selvans.net webserver error log
File: /var/log/apache2/error.log
Report run time: Tue May 19 05:17:01 CDT 2026
[Tue May 19 05:09:00.984691 2026] [access_compat:error] [pid 88241:tid 88241] [client 45.139.122.80:45408] AH01797: client denied by server configuration: /cgi-bin/luci, referer: http://97.99.19.201:80/cgi-bin/luci/;stok=/locale
[Tue May 19 05:08:42.911621 2026] [security2:error] [pid 97162:tid 97162] [client 43.134.57.179:37844] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agw2qoSRC4bQLqcF2cnyZQAAAAQ"], referer: http://myip.selvans.net
[Tue May 19 05:08:01.658424 2026] [access_compat:error] [pid 97172:tid 97172] [client 5.61.209.33:37528] AH01797: client denied by server configuration: /cgi-bin/luci
[Tue May 19 05:02:36.669435 2026] [security2:error] [pid 88241:tid 88241] [client 46.151.178.13:48262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agw1PGOyLbpmVqhuLtI5LQAAABY"], referer: http://97.99.19.201:443/
[Tue May 19 05:02:36.668197 2026] [security2:error] [pid 88241:tid 88241] [client 46.151.178.13:48262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agw1PGOyLbpmVqhuLtI5LQAAABY"], referer: http://97.99.19.201:443/
[Tue May 19 05:02:36.666374 2026] [security2:error] [pid 88241:tid 88241] [client 46.151.178.13:48262] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agw1PGOyLbpmVqhuLtI5LQAAABY"], referer: http://97.99.19.201:443/
[Tue May 19 05:02:36.665838 2026] [security2:error] [pid 88241:tid 88241] [client 46.151.178.13:48262] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agw1PGOyLbpmVqhuLtI5LQAAABY"], referer: http://97.99.19.201:443/
[Tue May 19 04:24:50.890552 2026] [security2:error] [pid 88236:tid 88236] [client 94.231.206.15:37739] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agwsYoXwXVCqbFmFoXDBpQAAABM"]
[Tue May 19 04:24:50.889697 2026] [security2:error] [pid 88236:tid 88236] [client 94.231.206.15:37739] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/favicon.ico"] [unique_id "agwsYoXwXVCqbFmFoXDBpQAAABM"]
[Tue May 19 04:24:50.888304 2026] [security2:error] [pid 88236:tid 88236] [client 94.231.206.15:37739] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/favicon.ico"] [unique_id "agwsYoXwXVCqbFmFoXDBpQAAABM"]
[Tue May 19 04:24:50.887448 2026] [security2:error] [pid 88236:tid 88236] [client 94.231.206.15:37739] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicon.ico"] [unique_id "agwsYoXwXVCqbFmFoXDBpQAAABM"]
[Tue May 19 04:22:05.617518 2026] [security2:error] [pid 88237:tid 88237] [client 49.51.245.241:39174] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agwrvYbULXIQJii9pBx7zQAAABQ"], referer: http://arul.selvans.net
[Tue May 19 04:21:58.672438 2026] [security2:error] [pid 97162:tid 97162] [client 94.231.206.11:39373] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agwrtoSRC4bQLqcF2cnyYQAAAAQ"]
[Tue May 19 04:21:58.671592 2026] [security2:error] [pid 97162:tid 97162] [client 94.231.206.11:39373] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agwrtoSRC4bQLqcF2cnyYQAAAAQ"]
[Tue May 19 04:21:58.670197 2026] [security2:error] [pid 97162:tid 97162] [client 94.231.206.11:39373] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agwrtoSRC4bQLqcF2cnyYQAAAAQ"]
[Tue May 19 04:21:58.669331 2026] [security2:error] [pid 97162:tid 97162] [client 94.231.206.11:39373] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agwrtoSRC4bQLqcF2cnyYQAAAAQ"]
[Tue May 19 04:17:41.968964 2026] [access_compat:error] [pid 97158:tid 97158] [client 45.139.122.80:35778] AH01797: client denied by server configuration: /cgi-bin/luci
[Tue May 19 04:17:20.650013 2026] [security2:error] [pid 88212:tid 88212] [client 45.205.1.80:41706] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agwqoP8MnBuN9dEi137lfgAAAAk"], referer: http://97.99.19.201:443/
[Tue May 19 04:17:20.648276 2026] [security2:error] [pid 88212:tid 88212] [client 45.205.1.80:41706] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agwqoP8MnBuN9dEi137lfgAAAAk"], referer: http://97.99.19.201:443/
[Tue May 19 04:17:20.646992 2026] [security2:error] [pid 88212:tid 88212] [client 45.205.1.80:41706] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agwqoP8MnBuN9dEi137lfgAAAAk"], referer: http://97.99.19.201:443/
[Tue May 19 04:17:20.646581 2026] [security2:error] [pid 88212:tid 88212] [client 45.205.1.80:41706] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agwqoP8MnBuN9dEi137lfgAAAAk"], referer: http://97.99.19.201:443/
[Tue May 19 04:17:17.823055 2026] [security2:error] [pid 97161:tid 97161] [client 45.205.1.80:41696] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agwqnbhvr3PNniWfpdOMkAAAAAI"]
[Tue May 19 04:17:04.048863 2026] [access_compat:error] [pid 97168:tid 97168] [client 5.61.209.33:41150] AH01797: client denied by server configuration: /cgi-bin/luci, referer: http://97.99.19.201:80/cgi-bin/luci/;stok=/locale
[Tue May 19 03:58:10.115037 2026] [core:error] [pid 88236:tid 88236] [client 152.32.226.205:56818] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Tue May 19 03:36:27.820046 2026] [access_compat:error] [pid 97162:tid 97162] [client 45.139.122.80:37702] AH01797: client denied by server configuration: /cgi-bin/luci, referer: http://97.99.19.201:80/cgi-bin/luci/;stok=/locale
[Tue May 19 03:32:15.721409 2026] [security2:error] [pid 97172:tid 97172] [client 3.249.223.255:42240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agwgD4sI8KeV3ddakwAGDAAAAAg"]
[Tue May 19 03:32:15.720487 2026] [security2:error] [pid 97172:tid 97172] [client 3.249.223.255:42240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/"] [unique_id "agwgD4sI8KeV3ddakwAGDAAAAAg"]
[Tue May 19 03:32:15.718646 2026] [security2:error] [pid 97172:tid 97172] [client 3.249.223.255:42240] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "selvans.net"] [uri "/"] [unique_id "agwgD4sI8KeV3ddakwAGDAAAAAg"]
[Tue May 19 03:16:46.492979 2026] [security2:error] [pid 88237:tid 88237] [client 140.245.32.2:64760] ModSecurity: Access denied with code 403 (phase 2). Pattern match "wp-login.php" at REQUEST_FILENAME. [file "/etc/modsecurity/wordpress.conf"] [line "4"] [id "2000000"] [msg "wordpress bruteforce attempt"] [hostname "www.selvans.net"] [uri "/wp-login.php"] [unique_id "agwcbobULXIQJii9pBx7yAAAABQ"], referer: https://blog.selvans.net/wp-login.php?m=1
[Tue May 19 03:13:58.578211 2026] [security2:error] [pid 97172:tid 97172] [client 43.135.142.7:51388] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agwbxosI8KeV3ddakwAGCgAAAAg"], referer: http://whoami.selvans.net
[Tue May 19 02:59:44.793614 2026] [security2:error] [pid 97161:tid 97161] [client 46.151.178.13:43288] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agwYcLhvr3PNniWfpdOMjQAAAAI"], referer: http://97.99.19.201:443/
[Tue May 19 02:59:44.791935 2026] [security2:error] [pid 97161:tid 97161] [client 46.151.178.13:43288] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agwYcLhvr3PNniWfpdOMjQAAAAI"], referer: http://97.99.19.201:443/
[Tue May 19 02:59:44.790166 2026] [security2:error] [pid 97161:tid 97161] [client 46.151.178.13:43288] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agwYcLhvr3PNniWfpdOMjQAAAAI"], referer: http://97.99.19.201:443/
[Tue May 19 02:59:44.789680 2026] [security2:error] [pid 97161:tid 97161] [client 46.151.178.13:43288] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agwYcLhvr3PNniWfpdOMjQAAAAI"], referer: http://97.99.19.201:443/
[Tue May 19 02:57:50.025642 2026] [security2:error] [pid 97168:tid 97168] [client 74.82.47.4:64638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agwX_UIPY4zi_0_UZE9RGwAAAAY"]
[Tue May 19 02:57:50.024153 2026] [security2:error] [pid 97168:tid 97168] [client 74.82.47.4:64638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.git/config"] [unique_id "agwX_UIPY4zi_0_UZE9RGwAAAAY"]
[Tue May 19 02:57:50.023229 2026] [security2:error] [pid 97168:tid 97168] [client 74.82.47.4:64638] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.git/config"] [unique_id "agwX_UIPY4zi_0_UZE9RGwAAAAY"]
[Tue May 19 02:57:50.021896 2026] [security2:error] [pid 97168:tid 97168] [client 74.82.47.4:64638] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.git/config"] [unique_id "agwX_UIPY4zi_0_UZE9RGwAAAAY"]
[Tue May 19 02:52:21.112391 2026] [security2:error] [pid 88212:tid 88212] [client 74.82.47.4:27598] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/geoserver/web/"] [unique_id "agwWtP8MnBuN9dEi137leAAAAAk"]
[Tue May 19 02:41:49.536153 2026] [security2:error] [pid 97172:tid 97172] [client 74.82.47.4:30608] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicon.ico"] [unique_id "agwUPYsI8KeV3ddakwAGCAAAAAg"]
[Tue May 19 02:36:40.152012 2026] [security2:error] [pid 97168:tid 97168] [client 74.82.47.4:44544] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agwTB0IPY4zi_0_UZE9RGgAAAAY"]
[Tue May 19 02:27:18.751156 2026] [security2:error] [pid 97172:tid 97172] [client 74.82.47.4:13518] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agwQ1osI8KeV3ddakwAGBwAAAAg"]
[Tue May 19 02:26:14.436229 2026] [security2:error] [pid 97161:tid 97161] [client 43.134.162.36:34378] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agwQlrhvr3PNniWfpdOMiwAAAAI"], referer: http://selvans.net
[Tue May 19 02:17:45.133146 2026] [security2:error] [pid 88227:tid 88227] [client 43.157.158.178:50074] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/error/HTTP_BAD_REQUEST.html.var"] [unique_id "agwOmVFm2gWE-6rODHOtvwAAAA4"], referer: http://97.99.19.201:443
[Tue May 19 02:16:55.055171 2026] [security2:error] [pid 88236:tid 88236] [client 43.166.134.47:57216] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agwOZoXwXVCqbFmFoXDBmwAAABM"], referer: http://97.99.19.201:80
[Tue May 19 02:05:51.486600 2026] [security2:error] [pid 88237:tid 88237] [client 34.253.240.253:46038] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agwLz4bULXIQJii9pBx7xAAAABQ"]
[Tue May 19 02:05:51.485743 2026] [security2:error] [pid 88237:tid 88237] [client 34.253.240.253:46038] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/"] [unique_id "agwLz4bULXIQJii9pBx7xAAAABQ"]
[Tue May 19 02:05:51.483839 2026] [security2:error] [pid 88237:tid 88237] [client 34.253.240.253:46038] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "selvans.net"] [uri "/"] [unique_id "agwLz4bULXIQJii9pBx7xAAAABQ"]
[Tue May 19 01:57:29.066336 2026] [security2:error] [pid 88237:tid 88237] [client 34.52.137.61:51850] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agwJ2IbULXIQJii9pBx7wwAAABQ"]
[Tue May 19 01:31:46.219266 2026] [security2:error] [pid 88236:tid 88236] [client 91.231.89.140:38331] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agwD0oXwXVCqbFmFoXDBmAAAABM"]
[Tue May 19 01:30:27.410313 2026] [access_compat:error] [pid 97168:tid 97168] [client 5.61.209.33:48102] AH01797: client denied by server configuration: /cgi-bin/luci, referer: http://97.99.19.201:80/cgi-bin/luci/;stok=/locale
[Tue May 19 01:29:41.275608 2026] [security2:error] [pid 97162:tid 97162] [client 46.151.178.13:35100] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agwDVYSRC4bQLqcF2cnyVQAAAAQ"], referer: http://97.99.19.201:443/
[Tue May 19 01:29:41.274219 2026] [security2:error] [pid 97162:tid 97162] [client 46.151.178.13:35100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agwDVYSRC4bQLqcF2cnyVQAAAAQ"], referer: http://97.99.19.201:443/
[Tue May 19 01:29:41.272468 2026] [security2:error] [pid 97162:tid 97162] [client 46.151.178.13:35100] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agwDVYSRC4bQLqcF2cnyVQAAAAQ"], referer: http://97.99.19.201:443/
[Tue May 19 01:29:41.271998 2026] [security2:error] [pid 97162:tid 97162] [client 46.151.178.13:35100] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agwDVYSRC4bQLqcF2cnyVQAAAAQ"], referer: http://97.99.19.201:443/
[Tue May 19 01:23:52.190702 2026] [security2:error] [pid 88237:tid 88237] [client 43.134.165.242:41738] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agwB-IbULXIQJii9pBx7vQAAABQ"], referer: http://97.99.19.201
[Tue May 19 01:17:30.434120 2026] [access_compat:error] [pid 97158:tid 97158] [client 5.61.209.33:37920] AH01797: client denied by server configuration: /cgi-bin/luci
[Tue May 19 01:12:19.343867 2026] [security2:error] [pid 88212:tid 88212] [client 203.55.131.3:39266] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicon.ico"] [unique_id "agv_Q_8MnBuN9dEi137lcgAAAAk"]
[Tue May 19 01:11:53.417456 2026] [security2:error] [pid 88236:tid 88236] [client 203.55.131.3:51366] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agv_KYXwXVCqbFmFoXDBlgAAABM"]
[Tue May 19 00:48:25.792551 2026] [security2:error] [pid 88212:tid 88212] [client 43.156.125.227:41240] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agv5qf8MnBuN9dEi137lbgAAAAk"], referer: http://www.selvans.net
[Tue May 19 00:46:09.517967 2026] [security2:error] [pid 88238:tid 88238] [client 108.130.212.177:57082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agv5ISgTg_BISTwG6hVxNQAAABU"]
