sfs_id=ffd41c7d5d955562bda0f26b7f3bf8541766299870; PHPSESSID=l2rcrg08jp6kt2g3eecelj3rfa; twk_idm_key=09_55D25ZGgmYw0z-upFx; TawkConnectionTime=0; twk_uuid_56d47e43ba96cf5d2ca9404e=%7B%22uuid%22%3A%221.70j4OadqxHPzdC1Uwz569REN7b0dCniy7ozLaMyKqqbDdoj6S73hklK53SKVVwKh23Sa1rIx611QyjZGHAyQIscXpt3UNASV39UQxJ3qxl6NwoQuKdve%22%2C%22version%22%3A3%2C%22domain%22%3A%22retaxis.com%22%2C%22ts%22%3A1766299891228%7D; _ga_PETSZCXF5J=GS2.1.s1766299868$o1$g1$t1766299891$j37$l0$h0; _ga=GA1.2.2114679328.1766299869 --fafaab7d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --fafaab7d-E-- --fafaab7d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aUeY8zuVxDalgCfFy7w4ygAAAAw"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aUeY8zuVxDalgCfFy7w4ygAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1766299891784270 1049496 (- - -) Stopwatch2: 1766299891784270 1049496; combined=6961, p1=521, p2=6152, p3=134, p4=30, p5=123, sr=140, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache WebApp-Info: "default" "1766299869" "-" Engine-Mode: "ENABLED" --fafaab7d-Z-- --10fae477-A-- [21/Dec/2025:12:21:33.603449 +0530] aUeY9FCTuzGEH4N2I9nD7AAAAA0 60.243.13.193 35402 127.0.0.1 7081 --10fae477-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 60.243.13.193 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 563 sec-ch-ua-platform: "macOS" user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="143", "Chromium";v="143", "Not A(Brand";v="24" content-type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 accept: */* origin: https://www.retaxis.com sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://www.retaxis.com/best-multivendor-ecommerce-marketplace-platform/ accept-encoding: gzip, deflate, br, zstd accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=1, i cookie: _gcl_au=1.1.1869931808.1766299869; _gid=GA1.2.1527727349.1766299869; _gat_UA-11096829-6=1; _fbp=fb.1.1766299869350.689924414761273624; _sfs_id=ffd41c7d5d955562bda0f26b7f3bf8541766299870; PHPSESSID=l2rcrg08jp6kt2g3eecelj3rfa; twk_idm_key=09_55D25ZGgmYw0z-upFx; twk_uuid_56d47e43ba96cf5d2ca9404e=%7B%22uuid%22%3A%221.70j4OadqxHPzdC1Uwz569REN7b0dCniy7ozLaMyKqqbDdoj6S73hklK53SKVVwKh23Sa1rIx611QyjZGHAyQIscXpt3UNASV39UQxJ3qxl6NwoQuKdve%22%2C%22version%22%3A3%2C%22domain%22%3A%22retaxis.com%22%2C%22ts%22%3A1766299891228%7D; _ga_PETSZCXF5J=GS2.1.s1766299868$o1$g1$t1766299891$j37$l0$h0; _ga=GA1.2.2114679328.1766299869; TawkConnectionTime=0 --10fae477-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --10fae477-E-- --10fae477-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aUeY9FCTuzGEH4N2I9nD7AAAAA0"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aUeY9FCTuzGEH4N2I9nD7AAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1766299892604247 999341 (- - -) Stopwatch2: 1766299892604247 999341; combined=6879, p1=480, p2=6081, p3=140, p4=31, p5=146, sr=146, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache WebApp-Info: "default" "1766299869" "-" Engine-Mode: "ENABLED" --10fae477-Z-- --68091671-A-- [21/Dec/2025:12:33:59.171688 +0530] aUeb3-HIYNZV9ZyEsIO61wAAAAk 2.57.122.225 48482 127.0.0.1 7080 --68091671-B-- GET /web/.git/config HTTP/1.0 Host: default-198-71-51-75 X-Real-IP: 2.57.122.225 Connection: close User-Agent: Mozilla/5.0 (Linux; Android 14; SM-G998B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Dnt: 1 Upgrade-Insecure-Requests: 1 --68091671-F-- HTTP/1.1 403 Forbidden Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --68091671-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "default-198-71-51-75"] [uri "/web/.git/config"] [unique_id "aUeb3-HIYNZV9ZyEsIO61wAAAAk"] Action: Intercepted (phase 1) Stopwatch: 1766300639171143 617 (- - -) Stopwatch2: 1766300639171143 617; combined=273, p1=212, p2=0, p3=0, p4=0, p5=61, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --68091671-Z-- --a00cdc66-A-- [21/Dec/2025:12:39:14.526643 +0530] aUedGkKc-RVezub4nbTejQAAAAo 44.234.56.74 60470 127.0.0.1 7081 --a00cdc66-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.bspsons.com X-Real-IP: 44.234.56.74 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --a00cdc66-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 04:18:02 GMT ETag: "31b-6212f57eda023" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --a00cdc66-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.bspsons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.bspsons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.bspsons.