[Tue May 19 00:46:09.517137 2026] [security2:error] [pid 88238:tid 88238] [client 108.130.212.177:57082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/"] [unique_id "agv5ISgTg_BISTwG6hVxNQAAABU"]
[Tue May 19 00:46:09.515571 2026] [security2:error] [pid 88238:tid 88238] [client 108.130.212.177:57082] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "selvans.net"] [uri "/"] [unique_id "agv5ISgTg_BISTwG6hVxNQAAABU"]
[Tue May 19 00:33:17.146129 2026] [security2:error] [pid 87177:tid 87177] [client 66.132.186.177:6228] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/i3wttohs4o5k01c"] [unique_id "agv2HaZvmI8GhNIxtIhUSwAAAAM"]
[Tue May 19 00:33:13.104275 2026] [security2:error] [pid 88231:tid 88231] [client 66.132.186.177:12234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicon.ico"] [unique_id "agv2GTfwmlLjK9HCszP0kgAAABI"]
[Tue May 19 00:33:11.361510 2026] [security2:error] [pid 88241:tid 88241] [client 66.132.186.177:12204] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.well-known/security.txt"] [unique_id "agv2F2OyLbpmVqhuLtI5GQAAABY"]
[Tue May 19 00:24:49.659378 2026] [security2:error] [pid 92866:tid 92866] [client 178.238.224.28:49324] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agv0IRx7Bur8w4wPzzwG2gAAAAA"]
[Tue May 19 00:08:01.413558 2026] [access_compat:error] [pid 88231:tid 88231] [client 5.61.209.33:50272] AH01797: client denied by server configuration: /cgi-bin/luci, referer: http://97.99.19.201:80/cgi-bin/luci/;stok=/locale
[Tue May 19 00:03:23.690589 2026] [security2:error] [pid 92866:tid 92866] [client 46.151.178.13:41476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agvvGxx7Bur8w4wPzzwG2QAAAAA"], referer: http://97.99.19.201:443/
[Tue May 19 00:03:23.689246 2026] [security2:error] [pid 92866:tid 92866] [client 46.151.178.13:41476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agvvGxx7Bur8w4wPzzwG2QAAAAA"], referer: http://97.99.19.201:443/
[Tue May 19 00:03:23.687376 2026] [security2:error] [pid 92866:tid 92866] [client 46.151.178.13:41476] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agvvGxx7Bur8w4wPzzwG2QAAAAA"], referer: http://97.99.19.201:443/
[Tue May 19 00:03:23.686851 2026] [security2:error] [pid 92866:tid 92866] [client 46.151.178.13:41476] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agvvGxx7Bur8w4wPzzwG2QAAAAA"], referer: http://97.99.19.201:443/
[Tue May 19 00:01:44.422646 2026] [access_compat:error] [pid 88236:tid 88236] [client 5.61.209.33:49356] AH01797: client denied by server configuration: /cgi-bin/luci, referer: http://97.99.19.201:80/cgi-bin/luci/;stok=/locale
[Tue May 19 00:00:05.599021 2026] [security2:error] [pid 87177:tid 87177] [client 170.106.192.3:32832] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agvuVaZvmI8GhNIxtIhUSgAAAAM"], referer: http://myip.selvans.net
[Mon May 18 23:58:37.842046 2026] [security2:error] [pid 88241:tid 88241] [client 54.171.166.32:58038] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agvt_WOyLbpmVqhuLtI5FwAAABY"]
[Mon May 18 23:58:37.841129 2026] [security2:error] [pid 88241:tid 88241] [client 54.171.166.32:58038] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/"] [unique_id "agvt_WOyLbpmVqhuLtI5FwAAABY"]
[Mon May 18 23:58:37.839045 2026] [security2:error] [pid 88241:tid 88241] [client 54.171.166.32:58038] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "selvans.net"] [uri "/"] [unique_id "agvt_WOyLbpmVqhuLtI5FwAAABY"]
[Mon May 18 23:33:25.973776 2026] [security2:error] [pid 88238:tid 88238] [client 140.245.32.2:64567] ModSecurity: Access denied with code 403 (phase 2). Pattern match "wp-login.php" at REQUEST_FILENAME. [file "/etc/modsecurity/wordpress.conf"] [line "4"] [id "2000000"] [msg "wordpress bruteforce attempt"] [hostname "selvans.net"] [uri "/wp-login.php"] [unique_id "agvoFSgTg_BISTwG6hVxMAAAABU"]
[Mon May 18 23:24:57.246905 2026] [security2:error] [pid 88230:tid 88230] [client 45.139.122.80:42168] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/SDK/webLanguage"] [unique_id "agvmGUmgtDQxVwsgXvt2-AAAABE"]
[Mon May 18 23:08:25.559325 2026] [security2:error] [pid 88227:tid 88227] [client 43.130.34.74:36690] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agviOVFm2gWE-6rODHOtrAAAAA4"], referer: http://arul.selvans.net
[Mon May 18 22:53:00.455178 2026] [security2:error] [pid 87177:tid 87177] [client 183.207.48.227:5265] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "103"] [id "980140"] [msg "Outbound Anomaly Score Exceeded (score 4): individual paranoia level scores: 4, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agvenKZvmI8GhNIxtIhURQAAAAM"]
[Mon May 18 22:53:00.452807 2026] [security2:error] [pid 87177:tid 87177] [client 183.207.48.227:5265] ModSecurity: Access denied with code 403 (phase 4). Operator GE matched 4 at TX:outbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf"] [line "77"] [id "959100"] [msg "Outbound Anomaly Score Exceeded (Total Score: 4)"] [ver "OWASP_CRS/3.3.7"] [tag "anomaly-evaluation"] [hostname "selvans.net"] [uri "/tmp/"] [unique_id "agvenKZvmI8GhNIxtIhURQAAAAM"]
[Mon May 18 22:53:00.452113 2026] [security2:error] [pid 87177:tid 87177] [client 183.207.48.227:5265] ModSecurity: Warning. Pattern match "(?:"(?:TITLE"Index of.*?"H|title"Index of.*?"h)1"Index of|"\\\\[To Parent Directory\\\\]"\\\\/[Aa]""br")" at RESPONSE_BODY. [file "/usr/share/modsecurity-crs/rules/RESPONSE-950-DATA-LEAKAGES.conf"] [line "51"] [id "950130"] [msg "Directory Listing"] [data "Matched Data: "title"Index of /tmp"/title"\\x0a "meta name=\\x22viewport\\x22 content=\\x22width=device-width, initial-scale=1\\x22""/head"\\x0a "body"\\x0a"h1"Index of found within RESPONSE_BODY: "!DOCTYPE HTML PUBLIC \\x22-//W3C//DTD HTML 3.2 Final//EN\\x22"\\x0a"html"\\x0a "head"\\x0a "title"Index of /tmp"/title"\\x0a "meta name=\\x22viewport\\x22 content=\\x22width=device-width, initial-scale=1\\x22""/head"\\x0a "body"\\x0a"h1"Index of /tmp"/h1"\\x0a "table"\\x0a "tr""th valign=\\x22top\\x22""img src=\\x22/icons/blank.g..."] [severity "ERROR"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/116/54/127"] [tag "PCI/6.5.6 [hostname "selvans.net"] [uri "/tmp/"] [unique_id "agvenKZvmI8GhNIxtIhURQAAAAM"]
[Mon May 18 22:26:59.191859 2026] [security2:error] [pid 87177:tid 87177] [client 46.151.178.13:60628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agvYg6ZvmI8GhNIxtIhUPwAAAAM"], referer: http://97.99.19.201:443/
[Mon May 18 22:26:59.190361 2026] [security2:error] [pid 87177:tid 87177] [client 46.151.178.13:60628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agvYg6ZvmI8GhNIxtIhUPwAAAAM"], referer: http://97.99.19.201:443/
[Mon May 18 22:26:59.188732 2026] [security2:error] [pid 87177:tid 87177] [client 46.151.178.13:60628] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agvYg6ZvmI8GhNIxtIhUPwAAAAM"], referer: http://97.99.19.201:443/
[Mon May 18 22:26:59.188244 2026] [security2:error] [pid 87177:tid 87177] [client 46.151.178.13:60628] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agvYg6ZvmI8GhNIxtIhUPwAAAAM"], referer: http://97.99.19.201:443/
[Mon May 18 22:10:57.111181 2026] [security2:error] [pid 88230:tid 88230] [client 54.77.21.8:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agvUwUmgtDQxVwsgXvt28AAAABE"]
[Mon May 18 22:10:57.109820 2026] [security2:error] [pid 88230:tid 88230] [client 54.77.21.8:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/"] [unique_id "agvUwUmgtDQxVwsgXvt28AAAABE"]
[Mon May 18 22:10:57.108099 2026] [security2:error] [pid 88230:tid 88230] [client 54.77.21.8:47144] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "selvans.net"] [uri "/"] [unique_id "agvUwUmgtDQxVwsgXvt28AAAABE"]
[Mon May 18 22:10:42.891932 2026] [security2:error] [pid 88236:tid 88236] [client 43.130.32.245:42762] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/error/HTTP_BAD_REQUEST.html.var"] [unique_id "agvUsoXwXVCqbFmFoXDBgwAAABM"], referer: http://97.99.19.201:443
[Mon May 18 22:10:06.444632 2026] [security2:error] [pid 88238:tid 88238] [client 43.130.150.80:48892] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agvUjigTg_BISTwG6hVxIwAAABU"], referer: http://97.99.19.201:80
[Mon May 18 22:05:32.757385 2026] [security2:error] [pid 88230:tid 88230] [client 43.153.48.240:49822] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agvTfEmgtDQxVwsgXvt27wAAABE"], referer: http://whoami.selvans.net
[Mon May 18 21:55:33.476025 2026] [security2:error] [pid 88230:tid 88230] [client 183.207.45.122:20402] ModSecurity: Warning. Match of "rx ^(?:(?:\\\\*|[^\\"(),\\\\/:;"="?![\\\\x5c\\\\]{}]+)\\\\/(?:\\\\*|[^\\"(),\\\\/:;"="?![\\\\x5c\\\\]{}]+))(?:\\\\s*+;\\\\s*+(?:(?:charset\\\\s*+=\\\\s*+(?:\\"?(?:iso-8859-15?|windows-1252|utf-8)\\\\b\\"?))|(?:(?:c(?:h(?:a(?:r(?:s(?:e[^t\\"(),\\\\/:;"="?![\\\\x5c\\\\]{}]|[^e\\"(),/:;"="?![\\\\x5c ..." against "REQUEST_HEADERS:Accept" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1161"] [id "920600"] [msg "Illegal Accept header: charset parameter"] [data "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [hostname "selvans.net"] [uri "/"] [unique_id "agvRJUmgtDQxVwsgXvt27gAAABE"]
[Mon May 18 21:44:18.361220 2026] [security2:error] [pid 88236:tid 88236] [client 49.235.136.28:55296] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agvOgoXwXVCqbFmFoXDBgAAAABM"], referer: http://www.selvans.net
[Mon May 18 21:30:48.956961 2026] [security2:error] [pid 88231:tid 88231] [client 104.28.225.29:15813] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "www.selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agvLWDfwmlLjK9HCszP0fwAAABI"]
[Mon May 18 21:30:48.954745 2026] [security2:error] [pid 88231:tid 88231] [client 104.28.225.29:15813] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.selvans.net"] [uri "/.git/HEAD"] [unique_id "agvLWDfwmlLjK9HCszP0fwAAABI"]
[Mon May 18 21:30:48.954171 2026] [security2:error] [pid 88231:tid 88231] [client 104.28.225.29:15813] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.selvans.net"] [uri "/.git/HEAD"] [unique_id "agvLWDfwmlLjK9HCszP0fwAAABI"]
[Mon May 18 21:30:48.665120 2026] [security2:error] [pid 88230:tid 88230] [client 104.28.225.30:22732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "www.selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agvLWEmgtDQxVwsgXvt26gAAABE"]
[Mon May 18 21:30:48.663172 2026] [security2:error] [pid 88230:tid 88230] [client 104.28.225.30:22732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.selvans.net"] [uri "/.git/config"] [unique_id "agvLWEmgtDQxVwsgXvt26gAAABE"]
[Mon May 18 21:30:48.662598 2026] [security2:error] [pid 88230:tid 88230] [client 104.28.225.30:22732] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.selvans.net"] [uri "/.git/config"] [unique_id "agvLWEmgtDQxVwsgXvt26gAAABE"]
[Mon May 18 21:24:17.701979 2026] [security2:error] [pid 88241:tid 88241] [client 43.164.3.23:41786] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agvJ0WOyLbpmVqhuLtI5AwAAABY"], referer: http://selvans.net
[Mon May 18 21:20:01.977401 2026] [security2:error] [pid 88230:tid 88230] [client 46.151.178.13:55310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agvI0UmgtDQxVwsgXvt26QAAABE"], referer: http://97.99.19.201:443/
[Mon May 18 21:20:01.975793 2026] [security2:error] [pid 88230:tid 88230] [client 46.151.178.13:55310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agvI0UmgtDQxVwsgXvt26QAAABE"], referer: http://97.99.19.201:443/
[Mon May 18 21:20:01.974051 2026] [security2:error] [pid 88230:tid 88230] [client 46.151.178.13:55310] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agvI0UmgtDQxVwsgXvt26QAAABE"], referer: http://97.99.19.201:443/
[Mon May 18 21:20:01.973559 2026] [security2:error] [pid 88230:tid 88230] [client 46.151.178.13:55310] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agvI0UmgtDQxVwsgXvt26QAAABE"], referer: http://97.99.19.201:443/
[Mon May 18 21:15:56.464137 2026] [security2:error] [pid 88236:tid 88236] [client 49.51.33.159:43452] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agvH3IXwXVCqbFmFoXDBfgAAABM"], referer: http://97.99.19.201
[Mon May 18 20:29:44.890209 2026] [core:error] [pid 87177:tid 87177] [client 117.175.140.121:51098] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Mon May 18 20:26:49.917045 2026] [security2:error] [pid 88230:tid 88230] [client 34.242.248.161:55990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agu8WUmgtDQxVwsgXvt25gAAABE"]
[Mon May 18 20:26:49.916204 2026] [security2:error] [pid 88230:tid 88230] [client 34.242.248.161:55990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/"] [unique_id "agu8WUmgtDQxVwsgXvt25gAAABE"]
[Mon May 18 20:26:49.914296 2026] [security2:error] [pid 88230:tid 88230] [client 34.242.248.161:55990] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "selvans.net"] [uri "/"] [unique_id "agu8WUmgtDQxVwsgXvt25gAAABE"]
[Mon May 18 20:08:57.364062 2026] [security2:error] [pid 88227:tid 88227] [client 20.163.10.187:43370] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agu4KVFm2gWE-6rODHOtkgAAAA4"]
[Mon May 18 20:08:57.362955 2026] [security2:error] [pid 88227:tid 88227] [client 20.163.10.187:43370] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agu4KVFm2gWE-6rODHOtkgAAAA4"]
[Mon May 18 20:08:57.361036 2026] [security2:error] [pid 88227:tid 88227] [client 20.163.10.187:43370] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agu4KVFm2gWE-6rODHOtkgAAAA4"]
[Mon May 18 20:08:57.360511 2026] [security2:error] [pid 88227:tid 88227] [client 20.163.10.187:43370] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agu4KVFm2gWE-6rODHOtkgAAAA4"]
[Mon May 18 20:08:20.408239 2026] [security2:error] [pid 88230:tid 88230] [client 46.151.178.13:48856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agu4BEmgtDQxVwsgXvt24wAAABE"], referer: http://97.99.19.201:443/
[Mon May 18 20:08:20.406965 2026] [security2:error] [pid 88230:tid 88230] [client 46.151.178.13:48856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agu4BEmgtDQxVwsgXvt24wAAABE"], referer: http://97.99.19.201:443/
[Mon May 18 20:08:20.405266 2026] [security2:error] [pid 88230:tid 88230] [client 46.151.178.13:48856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agu4BEmgtDQxVwsgXvt24wAAABE"], referer: http://97.99.19.201:443/
[Mon May 18 20:08:20.404717 2026] [security2:error] [pid 88230:tid 88230] [client 46.151.178.13:48856] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agu4BEmgtDQxVwsgXvt24wAAABE"], referer: http://97.99.19.201:443/
[Mon May 18 19:38:55.689227 2026] [security2:error] [pid 88231:tid 88231] [client 167.94.146.48:2300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/hi753r40qhlv2tm1"] [unique_id "aguxHzfwmlLjK9HCszP0dgAAABI"]
[Mon May 18 19:38:55.103928 2026] [security2:error] [pid 88238:tid 88238] [client 167.94.146.48:2294] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/robots.txt"] [unique_id "aguxHygTg_BISTwG6hVxEQAAABU"]
[Mon May 18 19:38:48.147463 2026] [security2:error] [pid 88222:tid 88222] [client 167.94.146.48:2218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "aguxGIJ8Sk4QKZopbiI26gAAAA0"]
[Mon May 18 19:38:35.738382 2026] [security2:error] [pid 88230:tid 88230] [client 167.94.146.48:27524] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicon.ico"] [unique_id "aguxC0mgtDQxVwsgXvt24AAAABE"]
[Mon May 18 19:38:34.287783 2026] [security2:error] [pid 88236:tid 88236] [client 167.94.146.48:27502] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicons/favicon.ico"] [unique_id "aguxCoXwXVCqbFmFoXDBdQAAABM"]
[Mon May 18 19:38:33.272252 2026] [security2:error] [pid 88231:tid 88231] [client 167.94.146.48:27486] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicons/favicon-16x16.png"] [unique_id "aguxCTfwmlLjK9HCszP0dQAAABI"]
[Mon May 18 19:38:32.080407 2026] [security2:error] [pid 88238:tid 88238] [client 167.94.146.48:27484] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicons/favicon-32x32.png"] [unique_id "aguxCCgTg_BISTwG6hVxEAAAABU"]
[Mon May 18 19:38:31.509039 2026] [security2:error] [pid 88222:tid 88222] [client 167.94.146.48:27464] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicons/apple-touch-icon.png"] [unique_id "aguxB4J8Sk4QKZopbiI26QAAAA0"]
[Mon May 18 19:38:29.901541 2026] [security2:error] [pid 88212:tid 88212] [client 167.94.146.48:27440] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "aguxBf8MnBuN9dEi137lTwAAAAk"]
[Mon May 18 19:37:20.822392 2026] [core:error] [pid 88241:tid 88241] [client 84.247.179.13:41304] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Mon May 18 19:35:19.781915 2026] [security2:error] [pid 87177:tid 87177] [client 43.135.134.127:54338] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "aguwR6ZvmI8GhNIxtIhUMQAAAAM"], referer: http://www.selvans.net
[Mon May 18 19:29:27.624559 2026] [security2:error] [pid 88230:tid 88230] [client 120.71.10.48:48886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/dns-query"] [unique_id "aguu50mgtDQxVwsgXvt23wAAABE"]
[Mon May 18 19:29:27.623956 2026] [negotiation:error] [pid 88230:tid 88230] [client 120.71.10.48:48886] AH00690: no acceptable variant: /error/HTTP_FORBIDDEN.html.var
[Mon May 18 19:29:27.622897 2026] [security2:error] [pid 88230:tid 88230] [client 120.71.10.48:48886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/dns-query"] [unique_id "aguu50mgtDQxVwsgXvt23wAAABE"]
[Mon May 18 19:29:27.619818 2026] [security2:error] [pid 88230:tid 88230] [client 120.71.10.48:48886] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/dns-query"] [unique_id "aguu50mgtDQxVwsgXvt23wAAABE"]
[Mon May 18 19:29:27.619612 2026] [security2:error] [pid 88230:tid 88230] [client 120.71.10.48:48886] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/dns-query"] [unique_id "aguu50mgtDQxVwsgXvt23wAAABE"]
[Mon May 18 19:29:26.997097 2026] [negotiation:error] [pid 88230:tid 88230] [client 120.71.10.48:48886] AH00690: no acceptable variant: /error/HTTP_NOT_FOUND.html.var
[Mon May 18 19:29:26.994336 2026] [security2:error] [pid 88230:tid 88230] [client 120.71.10.48:48886] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/dns-query"] [unique_id "aguu5kmgtDQxVwsgXvt23gAAABE"]
[Mon May 18 18:54:59.493824 2026] [security2:error] [pid 88227:tid 88227] [client 43.164.3.182:51486] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agum01Fm2gWE-6rODHOtjQAAAA4"], referer: http://myip.selvans.net
[Mon May 18 18:28:31.358744 2026] [security2:error] [pid 88238:tid 88238] [client 103.168.66.178:21254] ModSecurity: Multipart parsing error: Multipart: No boundaries found in payload. [hostname "www.selvans.net"] [uri "/"] [unique_id "agugnygTg_BISTwG6hVxCwAAABU"]
[Mon May 18 18:28:23.564448 2026] [security2:error] [pid 88236:tid 88236] [client 103.168.66.178:37376] ModSecurity: Multipart parsing error: Multipart: No boundaries found in payload. [hostname "www.selvans.net"] [uri "/"] [unique_id "agugl4XwXVCqbFmFoXDBcQAAABM"]
[Mon May 18 18:18:28.465960 2026] [security2:error] [pid 88212:tid 88212] [client 46.151.178.13:46284] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agueRP8MnBuN9dEi137lSgAAAAk"], referer: http://97.99.19.201:443/
[Mon May 18 18:18:28.464507 2026] [security2:error] [pid 88212:tid 88212] [client 46.151.178.13:46284] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agueRP8MnBuN9dEi137lSgAAAAk"], referer: http://97.99.19.201:443/
[Mon May 18 18:18:28.462669 2026] [security2:error] [pid 88212:tid 88212] [client 46.151.178.13:46284] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agueRP8MnBuN9dEi137lSgAAAAk"], referer: http://97.99.19.201:443/
[Mon May 18 18:18:28.462120 2026] [security2:error] [pid 88212:tid 88212] [client 46.151.178.13:46284] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agueRP8MnBuN9dEi137lSgAAAAk"], referer: http://97.99.19.201:443/
[Mon May 18 18:07:51.623251 2026] [security2:error] [pid 88227:tid 88227] [client 43.156.51.128:40180] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agubx1Fm2gWE-6rODHOtiwAAAA4"], referer: http://arul.selvans.net
[Mon May 18 18:00:52.891154 2026] [security2:error] [pid 88230:tid 88230] [client 49.51.72.76:36410] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/error/HTTP_BAD_REQUEST.html.var"] [unique_id "aguaJEmgtDQxVwsgXvt22gAAABE"], referer: http://97.99.19.201:443
[Mon May 18 17:58:52.279231 2026] [security2:error] [pid 87177:tid 87177] [client 129.226.210.142:54838] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "aguZrKZvmI8GhNIxtIhUKwAAAAM"], referer: http://97.99.19.201:80
[Mon May 18 17:13:45.910056 2026] [security2:error] [pid 88236:tid 88236] [client 79.124.40.174:56854] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/actuator/gateway/routes"] [unique_id "aguPGYXwXVCqbFmFoXDBbgAAABM"]
[Mon May 18 17:08:49.239600 2026] [security2:error] [pid 88227:tid 88227] [client 43.152.72.247:56962] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "aguN8VFm2gWE-6rODHOthwAAAA4"], referer: http://whoami.selvans.net
[Mon May 18 17:07:18.759602 2026] [security2:error] [pid 88238:tid 88238] [client 170.106.72.178:41176] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "aguNligTg_BISTwG6hVxCAAAABU"], referer: http://97.99.19.201
[Mon May 18 16:29:57.111761 2026] [security2:error] [pid 88212:tid 88212] [client 43.164.196.47:50326] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "aguE1f8MnBuN9dEi137lQAAAAAk"], referer: http://selvans.net
[Mon May 18 16:25:54.367465 2026] [security2:error] [pid 88231:tid 88231] [client 46.151.178.13:45606] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "aguD4jfwmlLjK9HCszP0ZQAAABI"], referer: http://97.99.19.201:443/
[Mon May 18 16:25:54.365855 2026] [security2:error] [pid 88231:tid 88231] [client 46.151.178.13:45606] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "aguD4jfwmlLjK9HCszP0ZQAAABI"], referer: http://97.99.19.201:443/
[Mon May 18 16:25:54.364025 2026] [security2:error] [pid 88231:tid 88231] [client 46.151.178.13:45606] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "aguD4jfwmlLjK9HCszP0ZQAAABI"], referer: http://97.99.19.201:443/
[Mon May 18 16:25:54.363528 2026] [security2:error] [pid 88231:tid 88231] [client 46.151.178.13:45606] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "aguD4jfwmlLjK9HCszP0ZQAAABI"], referer: http://97.99.19.201:443/
[Mon May 18 16:18:24.942386 2026] [security2:error] [pid 88227:tid 88227] [client 71.6.199.23:51706] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicons/favicon.ico"] [unique_id "aguCIFFm2gWE-6rODHOtcQAAAA4"]
[Mon May 18 16:18:24.495671 2026] [security2:error] [pid 88222:tid 88222] [client 71.6.199.23:51696] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.well-known/security.txt"] [unique_id "aguCIIJ8Sk4QKZopbiI21wAAAA0"]
[Mon May 18 16:18:24.146121 2026] [security2:error] [pid 88236:tid 88236] [client 71.6.199.23:51682] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/sitemap.xml"] [unique_id "aguCIIXwXVCqbFmFoXDBZwAAABM"]
[Mon May 18 16:18:23.809420 2026] [security2:error] [pid 88212:tid 88212] [client 71.6.199.23:51674] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/robots.txt"] [unique_id "aguCH_8MnBuN9dEi137lPwAAAAk"]
[Mon May 18 16:18:04.524035 2026] [security2:error] [pid 88241:tid 88241] [client 71.6.199.23:44798] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "aguCDGOyLbpmVqhuLtI46gAAABY"]
[Mon May 18 16:15:59.402268 2026] [core:error] [pid 88231:tid 88231] [client 110.35.80.116:39548] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Mon May 18 15:48:15.532283 2026] [security2:error] [pid 88236:tid 88236] [client 79.124.40.174:51998] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agt7D4XwXVCqbFmFoXDBZQAAABM"]
[Mon May 18 14:50:14.431610 2026] [security2:error] [pid 72568:tid 72568] [client 46.151.178.13:36990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agttdty0qizkbcfiKbhDqwAAAAA"], referer: http://97.99.19.201:443/
[Mon May 18 14:50:14.430507 2026] [security2:error] [pid 72568:tid 72568] [client 46.151.178.13:36990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agttdty0qizkbcfiKbhDqwAAAAA"], referer: http://97.99.19.201:443/
[Mon May 18 14:50:14.428628 2026] [security2:error] [pid 72568:tid 72568] [client 46.151.178.13:36990] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agttdty0qizkbcfiKbhDqwAAAAA"], referer: http://97.99.19.201:443/
[Mon May 18 14:50:14.428053 2026] [security2:error] [pid 72568:tid 72568] [client 46.151.178.13:36990] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agttdty0qizkbcfiKbhDqwAAAAA"], referer: http://97.99.19.201:443/
[Mon May 18 14:49:18.593589 2026] [security2:error] [pid 78780:tid 78780] [client 39.163.23.96:41476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agttNq2MuIVzEqP64fpi-AAAAAE"], referer: https://selvans.net/
[Mon May 18 14:49:18.592286 2026] [security2:error] [pid 78780:tid 78780] [client 39.163.23.96:41476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/"] [unique_id "agttNq2MuIVzEqP64fpi-AAAAAE"], referer: https://selvans.net/
[Mon May 18 14:49:18.589335 2026] [security2:error] [pid 78780:tid 78780] [client 39.163.23.96:41476] ModSecurity: Warning. Matched phrase "user-agent:" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: user-agent: found within REQUEST_HEADERS:User-Agent: user-agent:mozilla/5.0 (windows nt 6.1; wow64) applewebkit/537.36 (khtml, like gecko) chrome/50.0.2661.102 safari/537.36"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "selvans.net"] [uri "/"] [unique_id "agttNq2MuIVzEqP64fpi-AAAAAE"], referer: https://selvans.net/
[Mon May 18 14:49:02.611217 2026] [security2:error] [pid 72568:tid 72568] [client 43.166.240.231:58418] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agttLty0qizkbcfiKbhDqgAAAAA"], referer: http://www.selvans.net
[Mon May 18 14:31:49.363523 2026] [security2:error] [pid 79052:tid 79052] [client 80.75.212.113:63976] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/service-worker.js"] [unique_id "agtpJM2NvfivVbVz7dfLgAAAAAQ"]