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUedGkKc-RVezub4nbTejQAAAAo"] Action: Intercepted (phase 2) Stopwatch: 1766300954524386 2320 (- - -) Stopwatch2: 1766300954524386 2320; combined=845, p1=313, p2=474, p3=0, p4=0, p5=58, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --a00cdc66-Z-- --9b909316-A-- [21/Dec/2025:12:46:21.597487 +0530] aUeexRUJ-EAER5JCKRYdHQAAAAU 64.23.157.219 59574 127.0.0.1 7081 --9b909316-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.retaxis.com X-Real-IP: 64.23.157.219 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=de9909fdcd210c0b4eb30c31b0d894c51766301380 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --9b909316-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 10:16:50 GMT ETag: "31b-621345b19387f" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --9b909316-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.retaxis.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUeexRUJ-EAER5JCKRYdHQAAAAU"] Action: Intercepted (phase 2) Stopwatch: 1766301381593955 3634 (- - -) Stopwatch2: 1766301381593955 3634; combined=1559, p1=466, p2=1005, p3=0, p4=0, p5=88, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --9b909316-Z-- --14c63d11-A-- [21/Dec/2025:12:47:23.357922 +0530] aUefAxUJ-EAER5JCKRYdlwAAAAU 167.114.139.241 42978 127.0.0.1 7081 --14c63d11-B-- GET /admin/images/subproduct/687da419826a8%20xex.phtml?path=/var/www/vhosts/sarainternational.ae/httpdocs/admin/images/subproduct&file=.htaccess&action=deletefile HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 167.114.139.241 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/) accept: */* accept-encoding: deflate, gzip, br, zstd --14c63d11-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --14c63d11-H-- Message: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/admin/images/subproduct/687da419826a8%20xex.phtml"] [unique_id "aUefAxUJ-EAER5JCKRYdlwAAAAU"] Action: Intercepted (phase 1) Stopwatch: 1766301443357079 944 (- - -) Stopwatch2: 1766301443357079 944; combined=354, p1=276, p2=0, p3=0, p4=0, p5=77, sr=117, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --14c63d11-Z-- --d684c665-A-- [21/Dec/2025:12:51:01.511883 +0530] aUef3bGPxlF2lwLL3Edl2gAAAAM 179.160.16.147 51544 127.0.0.1 7081 --d684c665-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: remisai.org X-Real-IP: 179.160.16.147 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) --d684c665-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 16 Dec 2025 08:11:58 GMT ETag: "31b-6460d481681bc" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --d684c665-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||remisai.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||remisai.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "remisai.org"] [uri "/wp-json/wp/v2/users"] [unique_id "aUef3bGPxlF2lwLL3Edl2gAAAAM"] Action: Intercepted (phase 2) Stopwatch: 1766301661509424 2530 (- - -) Stopwatch2: 1766301661509424 2530; combined=903, p1=336, p2=504, p3=0, p4=0, p5=62, sr=102, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --d684c665-Z-- --71b74550-A-- [21/Dec/2025:12:52:01.021798 +0530] aUegGYIzL0dz68_kJpuktgAAAAg 16.146.22.21 53158 127.0.0.1 7081 --71b74550-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 16.146.22.21 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --71b74550-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 07 Jan 2025 07:31:20 GMT ETag: "31b-62b18bb319e1b" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --71b74550-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.csquaretech.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUegGYIzL0dz68_kJpuktgAAAAg"] Action: Intercepted (phase 2) Stopwatch: 1766301721019374 2487 (- - -) Stopwatch2: 1766301721019374 2487; combined=913, p1=301, p2=559, p3=0, p4=0, p5=53, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --71b74550-Z-- --3c89fc0e-A-- [21/Dec/2025:12:57:16.671730 +0530] aUehVDuVxDalgCfFy7xFvwAAAAw 195.178.110.223 48112 127.0.0.1 7081 --3c89fc0e-B-- GET /.git/config HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 195.178.110.223 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --3c89fc0e-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 01 Apr 2025 09:55:02 GMT ETag: "31b-631b487d3bba1" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --3c89fc0e-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "archangledesignstudio.com"] [uri "/.git/config"] [unique_id "aUehVDuVxDalgCfFy7xFvwAAAAw"] Action: Intercepted (phase 1) Stopwatch: 1766302036670825 1009 (- - -) Stopwatch2: 1766302036670825 1009; combined=377, p1=293, p2=0, p3=0, p4=0, p5=84, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --3c89fc0e-Z-- --8cb5f713-A-- [21/Dec/2025:13:01:26.540711 +0530] aUeiTtYrp6YAvABuh5LUgQAAAAU 2.57.122.225 40770 127.0.0.1 7081 --8cb5f713-B-- GET /web/.git/config HTTP/1.0 Host: a2z.cstechns.com X-Real-IP: 2.57.122.225 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 Dnt: 1 Upgrade-Insecure-Requests: 1 --8cb5f713-F-- HTTP/1.1 503 Service Unavailable Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "396-62143b366eaa6" Accept-Ranges: bytes Content-Length: 918 Connection: close Content-Type: text/html --8cb5f713-H-- Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "a2z.cstechns.com"] [uri "/web/.git/config"] [unique_id "aUeiTtYrp6YAvABuh5LUgQAAAAU"] Action: Intercepted (phase 1) Stopwatch: 1766302286539730 1065 (- - -) Stopwatch2: 1766302286539730 1065; combined=375, p1=308, p2=0, p3=0, p4=0, p5=67, sr=145, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --8cb5f713-Z-- --3c9bd609-A-- [21/Dec/2025:13:10:11.902045 +0530] aUekWzuVxDalgCfFy7xIqAAAAAw 138.199.35.5 50178 127.0.0.1 7081 --3c9bd609-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.bspsons.com X-Real-IP: 138.199.35.5 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --3c9bd609-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 04:18:02 GMT ETag: "31b-6212f57eda023" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --3c9bd609-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.bspsons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.bspsons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.bspsons.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUekWzuVxDalgCfFy7xIqAAAAAw"] Action: Intercepted (phase 2) Stopwatch: 1766302811899380 2746 (- - -) Stopwatch2: 1766302811899380 2746; combined=1133, p1=408, p2=643, p3=0, p4=0, p5=82, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --3c9bd609-Z-- --10524d04-A-- [21/Dec/2025:13:17:34.718061 +0530] aUemFgCew95FL8NGSlTqQQAAAAA 172.71.158.197 44138 127.0.0.1 7081 --10524d04-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.71.158.197 X-Forwarded-For: 137.184.230.171 Connection: close accept-encoding: gzip, br cf-ray: 9b15c5ad78562847-SJC user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 cdn-loop: cloudflare; loops=1 cf-connecting-ip: 137.184.230.171 cf-ipcountry: US cf-visitor: {"scheme":"https"} x-forwarded-proto: https --10524d04-F-- HTTP/1.1 403 Forbidden Last-Modified: Tue, 03 Sep 2024 00:48:36 GMT ETag: "31b-6212c6aeef54c" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --10524d04-H-- Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.getcalley.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUemFgCew95FL8NGSlTqQQAAAAA"] Action: Intercepted (phase 2) Stopwatch: 1766303254715687 2458 (- - -) Stopwatch2: 1766303254715687 2458; combined=933, p1=331, p2=552, p3=0, p4=0, p5=50, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --10524d04-Z-- --2b537163-A-- [21/Dec/2025:13:18:37.409580 +0530] aUemVdYrp6YAvABuh5LZtgAAAAU 216.73.216.138 42896 127.0.0.1 7081 --2b537163-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fproc%2Fthread-self%2Froot%2Fetc&viewfile=%2F%2Fproc%2Fthread-self%2Froot%2Fetc%2Fcrontab HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.138 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --2b537163-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --2b537163-H-- Message: Access denied with code 403 (phase 2). Matched phrase "etc/crontab" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/crontab found within ARGS:viewfile: /proc/thread-self/root/etc/crontab"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/crontab" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/crontab found within ARGS:viewfile: /proc/thread-self/root/etc/crontab"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUemVdYrp6YAvABuh5LZtgAAAAU"] Action: Intercepted (phase 2) Stopwatch: 1766303317407683 1967 (- - -) Stopwatch2: 1766303317407683 1967; combined=631, p1=368, p2=209, p3=0, p4=0, p5=54, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --2b537163-Z-- --284e9110-A-- [21/Dec/2025:13:19:08.319023 +0530] aUemdCp1tyv1ie9HetbxbQAAAAI 216.73.216.138 48702 127.0.0.1 7081 --284e9110-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fproc%2Fthread-self%2Froot%2Fproc%2Fself%2Ffd&viewfile=%2F%2Fproc%2Fthread-self%2Froot%2Fproc%2Fself%2Ffd%2F97 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.138 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --284e9110-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --284e9110-H-- Message: Access denied with code 403 (phase 2). Matched phrase "proc/self/fd/9" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/fd/9 found within ARGS:viewfile: /proc/thread-self/root/proc/self/fd/97"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "proc/self/fd/9" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/fd/9 found within ARGS:viewfile: /proc/thread-self/root/proc/self/fd/97"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aUemdCp1tyv1ie9HetbxbQAAAAI"] Action: Intercepted (phase 2) Stopwatch: 1766303348317014 2080 (- - -) Stopwatch2: 1766303348317014 2080; combined=659, p1=356, p2=245, p3=0, p4=0, p5=58, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "ENABLED" --284e9110-Z--