[Mon May 18 14:31:48.445360 2026] [security2:error] [pid 82657:tid 82657] [client 80.75.212.113:63532] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agtpI91D8DnwC3uVAevIrAAAAAI"]
[Mon May 18 14:24:34.659761 2026] [security2:error] [pid 79052:tid 79052] [client 45.135.193.157:48020] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agtncs2NvfivVbVz7dfLfwAAAAQ"]
[Mon May 18 14:24:34.658300 2026] [security2:error] [pid 79052:tid 79052] [client 45.135.193.157:48020] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/backend/.env"] [unique_id "agtncs2NvfivVbVz7dfLfwAAAAQ"]
[Mon May 18 14:24:34.657541 2026] [security2:error] [pid 79052:tid 79052] [client 45.135.193.157:48020] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/backend/.env"] [unique_id "agtncs2NvfivVbVz7dfLfwAAAAQ"]
[Mon May 18 14:24:34.656626 2026] [security2:error] [pid 79052:tid 79052] [client 45.135.193.157:48020] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/backend/.env"] [unique_id "agtncs2NvfivVbVz7dfLfwAAAAQ"]
[Mon May 18 14:24:34.172843 2026] [security2:error] [pid 82657:tid 82657] [client 45.135.193.157:48014] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agtncd1D8DnwC3uVAevIqwAAAAI"]
[Mon May 18 14:24:34.171637 2026] [security2:error] [pid 82657:tid 82657] [client 45.135.193.157:48014] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/api/.env"] [unique_id "agtncd1D8DnwC3uVAevIqwAAAAI"]
[Mon May 18 14:24:34.170814 2026] [security2:error] [pid 82657:tid 82657] [client 45.135.193.157:48014] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/api/.env"] [unique_id "agtncd1D8DnwC3uVAevIqwAAAAI"]
[Mon May 18 14:24:34.169924 2026] [security2:error] [pid 82657:tid 82657] [client 45.135.193.157:48014] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/api/.env"] [unique_id "agtncd1D8DnwC3uVAevIqwAAAAI"]
[Mon May 18 14:24:33.379845 2026] [security2:error] [pid 72555:tid 72555] [client 45.135.193.157:46310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agtncebQmdihkwGNxhD6AQAAAAw"]
[Mon May 18 14:24:33.378611 2026] [security2:error] [pid 72555:tid 72555] [client 45.135.193.157:46310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env"] [unique_id "agtncebQmdihkwGNxhD6AQAAAAw"]
[Mon May 18 14:24:33.377786 2026] [security2:error] [pid 72555:tid 72555] [client 45.135.193.157:46310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env"] [unique_id "agtncebQmdihkwGNxhD6AQAAAAw"]
[Mon May 18 14:24:33.376907 2026] [security2:error] [pid 72555:tid 72555] [client 45.135.193.157:46310] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env"] [unique_id "agtncebQmdihkwGNxhD6AQAAAAw"]
[Mon May 18 14:23:57.073321 2026] [security2:error] [pid 72568:tid 72568] [client 54.174.186.68:61886] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicon.ico"] [unique_id "agtnTdy0qizkbcfiKbhDpQAAAAA"]
[Mon May 18 14:19:28.531330 2026] [security2:error] [pid 72950:tid 72950] [client 18.207.149.68:50304] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/robots.txt"] [unique_id "agtmQJMmx0MugFHuhO33jwAAAAk"]
[Mon May 18 14:19:25.416334 2026] [security2:error] [pid 78789:tid 78789] [client 3.89.60.155:60822] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agtmPeX2_WLyBabOKK-nUwAAAAU"]
[Mon May 18 14:09:23.982800 2026] [security2:error] [pid 72568:tid 72568] [client 43.153.119.119:57568] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agtj49y0qizkbcfiKbhDpAAAAAA"], referer: http://myip.selvans.net
[Mon May 18 14:07:19.886660 2026] [security2:error] [pid 78789:tid 78789] [client 93.185.167.109:40580] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agtjZ-X2_WLyBabOKK-nUgAAAAU"]
[Mon May 18 13:57:43.095272 2026] [security2:error] [pid 72568:tid 72568] [client 43.153.26.165:33812] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/error/HTTP_BAD_REQUEST.html.var"] [unique_id "agthJ9y0qizkbcfiKbhDowAAAAA"], referer: http://97.99.19.201:443
[Mon May 18 13:57:07.263710 2026] [security2:error] [pid 79063:tid 79063] [client 43.161.224.78:43618] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agthAqgJJhPTbGDaArhLFwAAAA8"], referer: http://97.99.19.201:80
[Mon May 18 13:32:26.030254 2026] [security2:error] [pid 79052:tid 79052] [client 46.151.178.13:60172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agtbOc2NvfivVbVz7dfLegAAAAQ"], referer: http://97.99.19.201:443/
[Mon May 18 13:32:26.028719 2026] [security2:error] [pid 79052:tid 79052] [client 46.151.178.13:60172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agtbOc2NvfivVbVz7dfLegAAAAQ"], referer: http://97.99.19.201:443/
[Mon May 18 13:32:26.026844 2026] [security2:error] [pid 79052:tid 79052] [client 46.151.178.13:60172] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agtbOc2NvfivVbVz7dfLegAAAAQ"], referer: http://97.99.19.201:443/
[Mon May 18 13:32:26.026292 2026] [security2:error] [pid 79052:tid 79052] [client 46.151.178.13:60172] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agtbOc2NvfivVbVz7dfLegAAAAQ"], referer: http://97.99.19.201:443/
[Mon May 18 13:31:32.073687 2026] [security2:error] [pid 72548:tid 72548] [client 3.131.220.121:36024] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agtbBF6t-agIo26GdLyNKgAAAAg"]
[Mon May 18 13:14:27.373293 2026] [security2:error] [pid 79052:tid 79052] [client 43.157.150.69:33694] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agtXA82NvfivVbVz7dfLeAAAAAQ"], referer: http://arul.selvans.net
[Mon May 18 13:11:57.546990 2026] [security2:error] [pid 72568:tid 72568] [client 172.232.108.36:41392] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agtWbdy0qizkbcfiKbhDnwAAAAA"]
[Mon May 18 13:07:48.134934 2026] [security2:error] [pid 79052:tid 79052] [client 45.139.122.80:38132] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/SDK/webLanguage"] [unique_id "agtVdM2NvfivVbVz7dfLdwAAAAQ"]
[Mon May 18 13:02:54.741401 2026] [security2:error] [pid 72548:tid 72548] [client 13.60.54.137:57794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agtUTl6t-agIo26GdLyNJwAAAAg"]
[Mon May 18 13:02:54.740201 2026] [security2:error] [pid 72548:tid 72548] [client 13.60.54.137:57794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env"] [unique_id "agtUTl6t-agIo26GdLyNJwAAAAg"]
[Mon May 18 13:02:54.739309 2026] [security2:error] [pid 72548:tid 72548] [client 13.60.54.137:57794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env"] [unique_id "agtUTl6t-agIo26GdLyNJwAAAAg"]
[Mon May 18 13:00:02.687769 2026] [security2:error] [pid 72555:tid 72555] [client 43.153.107.22:52602] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agtToubQmdihkwGNxhD5vwAAAAw"], referer: http://97.99.19.201
[Mon May 18 12:45:47.601724 2026] [security2:error] [pid 79066:tid 79066] [client 66.132.172.187:24558] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/6m_3urj_ezr8"] [unique_id "agtQS0pZ47WQ0AZ-lDXypAAAABA"]
[Mon May 18 12:45:43.603273 2026] [security2:error] [pid 72555:tid 72555] [client 66.132.172.187:24548] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicon.ico"] [unique_id "agtQR-bQmdihkwGNxhD5vQAAAAw"]
[Mon May 18 12:45:37.691754 2026] [security2:error] [pid 79063:tid 79063] [client 66.132.172.187:54162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/robots.txt"] [unique_id "agtQQagJJhPTbGDaArhLEwAAAA8"]
[Mon May 18 12:27:45.724661 2026] [security2:error] [pid 78780:tid 78780] [client 185.12.59.118:36032] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agtMEa2MuIVzEqP64fpi5AAAAAE"]
[Mon May 18 12:15:37.388037 2026] [security2:error] [pid 78780:tid 78780] [client 101.33.66.34:38338] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agtJOa2MuIVzEqP64fpi4wAAAAE"], referer: http://whoami.selvans.net
[Mon May 18 11:46:57.614577 2026] [security2:error] [pid 79063:tid 79063] [client 178.62.237.215:36000] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agtCgagJJhPTbGDaArhLDgAAAA8"]
[Mon May 18 11:46:57.129227 2026] [security2:error] [pid 78789:tid 78789] [client 178.62.237.215:35998] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agtCgOX2_WLyBabOKK-nSAAAAAU"]
[Mon May 18 11:43:47.070989 2026] [security2:error] [pid 72555:tid 72555] [client 46.151.178.13:47132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agtBw-bQmdihkwGNxhD5uAAAAAw"], referer: http://97.99.19.201:443/
[Mon May 18 11:43:47.069384 2026] [security2:error] [pid 72555:tid 72555] [client 46.151.178.13:47132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agtBw-bQmdihkwGNxhD5uAAAAAw"], referer: http://97.99.19.201:443/
[Mon May 18 11:43:47.067642 2026] [security2:error] [pid 72555:tid 72555] [client 46.151.178.13:47132] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agtBw-bQmdihkwGNxhD5uAAAAAw"], referer: http://97.99.19.201:443/
[Mon May 18 11:43:47.067155 2026] [security2:error] [pid 72555:tid 72555] [client 46.151.178.13:47132] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agtBw-bQmdihkwGNxhD5uAAAAAw"], referer: http://97.99.19.201:443/
[Mon May 18 11:36:18.480216 2026] [security2:error] [pid 79066:tid 79066] [client 43.134.111.142:50852] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agtAAkpZ47WQ0AZ-lDXynQAAABA"], referer: http://selvans.net
[Mon May 18 10:19:00.102252 2026] [security2:error] [pid 79052:tid 79052] [client 46.151.178.13:54762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agst5M2NvfivVbVz7dfLXgAAAAQ"], referer: http://97.99.19.201:443/
[Mon May 18 10:19:00.100587 2026] [security2:error] [pid 79052:tid 79052] [client 46.151.178.13:54762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agst5M2NvfivVbVz7dfLXgAAAAQ"], referer: http://97.99.19.201:443/
[Mon May 18 10:19:00.099637 2026] [security2:error] [pid 79052:tid 79052] [client 46.151.178.13:54762] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agst5M2NvfivVbVz7dfLXgAAAAQ"], referer: http://97.99.19.201:443/
[Mon May 18 10:19:00.099353 2026] [security2:error] [pid 79052:tid 79052] [client 46.151.178.13:54762] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agst5M2NvfivVbVz7dfLXgAAAAQ"], referer: http://97.99.19.201:443/
[Mon May 18 10:04:18.433673 2026] [security2:error] [pid 78780:tid 78780] [client 101.32.52.164:39114] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/error/HTTP_BAD_REQUEST.html.var"] [unique_id "agsqcq2MuIVzEqP64fpi1QAAAAE"], referer: http://97.99.19.201:443
[Mon May 18 10:02:08.126063 2026] [security2:error] [pid 79052:tid 79052] [client 43.134.93.181:49828] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agsp8M2NvfivVbVz7dfLXQAAAAQ"], referer: http://www.selvans.net
[Mon May 18 10:01:27.446632 2026] [security2:error] [pid 72950:tid 72950] [client 43.157.170.126:58082] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agspx5Mmx0MugFHuhO33PgAAAAk"], referer: http://97.99.19.201:80
[Mon May 18 09:55:41.419072 2026] [security2:error] [pid 72940:tid 72940] [client 45.79.181.94:6242] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agsobb7AaMfyGQQas_H_AAAAAAY"]
[Mon May 18 09:46:16.880044 2026] [security2:error] [pid 72568:tid 72568] [client 188.166.50.238:54596] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agsmONy0qizkbcfiKbhDiwAAAAA"]
[Mon May 18 09:46:16.329239 2026] [security2:error] [pid 79052:tid 79052] [client 188.166.50.238:54582] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agsmOM2NvfivVbVz7dfLXAAAAAQ"]
[Mon May 18 09:44:46.309180 2026] [php:error] [pid 79066:tid 79066] [client 223.181.48.72:3402] script '/xmlrpc.php' not found or unable to stat
[Mon May 18 09:26:56.942647 2026] [security2:error] [pid 72548:tid 72548] [client 123.207.65.62:37212] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agshsF6t-agIo26GdLyNDQAAAAg"], referer: http://selvans.net
[Mon May 18 09:22:50.162210 2026] [security2:error] [pid 78789:tid 78789] [client 43.156.125.227:39016] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agsguuX2_WLyBabOKK-nOgAAAAU"], referer: http://myip.selvans.net
[Mon May 18 09:20:46.303756 2026] [security2:error] [pid 72568:tid 72568] [client 47.251.118.128:56114] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agsgPdy0qizkbcfiKbhDiAAAAAA"]
[Mon May 18 09:20:45.625437 2026] [security2:error] [pid 72555:tid 72555] [client 47.251.118.128:17530] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agsgPebQmdihkwGNxhD5rAAAAAw"]
[Mon May 18 09:12:31.960693 2026] [security2:error] [pid 79066:tid 79066] [client 170.106.72.93:35782] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agseT0pZ47WQ0AZ-lDXykQAAABA"], referer: http://97.99.19.201
[Mon May 18 09:07:52.725941 2026] [security2:error] [pid 79052:tid 79052] [client 46.151.178.13:45182] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agsdOM2NvfivVbVz7dfLWAAAAAQ"], referer: http://97.99.19.201:443/
[Mon May 18 09:07:52.724366 2026] [security2:error] [pid 79052:tid 79052] [client 46.151.178.13:45182] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agsdOM2NvfivVbVz7dfLWAAAAAQ"], referer: http://97.99.19.201:443/
[Mon May 18 09:07:52.722546 2026] [security2:error] [pid 79052:tid 79052] [client 46.151.178.13:45182] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agsdOM2NvfivVbVz7dfLWAAAAAQ"], referer: http://97.99.19.201:443/
[Mon May 18 09:07:52.721975 2026] [security2:error] [pid 79052:tid 79052] [client 46.151.178.13:45182] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agsdOM2NvfivVbVz7dfLWAAAAAQ"], referer: http://97.99.19.201:443/
[Mon May 18 08:56:53.359305 2026] [security2:error] [pid 72548:tid 72548] [client 66.132.186.188:10788] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/voistwoyudiqr92"] [unique_id "agsapV6t-agIo26GdLyNDAAAAAg"]
[Mon May 18 08:56:43.017642 2026] [security2:error] [pid 72940:tid 72940] [client 66.132.186.188:38810] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicon.ico"] [unique_id "agsamr7AaMfyGQQas_H-_AAAAAY"]
[Mon May 18 08:56:37.182186 2026] [security2:error] [pid 79063:tid 79063] [client 66.132.186.188:38800] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/sitemap.xml"] [unique_id "agsalagJJhPTbGDaArhK_wAAAA8"]
[Mon May 18 08:16:45.690591 2026] [security2:error] [pid 79063:tid 79063] [client 38.148.201.201:54194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=15,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agsRPagJJhPTbGDaArhK_AAAAA8"]
[Mon May 18 08:16:45.689534 2026] [security2:error] [pid 79063:tid 79063] [client 38.148.201.201:54194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/"] [unique_id "agsRPagJJhPTbGDaArhK_AAAAA8"]
[Mon May 18 08:16:45.688061 2026] [security2:error] [pid 79063:tid 79063] [client 38.148.201.201:54194] ModSecurity: Warning. Pattern match "(?:(?:\\\\(|\\\\[)[a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]+(?:\\\\)|\\\\])[0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]*\\\\([a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s].*\\\\)|\\\\([\\\\s]*string[\\\\s]*\\\\)[\\\\s]*(?:\\"|'))" at ARGS:tag. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "503"] [id "933210"] [msg "PHP Injection Attack: Variable Function Call Found"] [data "Matched Data: ((get ( t)) (get ( t1),get ( t2)(get ( t3)))) found within ARGS:tag: {pbohome/Indexot:if((get ( t)) (get ( t1),get ( t2)(get ( t3))))}ok{/pbohome/Indexot:if}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "selvans.net"] [uri "/"] [unique_id "agsRPagJJhPTbGDaArhK_AAAAA8"]
[Mon May 18 08:16:45.687883 2026] [security2:error] [pid 79063:tid 79063] [client 38.148.201.201:54194] ModSecurity: Warning. Matched phrase "file_get_contents" at ARGS:t2. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "295"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: file_get_contents found within ARGS:t2: file_get_contents"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "selvans.net"] [uri "/"] [unique_id "agsRPagJJhPTbGDaArhK_AAAAA8"]
[Mon May 18 08:16:45.687820 2026] [security2:error] [pid 79063:tid 79063] [client 38.148.201.201:54194] ModSecurity: Warning. Matched phrase "file_put_contents" at ARGS:t. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "295"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: file_put_contents found within ARGS:t: file_put_contents"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "selvans.net"] [uri "/"] [unique_id "agsRPagJJhPTbGDaArhK_AAAAA8"]
[Mon May 18 07:57:16.154174 2026] [security2:error] [pid 79066:tid 79066] [client 20.15.225.72:55852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agsMrEpZ47WQ0AZ-lDXyjQAAABA"], referer: http://97.99.19.201:443/
[Mon May 18 07:57:16.150527 2026] [security2:error] [pid 79066:tid 79066] [client 20.15.225.72:55852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/error/HTTP_BAD_REQUEST.html.var"] [unique_id "agsMrEpZ47WQ0AZ-lDXyjQAAABA"], referer: http://97.99.19.201:443/
[Mon May 18 07:57:16.147380 2026] [security2:error] [pid 79066:tid 79066] [client 20.15.225.72:55852] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "selvans.net"] [uri "/error/HTTP_BAD_REQUEST.html.var"] [unique_id "agsMrEpZ47WQ0AZ-lDXyjQAAABA"], referer: http://97.99.19.201:443/
[Mon May 18 07:31:16.290838 2026] [security2:error] [pid 72555:tid 72555] [client 49.51.243.156:47066] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agsGlObQmdihkwGNxhD5owAAAAw"], referer: http://whoami.selvans.net
[Mon May 18 07:16:35.692011 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/clas11.php' not found or unable to stat
[Mon May 18 07:16:35.531909 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/cA3bHIkVhgP.php' not found or unable to stat
[Mon May 18 07:16:35.384165 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/xamp.php' not found or unable to stat
[Mon May 18 07:16:35.244814 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/dr.php' not found or unable to stat
[Mon May 18 07:16:34.813135 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/nx.php' not found or unable to stat
[Mon May 18 07:16:34.677632 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/oiqcXuO.php' not found or unable to stat
[Mon May 18 07:16:34.517881 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/login8.php' not found or unable to stat
[Mon May 18 07:16:34.261551 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/ccou.php' not found or unable to stat
[Mon May 18 07:16:34.120007 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/aa2.php' not found or unable to stat
[Mon May 18 07:16:33.918770 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/ahax.php' not found or unable to stat
[Mon May 18 07:16:33.752093 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/class-wp.php' not found or unable to stat
[Mon May 18 07:16:33.567047 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/cfile.php' not found or unable to stat
[Mon May 18 07:16:33.317765 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/file.php' not found or unable to stat
[Mon May 18 07:16:32.978825 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/4PJcpMFsD8B.php' not found or unable to stat
[Mon May 18 07:16:32.736090 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/fs.php' not found or unable to stat
[Mon May 18 07:16:32.573732 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/file5.php' not found or unable to stat
[Mon May 18 07:16:32.285445 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/sf.php' not found or unable to stat
[Mon May 18 07:16:32.150888 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/ms-amdin.php' not found or unable to stat
[Mon May 18 07:16:31.982376 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/pol.php' not found or unable to stat
[Mon May 18 07:16:31.827183 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/als.php' not found or unable to stat
[Mon May 18 07:16:31.691794 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/00.php' not found or unable to stat
[Mon May 18 07:16:31.246007 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/chosen.php' not found or unable to stat
[Mon May 18 07:16:30.790164 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/hypo.php' not found or unable to stat
[Mon May 18 07:16:30.650109 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/xxx.php' not found or unable to stat
[Mon May 18 07:16:30.516874 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/buy.php' not found or unable to stat
[Mon May 18 07:16:30.373383 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/simple.php' not found or unable to stat
[Mon May 18 07:16:29.951805 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/gettest.php' not found or unable to stat
[Mon May 18 07:16:29.608337 2026] [access_compat:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] AH01797: client denied by server configuration: /cgi-bin/admin.php
[Mon May 18 07:16:29.456739 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/bal.php' not found or unable to stat
[Mon May 18 07:16:28.658195 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/f35.php' not found or unable to stat
[Mon May 18 07:16:28.217192 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/a1.php' not found or unable to stat
[Mon May 18 07:16:28.072620 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/abcd.php' not found or unable to stat
[Mon May 18 07:16:27.911944 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/av.php' not found or unable to stat
[Mon May 18 07:16:27.380888 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/wp.php' not found or unable to stat
[Mon May 18 07:16:26.933113 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/BDKR28WP.php' not found or unable to stat
[Mon May 18 07:16:26.406345 2026] [access_compat:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] AH01797: client denied by server configuration: /cgi-bin/index.php
[Mon May 18 07:16:25.844650 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/222.php' not found or unable to stat
[Mon May 18 07:16:25.518096 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/ms-edit.php' not found or unable to stat
[Mon May 18 07:16:25.371595 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/goods.php' not found or unable to stat
[Mon May 18 07:16:25.191461 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/adminfuns.php' not found or unable to stat
[Mon May 18 07:16:24.632648 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/wp-blog.php' not found or unable to stat
[Mon May 18 07:16:23.993605 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/classwithtostring.php' not found or unable to stat
[Mon May 18 07:16:23.791843 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/wp-act.php' not found or unable to stat
[Mon May 18 07:16:23.335710 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/av.php' not found or unable to stat
[Mon May 18 07:16:23.111324 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/inputs.php' not found or unable to stat
[Mon May 18 07:16:22.952919 2026] [php:error] [pid 72555:tid 72555] [client 20.63.102.97:30861] script '/f6.php' not found or unable to stat
[Mon May 18 07:16:20.345628 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/admin.php' not found or unable to stat
[Mon May 18 07:16:20.212532 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/edit.php' not found or unable to stat
[Mon May 18 07:16:20.065474 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/fvvff.php' not found or unable to stat
[Mon May 18 07:16:19.928194 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/w2025.php' not found or unable to stat
[Mon May 18 07:16:19.707512 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/admin.php' not found or unable to stat
[Mon May 18 07:16:19.575885 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/xa.php' not found or unable to stat
[Mon May 18 07:16:19.420333 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/about.php' not found or unable to stat
[Mon May 18 07:16:19.145675 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/2026w.php' not found or unable to stat
[Mon May 18 07:16:18.920066 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/100.php' not found or unable to stat
[Mon May 18 07:16:18.742258 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/class.php' not found or unable to stat
[Mon May 18 07:16:18.606460 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/1.php' not found or unable to stat
[Mon May 18 07:16:18.460846 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/8.php' not found or unable to stat
[Mon May 18 07:16:18.305827 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/7.php' not found or unable to stat
[Mon May 18 07:16:18.153597 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/seo.php' not found or unable to stat
[Mon May 18 07:16:18.003532 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/bthil.php' not found or unable to stat
[Mon May 18 07:16:17.569979 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/p.php' not found or unable to stat
[Mon May 18 07:16:17.434619 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/11.php' not found or unable to stat
[Mon May 18 07:16:17.255102 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/awa.php' not found or unable to stat
[Mon May 18 07:16:17.118079 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/dx.php' not found or unable to stat
[Mon May 18 07:16:16.969184 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/themes.php' not found or unable to stat
[Mon May 18 07:16:16.814512 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/puc.php' not found or unable to stat
[Mon May 18 07:16:16.505785 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/dx.php' not found or unable to stat
[Mon May 18 07:16:15.936967 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/mode.php' not found or unable to stat
[Mon May 18 07:16:15.595523 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/xmu.php' not found or unable to stat
[Mon May 18 07:16:15.132687 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/wp-temp.php' not found or unable to stat
[Mon May 18 07:16:14.553388 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/sl.php' not found or unable to stat
[Mon May 18 07:16:14.187654 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/one.php' not found or unable to stat
[Mon May 18 07:16:13.333994 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/pucci.php' not found or unable to stat
[Mon May 18 07:16:13.044348 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/zoko.php' not found or unable to stat
[Mon May 18 07:16:12.714379 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/UsbXax.php' not found or unable to stat
[Mon May 18 07:16:12.563891 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/3PJcpMFsD8B.php' not found or unable to stat
[Mon May 18 07:16:12.414597 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/wp-load.php' not found or unable to stat
[Mon May 18 07:16:12.191599 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/geforce.php' not found or unable to stat
[Mon May 18 07:16:12.060982 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/crgio.php' not found or unable to stat
[Mon May 18 07:16:11.896404 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/uwa.php' not found or unable to stat
[Mon May 18 07:16:11.509297 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/uwu.php' not found or unable to stat
[Mon May 18 07:16:10.806258 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/t3s.php' not found or unable to stat
[Mon May 18 07:16:10.472252 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/spawns.php' not found or unable to stat
[Mon May 18 07:16:09.545240 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/bob.php' not found or unable to stat
[Mon May 18 07:16:09.389466 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/wpxml.php' not found or unable to stat
[Mon May 18 07:16:09.121072 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/.well-known/about.php' not found or unable to stat
[Mon May 18 07:16:08.977049 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/kj.php' not found or unable to stat
[Mon May 18 07:16:08.844069 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/like.php' not found or unable to stat
[Mon May 18 07:16:08.696335 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/wp-block.php' not found or unable to stat
[Mon May 18 07:16:08.411594 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/aevly.php' not found or unable to stat
[Mon May 18 07:16:08.249180 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/tires.php' not found or unable to stat
[Mon May 18 07:16:08.115175 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/2P.php' not found or unable to stat
[Mon May 18 07:16:07.972416 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/half.php' not found or unable to stat
[Mon May 18 07:16:07.551203 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/wp-links.php' not found or unable to stat
[Mon May 18 07:16:07.134073 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/wp-signin.php' not found or unable to stat
[Mon May 18 07:16:06.998395 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/unvouc.php' not found or unable to stat
[Mon May 18 07:16:06.690473 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/casp3.php' not found or unable to stat
[Mon May 18 07:16:06.546395 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/wefile.php' not found or unable to stat
[Mon May 18 07:16:06.404542 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/0d.php' not found or unable to stat
[Mon May 18 07:16:06.251334 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/hayuk.php' not found or unable to stat
[Mon May 18 07:16:05.856738 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/mac.php' not found or unable to stat
[Mon May 18 07:16:05.717431 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/koala.php' not found or unable to stat
[Mon May 18 07:16:05.298227 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/zero.php' not found or unable to stat
[Mon May 18 07:16:05.150210 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/mih.php' not found or unable to stat
[Mon May 18 07:16:05.019344 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/test5.php' not found or unable to stat
[Mon May 18 07:16:04.885414 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/25d653587fdfd1.php' not found or unable to stat
[Mon May 18 07:16:04.746358 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/wp-widget.php' not found or unable to stat
[Mon May 18 07:16:04.577212 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/test11.php' not found or unable to stat
[Mon May 18 07:16:04.431790 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/yenifm.php' not found or unable to stat
[Mon May 18 07:16:04.247285 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/alfa403.php' not found or unable to stat
[Mon May 18 07:16:03.977317 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/xenon1337.php' not found or unable to stat
[Mon May 18 07:16:03.806903 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/error_log.php' not found or unable to stat
[Mon May 18 07:16:03.622252 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/Okxob.php' not found or unable to stat
[Mon May 18 07:16:03.344320 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/doko.php' not found or unable to stat
[Mon May 18 07:16:03.192586 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/guiler.php' not found or unable to stat
[Mon May 18 07:16:03.041253 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/c55cdler.php' not found or unable to stat
[Mon May 18 07:16:02.876295 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/pha.php' not found or unable to stat
[Mon May 18 07:16:02.732742 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/genco.php' not found or unable to stat
[Mon May 18 07:16:02.560786 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/alfs.php' not found or unable to stat
[Mon May 18 07:16:02.425150 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/ingfo.php' not found or unable to stat
[Mon May 18 07:16:02.257197 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/samll.php' not found or unable to stat
[Mon May 18 07:16:02.116112 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/at.php' not found or unable to stat
[Mon May 18 07:16:01.947329 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/zxz.php' not found or unable to stat
[Mon May 18 07:16:01.793873 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/6ph78840.php' not found or unable to stat
[Mon May 18 07:16:01.020160 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/ops.php' not found or unable to stat
[Mon May 18 07:16:00.710239 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/md5.php' not found or unable to stat
[Mon May 18 07:16:00.559288 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:52644] script '/x.php' not found or unable to stat
[Mon May 18 07:15:40.419931 2026] [security2:error] [pid 72950:tid 72950] [client 20.65.201.33:52626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agsC7JMmx0MugFHuhO32-wAAAAk"]
[Mon May 18 07:15:40.418739 2026] [security2:error] [pid 72950:tid 72950] [client 20.65.201.33:52626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/developmentserver/metadatauploader"] [unique_id "agsC7JMmx0MugFHuhO32-wAAAAk"]
[Mon May 18 07:15:40.416550 2026] [security2:error] [pid 72950:tid 72950] [client 20.65.201.33:52626] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/developmentserver/metadatauploader"] [unique_id "agsC7JMmx0MugFHuhO32-wAAAAk"]
[Mon May 18 07:15:40.415962 2026] [security2:error] [pid 72950:tid 72950] [client 20.65.201.33:52626] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/developmentserver/metadatauploader"] [unique_id "agsC7JMmx0MugFHuhO32-wAAAAk"]
[Mon May 18 07:14:49.298892 2026] [security2:error] [pid 72549:tid 72549] [client 46.151.178.13:49586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agsCuXKXI8cwkZOG6fFrRAAAAAo"], referer: http://97.99.19.201:443/
[Mon May 18 07:14:49.297549 2026] [security2:error] [pid 72549:tid 72549] [client 46.151.178.13:49586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agsCuXKXI8cwkZOG6fFrRAAAAAo"], referer: http://97.99.19.201:443/
[Mon May 18 07:14:49.295901 2026] [security2:error] [pid 72549:tid 72549] [client 46.151.178.13:49586] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agsCuXKXI8cwkZOG6fFrRAAAAAo"], referer: http://97.99.19.201:443/
[Mon May 18 07:14:49.295419 2026] [security2:error] [pid 72549:tid 72549] [client 46.151.178.13:49586] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agsCuXKXI8cwkZOG6fFrRAAAAAo"], referer: http://97.99.19.201:443/
[Mon May 18 06:52:32.123388 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/clas11.php' not found or unable to stat
[Mon May 18 06:52:31.968974 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/cA3bHIkVhgP.php' not found or unable to stat
[Mon May 18 06:52:31.613685 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/xamp.php' not found or unable to stat
[Mon May 18 06:52:31.455109 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/dr.php' not found or unable to stat
[Mon May 18 06:52:31.291184 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/nx.php' not found or unable to stat
[Mon May 18 06:52:31.155521 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/oiqcXuO.php' not found or unable to stat
[Mon May 18 06:52:31.015408 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/login8.php' not found or unable to stat
[Mon May 18 06:52:30.846582 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/ccou.php' not found or unable to stat
[Mon May 18 06:52:30.711051 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/aa2.php' not found or unable to stat
[Mon May 18 06:52:30.405994 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/ahax.php' not found or unable to stat
[Mon May 18 06:52:30.253133 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/class-wp.php' not found or unable to stat
[Mon May 18 06:52:29.782242 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/cfile.php' not found or unable to stat
[Mon May 18 06:52:29.633092 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/file.php' not found or unable to stat
[Mon May 18 06:52:29.401481 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/4PJcpMFsD8B.php' not found or unable to stat
[Mon May 18 06:52:29.263421 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/fs.php' not found or unable to stat
[Mon May 18 06:52:29.110066 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/file5.php' not found or unable to stat
[Mon May 18 06:52:28.947198 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/sf.php' not found or unable to stat
[Mon May 18 06:52:28.775092 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/ms-amdin.php' not found or unable to stat
[Mon May 18 06:52:28.560708 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/pol.php' not found or unable to stat
[Mon May 18 06:52:28.421056 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/als.php' not found or unable to stat
[Mon May 18 06:52:28.179815 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/00.php' not found or unable to stat
[Mon May 18 06:52:27.854693 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/chosen.php' not found or unable to stat
[Mon May 18 06:52:27.563447 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/hypo.php' not found or unable to stat
[Mon May 18 06:52:27.313986 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/xxx.php' not found or unable to stat
[Mon May 18 06:52:27.162673 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/buy.php' not found or unable to stat
[Mon May 18 06:52:27.020622 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/simple.php' not found or unable to stat
[Mon May 18 06:52:26.553110 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/gettest.php' not found or unable to stat
[Mon May 18 06:52:26.262246 2026] [access_compat:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] AH01797: client denied by server configuration: /cgi-bin/admin.php
[Mon May 18 06:52:26.126824 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/bal.php' not found or unable to stat
[Mon May 18 06:52:25.775920 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/f35.php' not found or unable to stat
[Mon May 18 06:52:25.295027 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/a1.php' not found or unable to stat
[Mon May 18 06:52:25.131682 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/abcd.php' not found or unable to stat
[Mon May 18 06:52:24.979268 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/av.php' not found or unable to stat
[Mon May 18 06:52:24.677566 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/wp.php' not found or unable to stat
[Mon May 18 06:52:24.201981 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/BDKR28WP.php' not found or unable to stat
[Mon May 18 06:52:23.868450 2026] [access_compat:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] AH01797: client denied by server configuration: /cgi-bin/index.php
[Mon May 18 06:52:23.726066 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/222.php' not found or unable to stat
[Mon May 18 06:52:23.563405 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/ms-edit.php' not found or unable to stat
[Mon May 18 06:52:23.375044 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/goods.php' not found or unable to stat
[Mon May 18 06:52:23.042263 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/adminfuns.php' not found or unable to stat
[Mon May 18 06:52:22.589063 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/wp-blog.php' not found or unable to stat
[Mon May 18 06:52:22.267988 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/classwithtostring.php' not found or unable to stat
[Mon May 18 06:52:22.115298 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/wp-act.php' not found or unable to stat
[Mon May 18 06:52:21.822274 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/av.php' not found or unable to stat
[Mon May 18 06:52:21.644939 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/inputs.php' not found or unable to stat
[Mon May 18 06:52:21.500160 2026] [php:error] [pid 72685:tid 72685] [client 20.63.102.97:55940] script '/f6.php' not found or unable to stat
[Mon May 18 06:52:20.254673 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/admin.php' not found or unable to stat
[Mon May 18 06:52:20.063743 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/edit.php' not found or unable to stat
[Mon May 18 06:52:19.882075 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/fvvff.php' not found or unable to stat
[Mon May 18 06:52:19.719372 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/w2025.php' not found or unable to stat
[Mon May 18 06:52:19.554884 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/admin.php' not found or unable to stat
[Mon May 18 06:52:19.417826 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/xa.php' not found or unable to stat
[Mon May 18 06:52:19.161516 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/about.php' not found or unable to stat
[Mon May 18 06:52:19.002355 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/2026w.php' not found or unable to stat
[Mon May 18 06:52:18.755899 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/100.php' not found or unable to stat
[Mon May 18 06:52:18.483933 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/class.php' not found or unable to stat
[Mon May 18 06:52:18.313764 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/1.php' not found or unable to stat
[Mon May 18 06:52:18.165775 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/8.php' not found or unable to stat
[Mon May 18 06:52:17.999205 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/7.php' not found or unable to stat
[Mon May 18 06:52:17.773710 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/seo.php' not found or unable to stat
[Mon May 18 06:52:17.557745 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/bthil.php' not found or unable to stat
[Mon May 18 06:52:17.265335 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/p.php' not found or unable to stat
[Mon May 18 06:52:17.104674 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/11.php' not found or unable to stat
[Mon May 18 06:52:16.641457 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/awa.php' not found or unable to stat
[Mon May 18 06:52:16.498694 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/dx.php' not found or unable to stat
[Mon May 18 06:52:16.356625 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/themes.php' not found or unable to stat
[Mon May 18 06:52:16.202932 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/puc.php' not found or unable to stat
[Mon May 18 06:52:16.059972 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/dx.php' not found or unable to stat
[Mon May 18 06:52:15.769084 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/mode.php' not found or unable to stat
[Mon May 18 06:52:15.616587 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/xmu.php' not found or unable to stat
[Mon May 18 06:52:15.337719 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/wp-temp.php' not found or unable to stat
[Mon May 18 06:52:15.200333 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/sl.php' not found or unable to stat
[Mon May 18 06:52:14.971378 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/one.php' not found or unable to stat
[Mon May 18 06:52:14.105557 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/pucci.php' not found or unable to stat
[Mon May 18 06:52:13.951876 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/zoko.php' not found or unable to stat
[Mon May 18 06:52:13.667897 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/UsbXax.php' not found or unable to stat
[Mon May 18 06:52:13.454440 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/3PJcpMFsD8B.php' not found or unable to stat
[Mon May 18 06:52:13.311464 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/wp-load.php' not found or unable to stat
[Mon May 18 06:52:13.053836 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/geforce.php' not found or unable to stat
[Mon May 18 06:52:12.844820 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/crgio.php' not found or unable to stat
[Mon May 18 06:52:12.700723 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/uwa.php' not found or unable to stat
[Mon May 18 06:52:12.531894 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/uwu.php' not found or unable to stat
[Mon May 18 06:52:11.556648 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/t3s.php' not found or unable to stat
[Mon May 18 06:52:11.323643 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/spawns.php' not found or unable to stat
[Mon May 18 06:52:11.188509 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/bob.php' not found or unable to stat
[Mon May 18 06:52:11.055295 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/wpxml.php' not found or unable to stat
[Mon May 18 06:52:10.619304 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/.well-known/about.php' not found or unable to stat
[Mon May 18 06:52:10.480131 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/kj.php' not found or unable to stat
[Mon May 18 06:52:10.328782 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/like.php' not found or unable to stat
[Mon May 18 06:52:10.186188 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/wp-block.php' not found or unable to stat
[Mon May 18 06:52:09.756757 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/aevly.php' not found or unable to stat
[Mon May 18 06:52:09.596180 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/tires.php' not found or unable to stat
[Mon May 18 06:52:09.451678 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/2P.php' not found or unable to stat
[Mon May 18 06:52:09.313662 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/half.php' not found or unable to stat
[Mon May 18 06:52:08.889830 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/wp-links.php' not found or unable to stat
[Mon May 18 06:52:08.409513 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/wp-signin.php' not found or unable to stat
[Mon May 18 06:52:08.238226 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/unvouc.php' not found or unable to stat
[Mon May 18 06:52:08.089699 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/casp3.php' not found or unable to stat
[Mon May 18 06:52:07.937208 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/wefile.php' not found or unable to stat
[Mon May 18 06:52:07.724980 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/0d.php' not found or unable to stat
[Mon May 18 06:52:07.585646 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/hayuk.php' not found or unable to stat
[Mon May 18 06:52:07.294069 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/mac.php' not found or unable to stat
[Mon May 18 06:52:07.156725 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/koala.php' not found or unable to stat
[Mon May 18 06:52:06.992580 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/zero.php' not found or unable to stat
[Mon May 18 06:52:06.850324 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/mih.php' not found or unable to stat
[Mon May 18 06:52:06.658491 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/test5.php' not found or unable to stat
[Mon May 18 06:52:06.510610 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/25d653587fdfd1.php' not found or unable to stat
[Mon May 18 06:52:06.371087 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/wp-widget.php' not found or unable to stat
[Mon May 18 06:52:06.218933 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/test11.php' not found or unable to stat
[Mon May 18 06:52:06.078489 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/yenifm.php' not found or unable to stat
[Mon May 18 06:52:05.925735 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/alfa403.php' not found or unable to stat
[Mon May 18 06:52:05.787315 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/xenon1337.php' not found or unable to stat
[Mon May 18 06:52:05.632438 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/error_log.php' not found or unable to stat
[Mon May 18 06:52:05.457469 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/Okxob.php' not found or unable to stat
[Mon May 18 06:52:05.299927 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/doko.php' not found or unable to stat
[Mon May 18 06:52:04.947493 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/guiler.php' not found or unable to stat
[Mon May 18 06:52:04.722553 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/c55cdler.php' not found or unable to stat
[Mon May 18 06:52:04.568630 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/pha.php' not found or unable to stat
[Mon May 18 06:52:04.415624 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/genco.php' not found or unable to stat
[Mon May 18 06:52:04.252689 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/alfs.php' not found or unable to stat
[Mon May 18 06:52:04.078092 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/ingfo.php' not found or unable to stat
[Mon May 18 06:52:03.934299 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/samll.php' not found or unable to stat
[Mon May 18 06:52:03.773264 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/at.php' not found or unable to stat
[Mon May 18 06:52:03.503081 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/zxz.php' not found or unable to stat
[Mon May 18 06:52:03.359632 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/6ph78840.php' not found or unable to stat
[Mon May 18 06:52:03.202351 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/ops.php' not found or unable to stat
[Mon May 18 06:52:03.055962 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/md5.php' not found or unable to stat
[Mon May 18 06:52:02.909422 2026] [php:error] [pid 72940:tid 72940] [client 20.63.102.97:48817] script '/x.php' not found or unable to stat
[Mon May 18 06:49:28.438696 2026] [security2:error] [pid 72547:tid 72547] [client 170.106.35.153:57670] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agr8yLx9oGIw8MOZMLT7RAAAAAI"], referer: http://selvans.net
[Mon May 18 06:15:03.399303 2026] [security2:error] [pid 72568:tid 72568] [client 43.155.188.157:45300] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/error/HTTP_BAD_REQUEST.html.var"] [unique_id "agr0t9y0qizkbcfiKbhCrwAAAAA"], referer: http://97.99.19.201:443
[Mon May 18 06:13:18.082733 2026] [security2:error] [pid 72547:tid 72547] [client 43.154.127.188:37966] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agr0Trx9oGIw8MOZMLT7QwAAAAI"], referer: http://97.99.19.201:80
[Mon May 18 06:00:51.962301 2026] [security2:error] [pid 72547:tid 72547] [client 46.151.178.13:36430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agrxY7x9oGIw8MOZMLT7QgAAAAI"], referer: http://97.99.19.201:443/
[Mon May 18 06:00:51.960607 2026] [security2:error] [pid 72547:tid 72547] [client 46.151.178.13:36430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agrxY7x9oGIw8MOZMLT7QgAAAAI"], referer: http://97.99.19.201:443/
[Mon May 18 06:00:51.959009 2026] [security2:error] [pid 72547:tid 72547] [client 46.151.178.13:36430] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agrxY7x9oGIw8MOZMLT7QgAAAAI"], referer: http://97.99.19.201:443/
[Mon May 18 06:00:51.958552 2026] [security2:error] [pid 72547:tid 72547] [client 46.151.178.13:36430] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agrxY7x9oGIw8MOZMLT7QgAAAAI"], referer: http://97.99.19.201:443/
[Mon May 18 05:47:46.674313 2026] [security2:error] [pid 72555:tid 72555] [client 105.23.241.34:56724] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agruUebQmdihkwGNxhD5KgAAAAw"]
[Mon May 18 05:46:30.929149 2026] [security2:error] [pid 72940:tid 72940] [client 14.226.39.191:59292] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agruBL7AaMfyGQQas_H98wAAAAY"]
[Mon May 18 05:45:11.436013 2026] [core:error] [pid 72548:tid 72548] [client 216.144.224.186:33172] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Mon May 18 05:45:08.407180 2026] [security2:error] [pid 72547:tid 72547] [client 102.165.124.165:41253] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agrttLx9oGIw8MOZMLT7QQAAAAI"]
[Mon May 18 05:44:52.531794 2026] [security2:error] [pid 72958:tid 72958] [client 185.12.59.118:56890] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/Dr0v"] [unique_id "agrtpMaHneLdN_S00tC4SAAAAA4"]
[Mon May 18 05:40:19.074602 2026] [security2:error] [pid 72548:tid 72548] [client 213.209.159.175:28158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agrsk16t-agIo26GdLyMZQAAAAg"]
[Mon May 18 05:40:19.073678 2026] [security2:error] [pid 72548:tid 72548] [client 213.209.159.175:28158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env"] [unique_id "agrsk16t-agIo26GdLyMZQAAAAg"]
[Mon May 18 05:40:19.073341 2026] [security2:error] [pid 72548:tid 72548] [client 213.209.159.175:28158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env"] [unique_id "agrsk16t-agIo26GdLyMZQAAAAg"]
[Mon May 18 05:40:19.072913 2026] [security2:error] [pid 72548:tid 72548] [client 213.209.159.175:28158] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env"] [unique_id "agrsk16t-agIo26GdLyMZQAAAAg"]
[Mon May 18 05:40:19.063377 2026] [security2:error] [pid 72549:tid 72549] [client 213.209.159.175:28142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agrsknKXI8cwkZOG6fFrAQAAAAo"]
[Mon May 18 05:40:19.062001 2026] [security2:error] [pid 72549:tid 72549] [client 213.209.159.175:28142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env"] [unique_id "agrsknKXI8cwkZOG6fFrAQAAAAo"]
[Mon May 18 05:40:19.061202 2026] [security2:error] [pid 72549:tid 72549] [client 213.209.159.175:28142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env"] [unique_id "agrsknKXI8cwkZOG6fFrAQAAAAo"]
[Mon May 18 05:40:19.060096 2026] [security2:error] [pid 72549:tid 72549] [client 213.209.159.175:28142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env"] [unique_id "agrsknKXI8cwkZOG6fFrAQAAAAo"]
[Mon May 18 05:29:35.820826 2026] [security2:error] [pid 72889:tid 72889] [client 172.206.16.158:39104] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agrqD4w7O2nmSDdaqXCqeAAAAAQ"]
[Mon May 18 05:20:37.321037 2026] [security2:error] [pid 72940:tid 72940] [client 43.157.170.13:50606] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agrn9b7AaMfyGQQas_H98gAAAAY"], referer: http://97.99.19.201
[Mon May 18 05:15:00.130212 2026] [security2:error] [pid 72950:tid 72950] [client 135.136.148.148:61672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agrmpJMmx0MugFHuhO329AAAAAk"]
[Mon May 18 05:15:00.129421 2026] [security2:error] [pid 72950:tid 72950] [client 135.136.148.148:61672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/"] [unique_id "agrmpJMmx0MugFHuhO329AAAAAk"]
[Mon May 18 05:15:00.128912 2026] [security2:error] [pid 72950:tid 72950] [client 135.136.148.148:61672] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "selvans.net"] [uri "/"] [unique_id "agrmpJMmx0MugFHuhO329AAAAAk"]
[Mon May 18 05:10:42.718108 2026] [security2:error] [pid 72555:tid 72555] [client 162.62.231.139:60428] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agrloubQmdihkwGNxhD5KAAAAAw"], referer: http://www.selvans.net
[Mon May 18 05:10:05.740233 2026] [core:error] [pid 72685:tid 72685] [client 121.41.207.230:59604] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Mon May 18 04:34:16.033146 2026] [security2:error] [pid 72950:tid 72950] [client 43.133.139.6:35300] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agrdGJMmx0MugFHuhO328gAAAAk"], referer: http://myip.selvans.net
[Mon May 18 04:21:28.013398 2026] [security2:error] [pid 72555:tid 72555] [client 46.151.178.13:48740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agraF-bQmdihkwGNxhD5JgAAAAw"], referer: http://97.99.19.201:443/
[Mon May 18 04:21:28.011931 2026] [security2:error] [pid 72555:tid 72555] [client 46.151.178.13:48740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agraF-bQmdihkwGNxhD5JgAAAAw"], referer: http://97.99.19.201:443/
[Mon May 18 04:21:28.010024 2026] [security2:error] [pid 72555:tid 72555] [client 46.151.178.13:48740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agraF-bQmdihkwGNxhD5JgAAAAw"], referer: http://97.99.19.201:443/
[Mon May 18 04:21:28.009478 2026] [security2:error] [pid 72555:tid 72555] [client 46.151.178.13:48740] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agraF-bQmdihkwGNxhD5JgAAAAw"], referer: http://97.99.19.201:443/
[Mon May 18 03:49:45.885010 2026] [security2:error] [pid 72555:tid 72555] [client 34.65.217.148:40944] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agrSqebQmdihkwGNxhD5JAAAAAw"]
[Mon May 18 03:47:14.280166 2026] [security2:error] [pid 72568:tid 72568] [client 43.166.240.231:46212] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agrSEty0qizkbcfiKbhCqAAAAAA"], referer: http://arul.selvans.net
[Mon May 18 03:15:18.303195 2026] [security2:error] [pid 72549:tid 72549] [client 45.205.1.80:45380] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agrKlnKXI8cwkZOG6fFq-wAAAAo"], referer: http://97.99.19.201:443/
[Mon May 18 03:15:18.300440 2026] [security2:error] [pid 72549:tid 72549] [client 45.205.1.80:45380] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agrKlnKXI8cwkZOG6fFq-wAAAAo"], referer: http://97.99.19.201:443/
[Mon May 18 03:15:18.299249 2026] [security2:error] [pid 72549:tid 72549] [client 45.205.1.80:45380] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agrKlnKXI8cwkZOG6fFq-wAAAAo"], referer: http://97.99.19.201:443/
[Mon May 18 03:15:18.298853 2026] [security2:error] [pid 72549:tid 72549] [client 45.205.1.80:45380] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agrKlnKXI8cwkZOG6fFq-wAAAAo"], referer: http://97.99.19.201:443/
[Mon May 18 03:15:17.801343 2026] [security2:error] [pid 72568:tid 72568] [client 45.205.1.80:45374] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agrKldy0qizkbcfiKbhCpwAAAAA"]
[Mon May 18 02:57:21.136378 2026] [security2:error] [pid 72568:tid 72568] [client 46.151.178.13:55848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agrGYdy0qizkbcfiKbhCpAAAAAA"], referer: http://97.99.19.201:443/
[Mon May 18 02:57:21.134859 2026] [security2:error] [pid 72568:tid 72568] [client 46.151.178.13:55848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agrGYdy0qizkbcfiKbhCpAAAAAA"], referer: http://97.99.19.201:443/
[Mon May 18 02:57:21.133192 2026] [security2:error] [pid 72568:tid 72568] [client 46.151.178.13:55848] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agrGYdy0qizkbcfiKbhCpAAAAAA"], referer: http://97.99.19.201:443/
[Mon May 18 02:57:21.132716 2026] [security2:error] [pid 72568:tid 72568] [client 46.151.178.13:55848] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agrGYdy0qizkbcfiKbhCpAAAAAA"], referer: http://97.99.19.201:443/
[Mon May 18 02:56:42.893881 2026] [security2:error] [pid 72950:tid 72950] [client 65.49.1.38:62302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agrGOpMmx0MugFHuhO327AAAAAk"]
[Mon May 18 02:56:42.891335 2026] [security2:error] [pid 72950:tid 72950] [client 65.49.1.38:62302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.git/config"] [unique_id "agrGOpMmx0MugFHuhO327AAAAAk"]
[Mon May 18 02:56:42.890444 2026] [security2:error] [pid 72950:tid 72950] [client 65.49.1.38:62302] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.git/config"] [unique_id "agrGOpMmx0MugFHuhO327AAAAAk"]
[Mon May 18 02:56:42.889093 2026] [security2:error] [pid 72950:tid 72950] [client 65.49.1.38:62302] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.git/config"] [unique_id "agrGOpMmx0MugFHuhO327AAAAAk"]
[Mon May 18 02:56:03.973119 2026] [security2:error] [pid 72555:tid 72555] [client 45.139.122.80:37834] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/SDK/webLanguage"] [unique_id "agrGE-bQmdihkwGNxhD5HwAAAAw"]
[Mon May 18 02:50:30.385652 2026] [security2:error] [pid 72549:tid 72549] [client 65.49.1.38:32458] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/geoserver/web/"] [unique_id "agrExnKXI8cwkZOG6fFq-QAAAAo"]
[Mon May 18 02:35:29.633338 2026] [security2:error] [pid 72685:tid 72685] [client 34.143.155.164:54748] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agrBQVpGwueRxB2F3HFVhwAAAAM"]
[Mon May 18 02:35:05.134226 2026] [security2:error] [pid 72889:tid 72889] [client 65.49.1.46:13949] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicon.ico"] [unique_id "agrBKYw7O2nmSDdaqXCqQAAAAAQ"]
[Mon May 18 02:34:24.914961 2026] [security2:error] [pid 72685:tid 72685] [client 43.131.45.213:58274] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agrBAFpGwueRxB2F3HFVhgAAAAM"], referer: http://whoami.selvans.net
[Mon May 18 02:33:31.309047 2026] [security2:error] [pid 72547:tid 72547] [client 87.236.176.87:38985] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicons/favicon-32x32.png"] [unique_id "agrAy7x9oGIw8MOZMLT69wAAAAI"]
[Mon May 18 02:33:31.309047 2026] [security2:error] [pid 72958:tid 72958] [client 195.96.139.245:52279] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicons/favicon-16x16.png"] [unique_id "agrAy8aHneLdN_S00tC4GwAAAA4"]
[Mon May 18 02:33:31.309047 2026] [security2:error] [pid 72889:tid 72889] [client 87.236.176.143:37479] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicons/apple-touch-icon.png"] [unique_id "agrAy4w7O2nmSDdaqXCqPwAAAAQ"]
[Mon May 18 02:33:31.167213 2026] [security2:error] [pid 72685:tid 72685] [client 185.247.137.124:46323] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicons/favicon.ico"] [unique_id "agrAy1pGwueRxB2F3HFVhQAAAAM"]
[Mon May 18 02:33:29.733556 2026] [security2:error] [pid 72950:tid 72950] [client 185.247.137.185:33945] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agrAyZMmx0MugFHuhO325wAAAAk"]
[Mon May 18 02:31:09.742178 2026] [security2:error] [pid 72548:tid 72548] [client 65.49.1.38:35657] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agrAPV6t-agIo26GdLyMWAAAAAg"]
[Mon May 18 02:25:39.385039 2026] [security2:error] [pid 72685:tid 72685] [client 118.70.67.72:41028] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agq-81pGwueRxB2F3HFVhAAAAAM"]
[Mon May 18 02:23:26.126069 2026] [security2:error] [pid 72548:tid 72548] [client 65.49.1.38:5994] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agq-bl6t-agIo26GdLyMVwAAAAg"]
[Mon May 18 02:15:54.915242 2026] [security2:error] [pid 72685:tid 72685] [client 170.106.180.246:49888] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/error/HTTP_BAD_REQUEST.html.var"] [unique_id "agq8qlpGwueRxB2F3HFVggAAAAM"], referer: http://97.99.19.201:443
[Mon May 18 02:14:10.598164 2026] [security2:error] [pid 72547:tid 72547] [client 43.156.125.227:39550] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agq8Qrx9oGIw8MOZMLT69AAAAAI"], referer: http://97.99.19.201:80
[Mon May 18 02:00:20.602466 2026] [security2:error] [pid 72950:tid 72950] [client 170.106.160.90:48426] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agq5BJMmx0MugFHuhO324wAAAAk"], referer: http://selvans.net
[Mon May 18 01:32:46.231159 2026] [security2:error] [pid 72568:tid 72568] [client 46.151.178.13:56874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "agqyjty0qizkbcfiKbhCnAAAAAA"], referer: http://97.99.19.201:443/
[Mon May 18 01:32:46.230244 2026] [security2:error] [pid 72568:tid 72568] [client 46.151.178.13:56874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agqyjty0qizkbcfiKbhCnAAAAAA"], referer: http://97.99.19.201:443/
[Mon May 18 01:32:46.228738 2026] [security2:error] [pid 72568:tid 72568] [client 46.151.178.13:56874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agqyjty0qizkbcfiKbhCnAAAAAA"], referer: http://97.99.19.201:443/
[Mon May 18 01:32:46.228211 2026] [security2:error] [pid 72568:tid 72568] [client 46.151.178.13:56874] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "agqyjty0qizkbcfiKbhCnAAAAAA"], referer: http://97.99.19.201:443/
[Mon May 18 01:23:34.021762 2026] [security2:error] [pid 72549:tid 72549] [client 43.166.253.94:37170] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "agqwZXKXI8cwkZOG6fFq9AAAAAo"], referer: http://97.99.19.201
[Mon May 18 00:56:02.163571 2026] [security2:error] [pid 72549:tid 72549] [client 31.70.69.187:61924] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/webclient/"] [unique_id "agqp8XKXI8cwkZOG6fFq8gAAAAo"]
Copyright © 1999-
selvans.net ,
selvansoft.com. All Rights Reserved.
Last modified: