selvans.net apache error report

selvans.net webserver error log

File: /var/log/apache2/error.log

Report run time: Sat Apr 4 10:17:01 CDT 2026

[Sat Apr 04 10:15:41.867091 2026] [security2:error] [pid 2273:tid 2273] [client 52.186.171.52:47084] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adErHQ-lYuEtxmG9VaF6igAAAAE"], referer: http://97.99.19.201:443/
[Sat Apr 04 10:15:41.865697 2026] [security2:error] [pid 2273:tid 2273] [client 52.186.171.52:47084] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/error/HTTP_BAD_REQUEST.html.var"] [unique_id "adErHQ-lYuEtxmG9VaF6igAAAAE"], referer: http://97.99.19.201:443/
[Sat Apr 04 10:15:41.862936 2026] [security2:error] [pid 2273:tid 2273] [client 52.186.171.52:47084] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "selvans.net"] [uri "/error/HTTP_BAD_REQUEST.html.var"] [unique_id "adErHQ-lYuEtxmG9VaF6igAAAAE"], referer: http://97.99.19.201:443/
[Sat Apr 04 09:59:46.462928 2026] [core:error] [pid 2276:tid 2276] [client 47.253.5.130:60900] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Sat Apr 04 09:55:06.869117 2026] [security2:error] [pid 3583:tid 3583] [client 150.109.46.88:51664] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "adEmShJA6Y0ilfSDCpkx4gAAAAw"], referer: http://arul.selvans.net
[Sat Apr 04 09:47:49.385252 2026] [security2:error] [pid 2273:tid 2273] [client 66.132.195.68:44684] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/0ttef0y7xfexjmtxzs"] [unique_id "adEklQ-lYuEtxmG9VaF6iQAAAAE"]
[Sat Apr 04 09:47:42.772828 2026] [security2:error] [pid 4339:tid 4339] [client 66.132.195.68:21062] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicon.ico"] [unique_id "adEkjn3LKEWQqJQHSK-UZgAAAAo"]
[Sat Apr 04 09:47:34.398579 2026] [security2:error] [pid 2781:tid 2781] [client 66.132.195.68:21054] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.well-known/security.txt"] [unique_id "adEkhubZYpzHJ4SKZFJQggAAAAs"]
[Sat Apr 04 09:45:56.678113 2026] [security2:error] [pid 2276:tid 2276] [client 66.132.195.62:18330] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/is6_u0cq13i"] [unique_id "adEkJCJY8Osbs25CihQ5eAAAAAQ"]
[Sat Apr 04 09:45:51.217540 2026] [security2:error] [pid 2274:tid 2274] [client 66.132.195.62:18298] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicon.ico"] [unique_id "adEkH7Lz5dWcI1I9dYelNAAAAAI"]
[Sat Apr 04 09:45:49.459922 2026] [security2:error] [pid 2777:tid 2777] [client 66.132.195.62:18294] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/robots.txt"] [unique_id "adEkHbt4JX8PaWrNUX0m-wAAAAk"]
[Sat Apr 04 09:45:04.016203 2026] [security2:error] [pid 2275:tid 2275] [client 135.222.40.117:56424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEj754sX56IKAC1McDe0wAAAAM"]
[Sat Apr 04 09:45:04.015050 2026] [security2:error] [pid 2275:tid 2275] [client 135.222.40.117:56424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/developmentserver/metadatauploader"] [unique_id "adEj754sX56IKAC1McDe0wAAAAM"]
[Sat Apr 04 09:45:04.013007 2026] [security2:error] [pid 2275:tid 2275] [client 135.222.40.117:56424] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/developmentserver/metadatauploader"] [unique_id "adEj754sX56IKAC1McDe0wAAAAM"]
[Sat Apr 04 09:45:04.012419 2026] [security2:error] [pid 2275:tid 2275] [client 135.222.40.117:56424] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/developmentserver/metadatauploader"] [unique_id "adEj754sX56IKAC1McDe0wAAAAM"]
[Sat Apr 04 09:13:30.836998 2026] [security2:error] [pid 2276:tid 2276] [client 5.61.209.107:3016] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/SDK/webLanguage"] [unique_id "adEciiJY8Osbs25CihQ5cQAAAAQ"]
[Sat Apr 04 09:04:33.576496 2026] [security2:error] [pid 2777:tid 2777] [client 104.37.191.205:37878] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEacbt4JX8PaWrNUX0m-AAAAAk"]
[Sat Apr 04 09:04:33.575540 2026] [security2:error] [pid 2777:tid 2777] [client 104.37.191.205:37878] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.git/config"] [unique_id "adEacbt4JX8PaWrNUX0m-AAAAAk"]
[Sat Apr 04 09:04:33.573654 2026] [security2:error] [pid 2777:tid 2777] [client 104.37.191.205:37878] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.git/config"] [unique_id "adEacbt4JX8PaWrNUX0m-AAAAAk"]
[Sat Apr 04 09:04:29.928199 2026] [security2:error] [pid 2275:tid 2275] [client 104.37.191.205:37874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEabZ4sX56IKAC1McDezwAAAAM"]
[Sat Apr 04 09:04:29.927044 2026] [security2:error] [pid 2275:tid 2275] [client 104.37.191.205:37874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.git/config"] [unique_id "adEabZ4sX56IKAC1McDezwAAAAM"]
[Sat Apr 04 09:04:29.925472 2026] [security2:error] [pid 2275:tid 2275] [client 104.37.191.205:37874] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.git/config"] [unique_id "adEabZ4sX56IKAC1McDezwAAAAM"]
[Sat Apr 04 09:04:28.260944 2026] [security2:error] [pid 3583:tid 3583] [client 104.37.191.205:37872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEabBJA6Y0ilfSDCpkx3QAAAAw"], referer: https://selvans.net/home
[Sat Apr 04 09:04:28.259731 2026] [security2:error] [pid 3583:tid 3583] [client 104.37.191.205:37872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.git/config"] [unique_id "adEabBJA6Y0ilfSDCpkx3QAAAAw"], referer: https://selvans.net/home
[Sat Apr 04 09:04:28.258339 2026] [security2:error] [pid 3583:tid 3583] [client 104.37.191.205:37872] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.git/config"] [unique_id "adEabBJA6Y0ilfSDCpkx3QAAAAw"], referer: https://selvans.net/home
[Sat Apr 04 08:54:51.636725 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/wp-cron.php' not found or unable to stat
[Sat Apr 04 08:54:50.103848 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/moon.php' not found or unable to stat
[Sat Apr 04 08:54:49.848332 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/file2.php' not found or unable to stat
[Sat Apr 04 08:54:49.591598 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/cong.php' not found or unable to stat
[Sat Apr 04 08:54:49.342292 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/classwithtostring.php' not found or unable to stat
[Sat Apr 04 08:54:49.087844 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/autoload_classmap.php' not found or unable to stat
[Sat Apr 04 08:54:48.825228 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/asasx.php' not found or unable to stat
[Sat Apr 04 08:54:48.567032 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/alfa.php' not found or unable to stat
[Sat Apr 04 08:54:48.310914 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/adminfuns.php' not found or unable to stat
[Sat Apr 04 08:54:48.057261 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/about.php' not found or unable to stat
[Sat Apr 04 08:54:47.794871 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/xmrlpc.php' not found or unable to stat
[Sat Apr 04 08:54:47.026349 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/wp-good.php' not found or unable to stat
[Sat Apr 04 08:54:45.974666 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/xleet.php' not found or unable to stat
[Sat Apr 04 08:54:45.717052 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/nc4.php' not found or unable to stat
[Sat Apr 04 08:54:45.462825 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/ioxi-o.php' not found or unable to stat
[Sat Apr 04 08:54:45.203215 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/info.php' not found or unable to stat
[Sat Apr 04 08:54:44.949461 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/images/index.php' not found or unable to stat
[Sat Apr 04 08:54:44.676100 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/flower.php' not found or unable to stat
[Sat Apr 04 08:54:44.415420 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/file.php' not found or unable to stat
[Sat Apr 04 08:54:44.154187 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/edit.php' not found or unable to stat
[Sat Apr 04 08:54:43.895522 2026] [access_compat:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] AH01797: client denied by server configuration: /cgi-bin/
[Sat Apr 04 08:54:43.640691 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/buy.php' not found or unable to stat
[Sat Apr 04 08:54:43.380967 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/admin.php' not found or unable to stat
[Sat Apr 04 08:54:43.121883 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/abcd.php' not found or unable to stat
[Sat Apr 04 08:54:42.859306 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/php.php' not found or unable to stat
[Sat Apr 04 08:54:42.599214 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/bless.php' not found or unable to stat
[Sat Apr 04 08:54:42.340654 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/php8.php' not found or unable to stat
[Sat Apr 04 08:54:42.080343 2026] [php:error] [pid 2781:tid 2781] [client 20.198.83.136:12805] script '/aa.php' not found or unable to stat
[Sat Apr 04 08:34:07.202270 2026] [security2:error] [pid 2781:tid 2781] [client 43.130.47.33:59136] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "adETT-bZYpzHJ4SKZFJQTwAAAAs"], referer: http://whoami.selvans.net
[Sat Apr 04 08:33:34.400742 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/file2.php' not found or unable to stat
[Sat Apr 04 08:33:34.214609 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/file.php' not found or unable to stat
[Sat Apr 04 08:33:34.025231 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/fff.php' not found or unable to stat
[Sat Apr 04 08:33:33.840192 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/eetu.php' not found or unable to stat
[Sat Apr 04 08:33:33.655727 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/edit.php' not found or unable to stat
[Sat Apr 04 08:33:33.460442 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/ds.php' not found or unable to stat
[Sat Apr 04 08:33:33.277879 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/default.php' not found or unable to stat
[Sat Apr 04 08:33:33.096673 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/css/index.php' not found or unable to stat
[Sat Apr 04 08:33:32.889626 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/classwithtostring.php' not found or unable to stat
[Sat Apr 04 08:33:32.676898 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/class-t.api.php' not found or unable to stat
[Sat Apr 04 08:33:32.490661 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/chosen.php' not found or unable to stat
[Sat Apr 04 08:33:32.305426 2026] [access_compat:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] AH01797: client denied by server configuration: /cgi-bin/xmrlpc.php
[Sat Apr 04 08:33:32.125338 2026] [access_compat:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] AH01797: client denied by server configuration: /cgi-bin/
[Sat Apr 04 08:33:31.946884 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/buy.php' not found or unable to stat
[Sat Apr 04 08:33:31.760491 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/bolt.php' not found or unable to stat
[Sat Apr 04 08:33:31.574667 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/bless.php' not found or unable to stat
[Sat Apr 04 08:33:31.392944 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/axx.php' not found or unable to stat
[Sat Apr 04 08:33:31.203694 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/ava.php' not found or unable to stat
[Sat Apr 04 08:33:31.019079 2026] [autoindex:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] AH01276: Cannot serve directory /.well-known/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm,index.shtml) found, and server-generated directory index forbidden by Options directive
[Sat Apr 04 08:33:30.458676 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/asasx.php' not found or unable to stat
[Sat Apr 04 08:33:30.277028 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/alfa.php' not found or unable to stat
[Sat Apr 04 08:33:30.089169 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/akcc.php' not found or unable to stat
[Sat Apr 04 08:33:29.907209 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/ahax.php' not found or unable to stat
[Sat Apr 04 08:33:29.720349 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/adminfuns.php' not found or unable to stat
[Sat Apr 04 08:33:29.326588 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/admin.php' not found or unable to stat
[Sat Apr 04 08:33:29.141660 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/about.php' not found or unable to stat
[Sat Apr 04 08:33:28.955282 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/abcd.php' not found or unable to stat
[Sat Apr 04 08:33:28.767691 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/aaa.php' not found or unable to stat
[Sat Apr 04 08:33:28.583687 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/aa.php' not found or unable to stat
[Sat Apr 04 08:33:28.397664 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/NewFile.php' not found or unable to stat
[Sat Apr 04 08:33:28.208304 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/403.php' not found or unable to stat
[Sat Apr 04 08:33:28.020517 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/222.php' not found or unable to stat
[Sat Apr 04 08:33:27.831652 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/13.php' not found or unable to stat
[Sat Apr 04 08:33:27.641900 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/123.php' not found or unable to stat
[Sat Apr 04 08:33:27.453534 2026] [php:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] script '/1.php' not found or unable to stat
[Sat Apr 04 08:33:27.265609 2026] [autoindex:error] [pid 2276:tid 2276] [client 20.200.222.0:14811] AH01276: Cannot serve directory /.well-known/acme-challenge/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm,index.shtml) found, and server-generated directory index forbidden by Options directive
[Sat Apr 04 08:08:27.106947 2026] [security2:error] [pid 2276:tid 2276] [client 43.130.47.33:60280] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/error/HTTP_BAD_REQUEST.html.var"] [unique_id "adENSyJY8Osbs25CihQ5RAAAAAQ"], referer: http://97.99.19.201:443
[Sat Apr 04 08:07:02.711668 2026] [security2:error] [pid 2777:tid 2777] [client 170.106.73.216:33082] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "adEM9rt4JX8PaWrNUX0m8AAAAAk"], referer: http://97.99.19.201:80
[Sat Apr 04 08:00:29.367651 2026] [access_compat:error] [pid 2274:tid 2274] [client 159.89.0.229:1968] AH01797: client denied by server configuration: /cgi-bin/authLogin.cgi, referer: http://97.99.19.201:80/cgi-bin/authLogin.cgi
[Sat Apr 04 07:47:34.682583 2026] [security2:error] [pid 126354:tid 126354] [client 79.124.40.162:54264] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/logon/LogonPoint/tmindex.html"] [unique_id "adEIZsUobn6cEAiZwZit8wAAAAM"]
[Sat Apr 04 07:47:33.557176 2026] [security2:error] [pid 126391:tid 126391] [client 79.124.40.162:54250] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/admin_ui/mas/ent/login.html"] [unique_id "adEIZbVdOvL5Su0d22s5awAAAAU"]
[Sat Apr 04 07:47:31.900497 2026] [security2:error] [pid 126358:tid 126358] [client 79.124.40.162:55738] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/vpn/index.html"] [unique_id "adEIY8oKb908AFvTB26ICAAAAAs"]
[Sat Apr 04 07:47:19.181841 2026] [security2:error] [pid 118259:tid 118259] [client 148.153.56.60:39056] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/jquery-3.3.2.slim.min.js"] [unique_id "adEIV9niPYZeu5gaRtZncwAAAA0"]
[Sat Apr 04 07:47:17.963062 2026] [security2:error] [pid 119039:tid 119039] [client 148.153.56.60:39046] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/aab9"] [unique_id "adEIVUdGZ4UkGtUxX9Zh8wAAAAE"]
[Sat Apr 04 07:47:17.781965 2026] [security2:error] [pid 118262:tid 118262] [client 148.153.56.60:39032] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/jquery-3.3.1.slim.min.js"] [unique_id "adEIVU-JUiFCpkU48exSFAAAAA4"]
[Sat Apr 04 07:47:17.602737 2026] [security2:error] [pid 118256:tid 118256] [client 148.153.56.60:39018] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/aab8"] [unique_id "adEIVUe4KVHtVCYxqLiiSgAAAAg"]
[Sat Apr 04 07:47:17.423737 2026] [security2:error] [pid 126394:tid 126394] [client 148.153.56.60:39014] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/Uub1"] [unique_id "adEIVYdqUVyvr-eYM7TfgwAAAAY"]
[Sat Apr 04 07:47:17.236811 2026] [security2:error] [pid 126367:tid 126367] [client 148.153.56.60:39006] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/Y6di"] [unique_id "adEIVaTZKiIPUXdAgHqKqwAAAAI"]
[Sat Apr 04 07:47:00.232803 2026] [security2:error] [pid 126354:tid 126354] [client 43.157.149.188:59188] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "adEIRMUobn6cEAiZwZit8gAAAAM"], referer: http://selvans.net
[Sat Apr 04 07:46:59.412116 2026] [security2:error] [pid 126605:tid 126605] [client 165.22.101.63:55886] ModSecurity: Access denied with code 403 (phase 2). Pattern match "wp-login.php" at REQUEST_FILENAME. [file "/etc/modsecurity/wordpress.conf"] [line "4"] [id "2000000"] [msg "wordpress bruteforce attempt"] [hostname "www.selvans.net"] [uri "/wp-login.php"] [unique_id "adEIQ7WgOR0Rlgw24coRDgAAAAc"]
[Sat Apr 04 07:46:58.156321 2026] [security2:error] [pid 126605:tid 126605] [client 165.22.101.63:55886] ModSecurity: Access denied with code 403 (phase 2). Pattern match "wp-login.php" at REQUEST_FILENAME. [file "/etc/modsecurity/wordpress.conf"] [line "4"] [id "2000000"] [msg "wordpress bruteforce attempt"] [hostname "www.selvans.net"] [uri "/wp-login.php"] [unique_id "adEIQrWgOR0Rlgw24coRDQAAAAc"]
[Sat Apr 04 07:42:22.200257 2026] [security2:error] [pid 126354:tid 126354] [client 20.198.243.37:33966] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "adEHLsUobn6cEAiZwZit8AAAAAM"]
[Sat Apr 04 07:28:47.986068 2026] [security2:error] [pid 118256:tid 118256] [client 142.93.0.66:45202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adED_0e4KVHtVCYxqLiiPwAAAAg"]
[Sat Apr 04 07:28:47.985237 2026] [security2:error] [pid 118256:tid 118256] [client 142.93.0.66:45202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/trace.axd"] [unique_id "adED_0e4KVHtVCYxqLiiPwAAAAg"]
[Sat Apr 04 07:28:47.983111 2026] [security2:error] [pid 118256:tid 118256] [client 142.93.0.66:45202] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "selvans.net"] [uri "/trace.axd"] [unique_id "adED_0e4KVHtVCYxqLiiPwAAAAg"]
[Sat Apr 04 07:28:30.786564 2026] [php:error] [pid 119144:tid 119144] [client 142.93.0.66:54792] script '/info.php' not found or unable to stat
[Sat Apr 04 07:28:23.689911 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.50:16690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adED574GKKJMq3sYUDwuSQAAAAc"]
[Sat Apr 04 07:28:23.688209 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.50:16690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/application/.env"] [unique_id "adED574GKKJMq3sYUDwuSQAAAAc"]
[Sat Apr 04 07:28:23.687284 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.50:16690] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/application/.env"] [unique_id "adED574GKKJMq3sYUDwuSQAAAAc"]
[Sat Apr 04 07:28:21.480598 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:16704] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adED5SCthhuxFleuDSXbvwAAAAI"]
[Sat Apr 04 07:28:21.478607 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:16704] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/development/.env"] [unique_id "adED5SCthhuxFleuDSXbvwAAAAI"]
[Sat Apr 04 07:28:21.477790 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:16704] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/development/.env"] [unique_id "adED5SCthhuxFleuDSXbvwAAAAI"]
[Sat Apr 04 07:28:20.466049 2026] [security2:error] [pid 126327:tid 126327] [client 185.177.72.50:16720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adED5P0maQkqxCJ3m4SW9wAAAAk"]
[Sat Apr 04 07:28:20.464827 2026] [security2:error] [pid 126327:tid 126327] [client 185.177.72.50:16720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/website/.env"] [unique_id "adED5P0maQkqxCJ3m4SW9wAAAAk"]
[Sat Apr 04 07:28:20.463928 2026] [security2:error] [pid 126327:tid 126327] [client 185.177.72.50:16720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/website/.env"] [unique_id "adED5P0maQkqxCJ3m4SW9wAAAAk"]
[Sat Apr 04 07:28:18.482864 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.50:16620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adED4ke4KVHtVCYxqLiiPAAAAAg"]
[Sat Apr 04 07:28:18.481356 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.50:16620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/new/.env"] [unique_id "adED4ke4KVHtVCYxqLiiPAAAAAg"]
[Sat Apr 04 07:28:18.480430 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.50:16620] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/new/.env"] [unique_id "adED4ke4KVHtVCYxqLiiPAAAAAg"]
[Sat Apr 04 07:28:17.878953 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.50:56528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adED4U-JUiFCpkU48exSCwAAAA4"]
[Sat Apr 04 07:28:17.877675 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.50:56528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/api/shared/.env"] [unique_id "adED4U-JUiFCpkU48exSCwAAAA4"]
[Sat Apr 04 07:28:17.876708 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.50:56528] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/api/shared/.env"] [unique_id "adED4U-JUiFCpkU48exSCwAAAA4"]
[Sat Apr 04 07:28:17.622814 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:56512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adED4RntlX1yH_rDUPAwKQAAAAU"]
[Sat Apr 04 07:28:17.621369 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:56512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/api/v2/.env"] [unique_id "adED4RntlX1yH_rDUPAwKQAAAAU"]
[Sat Apr 04 07:28:17.620479 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:56512] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/api/v2/.env"] [unique_id "adED4RntlX1yH_rDUPAwKQAAAAU"]
[Sat Apr 04 07:28:17.379994 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:16566] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adED4eF9KhWbiOcgFFztHQAAAAQ"]
[Sat Apr 04 07:28:17.378792 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:16566] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/public/.env"] [unique_id "adED4eF9KhWbiOcgFFztHQAAAAQ"]
[Sat Apr 04 07:28:17.377930 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:16566] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/public/.env"] [unique_id "adED4eF9KhWbiOcgFFztHQAAAAQ"]
[Sat Apr 04 07:28:16.397470 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.50:56396] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adED4NniPYZeu5gaRtZnXwAAAA0"]
[Sat Apr 04 07:28:16.395417 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.50:56396] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.uat"] [unique_id "adED4NniPYZeu5gaRtZnXwAAAA0"]
[Sat Apr 04 07:28:16.394573 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.50:56396] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.uat"] [unique_id "adED4NniPYZeu5gaRtZnXwAAAA0"]
[Sat Apr 04 07:28:14.677940 2026] [security2:error] [pid 126330:tid 126330] [client 185.177.72.50:56408] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adED3tIQwskcLZf6QYjB0wAAAAo"]
[Sat Apr 04 07:28:14.676829 2026] [security2:error] [pid 126330:tid 126330] [client 185.177.72.50:56408] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.bak"] [unique_id "adED3tIQwskcLZf6QYjB0wAAAAo"]
[Sat Apr 04 07:28:14.675995 2026] [security2:error] [pid 126330:tid 126330] [client 185.177.72.50:56408] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.bak"] [unique_id "adED3tIQwskcLZf6QYjB0wAAAAo"]
[Sat Apr 04 07:28:14.675040 2026] [security2:error] [pid 126330:tid 126330] [client 185.177.72.50:56408] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "selvans.net"] [uri "/.env.bak"] [unique_id "adED3tIQwskcLZf6QYjB0wAAAAo"]
[Sat Apr 04 07:28:12.645569 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.50:56428] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adED3L4GKKJMq3sYUDwuSAAAAAc"]
[Sat Apr 04 07:28:12.643991 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.50:56428] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.dist"] [unique_id "adED3L4GKKJMq3sYUDwuSAAAAAc"]
[Sat Apr 04 07:28:12.643233 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.50:56428] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.dist"] [unique_id "adED3L4GKKJMq3sYUDwuSAAAAAc"]
[Sat Apr 04 07:28:12.585620 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.50:56412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adED3EdGZ4UkGtUxX9Zh8QAAAAE"]
[Sat Apr 04 07:28:12.584147 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.50:56412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.old"] [unique_id "adED3EdGZ4UkGtUxX9Zh8QAAAAE"]
[Sat Apr 04 07:28:12.583347 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.50:56412] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.old"] [unique_id "adED3EdGZ4UkGtUxX9Zh8QAAAAE"]
[Sat Apr 04 07:28:12.582556 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.50:56412] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "selvans.net"] [uri "/.env.old"] [unique_id "adED3EdGZ4UkGtUxX9Zh8QAAAAE"]
[Sat Apr 04 07:28:11.191232 2026] [security2:error] [pid 126327:tid 126327] [client 185.177.72.50:56316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adED2_0maQkqxCJ3m4SW9gAAAAk"]
[Sat Apr 04 07:28:11.189044 2026] [security2:error] [pid 126327:tid 126327] [client 185.177.72.50:56316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.production"] [unique_id "adED2_0maQkqxCJ3m4SW9gAAAAk"]
[Sat Apr 04 07:28:11.188285 2026] [security2:error] [pid 126327:tid 126327] [client 185.177.72.50:56316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.production"] [unique_id "adED2_0maQkqxCJ3m4SW9gAAAAk"]
[Sat Apr 04 07:27:55.358706 2026] [negotiation:error] [pid 119144:tid 119144] [client 142.93.0.66:54288] AH00690: no acceptable variant: /error/HTTP_NOT_FOUND.html.var
[Sat Apr 04 07:27:51.082008 2026] [authz_core:error] [pid 119150:tid 119150] [client 142.93.0.66:54260] AH01630: client denied by server configuration: /server-status
[Sat Apr 04 07:27:19.605140 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:28054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDpyCthhuxFleuDSXbvQAAAAI"]
[Sat Apr 04 07:27:19.603673 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:28054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/node_modules/.env"] [unique_id "adEDpyCthhuxFleuDSXbvQAAAAI"]
[Sat Apr 04 07:27:19.602763 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:28054] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/node_modules/.env"] [unique_id "adEDpyCthhuxFleuDSXbvQAAAAI"]
[Sat Apr 04 07:27:18.718883 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.50:8008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDpke4KVHtVCYxqLiiOAAAAAg"]
[Sat Apr 04 07:27:18.717148 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.50:8008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/graphql/.env"] [unique_id "adEDpke4KVHtVCYxqLiiOAAAAAg"]
[Sat Apr 04 07:27:18.716362 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.50:8008] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/graphql/.env"] [unique_id "adEDpke4KVHtVCYxqLiiOAAAAAg"]
[Sat Apr 04 07:27:17.847032 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:7942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDpeF9KhWbiOcgFFztGQAAAAQ"]
[Sat Apr 04 07:27:17.845539 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:7942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/development/.env"] [unique_id "adEDpeF9KhWbiOcgFFztGQAAAAQ"]
[Sat Apr 04 07:27:17.844673 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:7942] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/development/.env"] [unique_id "adEDpeF9KhWbiOcgFFztGQAAAAQ"]
[Sat Apr 04 07:27:16.857891 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.50:8000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDpE-JUiFCpkU48exSCAAAAA4"]
[Sat Apr 04 07:27:16.856069 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.50:8000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/rest/.env"] [unique_id "adEDpE-JUiFCpkU48exSCAAAAA4"]
[Sat Apr 04 07:27:16.855121 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.50:8000] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/rest/.env"] [unique_id "adEDpE-JUiFCpkU48exSCAAAAA4"]
[Sat Apr 04 07:27:14.278877 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.50:7924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDotniPYZeu5gaRtZnWwAAAA0"]
[Sat Apr 04 07:27:14.277174 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.50:7924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/local/.env"] [unique_id "adEDotniPYZeu5gaRtZnWwAAAA0"]
[Sat Apr 04 07:27:14.276255 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.50:7924] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/local/.env"] [unique_id "adEDotniPYZeu5gaRtZnWwAAAA0"]
[Sat Apr 04 07:27:13.631742 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.50:7766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDob4GKKJMq3sYUDwuRQAAAAc"]
[Sat Apr 04 07:27:13.629977 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.50:7766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/app/.env"] [unique_id "adEDob4GKKJMq3sYUDwuRQAAAAc"]
[Sat Apr 04 07:27:13.629214 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.50:7766] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/app/.env"] [unique_id "adEDob4GKKJMq3sYUDwuRQAAAAc"]
[Sat Apr 04 07:27:12.262259 2026] [security2:error] [pid 126330:tid 126330] [client 185.177.72.50:7774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDoNIQwskcLZf6QYjB0AAAAAo"]
[Sat Apr 04 07:27:12.260926 2026] [security2:error] [pid 126330:tid 126330] [client 185.177.72.50:7774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/docker/.env"] [unique_id "adEDoNIQwskcLZf6QYjB0AAAAAo"]
[Sat Apr 04 07:27:12.260015 2026] [security2:error] [pid 126330:tid 126330] [client 185.177.72.50:7774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/docker/.env"] [unique_id "adEDoNIQwskcLZf6QYjB0AAAAAo"]
[Sat Apr 04 07:27:11.885581 2026] [security2:error] [pid 126327:tid 126327] [client 185.177.72.50:7730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDn_0maQkqxCJ3m4SW7QAAAAk"]
[Sat Apr 04 07:27:11.884487 2026] [security2:error] [pid 126327:tid 126327] [client 185.177.72.50:7730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/admin/.env"] [unique_id "adEDn_0maQkqxCJ3m4SW7QAAAAk"]
[Sat Apr 04 07:27:11.883824 2026] [security2:error] [pid 126327:tid 126327] [client 185.177.72.50:7730] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/admin/.env"] [unique_id "adEDn_0maQkqxCJ3m4SW7QAAAAk"]
[Sat Apr 04 07:27:10.951849 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.50:7636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDnkbA0kW4ofYjW2SYgAAAAAY"]
[Sat Apr 04 07:27:10.950398 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.50:7636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.template"] [unique_id "adEDnkbA0kW4ofYjW2SYgAAAAAY"]
[Sat Apr 04 07:27:10.949476 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.50:7636] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.template"] [unique_id "adEDnkbA0kW4ofYjW2SYgAAAAAY"]
[Sat Apr 04 07:27:09.570999 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:4446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDnSCthhuxFleuDSXbvAAAAAI"]
[Sat Apr 04 07:27:09.568288 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:4446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/laravel/.env"] [unique_id "adEDnSCthhuxFleuDSXbvAAAAAI"]
[Sat Apr 04 07:27:09.567401 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:4446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/laravel/.env"] [unique_id "adEDnSCthhuxFleuDSXbvAAAAAI"]
[Sat Apr 04 07:27:09.268523 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.50:4584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDnUdGZ4UkGtUxX9Zh7gAAAAE"]
[Sat Apr 04 07:27:09.266510 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.50:4584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env"] [unique_id "adEDnUdGZ4UkGtUxX9Zh7gAAAAE"]
[Sat Apr 04 07:27:09.265712 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.50:4584] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env"] [unique_id "adEDnUdGZ4UkGtUxX9Zh7gAAAAE"]
[Sat Apr 04 07:27:09.127934 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:4464] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDnRntlX1yH_rDUPAwJQAAAAU"]
[Sat Apr 04 07:27:09.125552 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:4464] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/api/.env"] [unique_id "adEDnRntlX1yH_rDUPAwJQAAAAU"]
[Sat Apr 04 07:27:09.124782 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:4464] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/api/.env"] [unique_id "adEDnRntlX1yH_rDUPAwJQAAAAU"]
[Sat Apr 04 07:27:08.842678 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:4464] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDnBntlX1yH_rDUPAwJAAAAAU"]
[Sat Apr 04 07:27:08.841867 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:4464] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.stripe"] [unique_id "adEDnBntlX1yH_rDUPAwJAAAAAU"]
[Sat Apr 04 07:27:08.841595 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:4464] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stripe"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.stripe"] [unique_id "adEDnBntlX1yH_rDUPAwJAAAAAU"]
[Sat Apr 04 07:27:08.641187 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.50:4452] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDnEe4KVHtVCYxqLiiNwAAAAg"]
[Sat Apr 04 07:27:08.640056 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.50:4452] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.json"] [unique_id "adEDnEe4KVHtVCYxqLiiNwAAAAg"]
[Sat Apr 04 07:27:08.639671 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.50:4452] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.json"] [unique_id "adEDnEe4KVHtVCYxqLiiNwAAAAg"]
[Sat Apr 04 07:27:08.630584 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:4430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDnOF9KhWbiOcgFFztGAAAAAQ"]
[Sat Apr 04 07:27:08.629714 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:4430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.txt"] [unique_id "adEDnOF9KhWbiOcgFFztGAAAAAQ"]
[Sat Apr 04 07:27:08.629423 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:4430] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.txt"] [unique_id "adEDnOF9KhWbiOcgFFztGAAAAAQ"]
[Sat Apr 04 07:27:08.541939 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:4446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDnCCthhuxFleuDSXbuwAAAAI"]
[Sat Apr 04 07:27:08.539215 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:4446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.dist"] [unique_id "adEDnCCthhuxFleuDSXbuwAAAAI"]
[Sat Apr 04 07:27:08.538329 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:4446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.dist"] [unique_id "adEDnCCthhuxFleuDSXbuwAAAAI"]
[Sat Apr 04 07:27:08.292807 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.50:4452] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDnEe4KVHtVCYxqLiiNgAAAAg"]
[Sat Apr 04 07:27:08.290405 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.50:4452] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.bak"] [unique_id "adEDnEe4KVHtVCYxqLiiNgAAAAg"]
[Sat Apr 04 07:27:08.289634 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.50:4452] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.bak"] [unique_id "adEDnEe4KVHtVCYxqLiiNgAAAAg"]
[Sat Apr 04 07:27:08.288816 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.50:4452] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "selvans.net"] [uri "/.env.bak"] [unique_id "adEDnEe4KVHtVCYxqLiiNgAAAAg"]
[Sat Apr 04 07:27:08.241615 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:4446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDnCCthhuxFleuDSXbugAAAAI"]
[Sat Apr 04 07:27:08.240793 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:4446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.vite"] [unique_id "adEDnCCthhuxFleuDSXbugAAAAI"]
[Sat Apr 04 07:27:08.240513 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:4446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.vite"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.vite"] [unique_id "adEDnCCthhuxFleuDSXbugAAAAI"]
[Sat Apr 04 07:27:08.226912 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:4430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDnOF9KhWbiOcgFFztFwAAAAQ"]
[Sat Apr 04 07:27:08.224146 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:4430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.uat"] [unique_id "adEDnOF9KhWbiOcgFFztFwAAAAQ"]
[Sat Apr 04 07:27:08.223266 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:4430] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.uat"] [unique_id "adEDnOF9KhWbiOcgFFztFwAAAAQ"]
[Sat Apr 04 07:27:08.115965 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.50:4432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDnNniPYZeu5gaRtZnWgAAAA0"]
[Sat Apr 04 07:27:08.113255 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.50:4432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.test"] [unique_id "adEDnNniPYZeu5gaRtZnWgAAAA0"]
[Sat Apr 04 07:27:08.112330 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.50:4432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.test"] [unique_id "adEDnNniPYZeu5gaRtZnWgAAAA0"]
[Sat Apr 04 07:27:07.581700 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:4464] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDmxntlX1yH_rDUPAwIwAAAAU"]
[Sat Apr 04 07:27:07.579325 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:4464] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.local"] [unique_id "adEDmxntlX1yH_rDUPAwIwAAAAU"]
[Sat Apr 04 07:27:07.578554 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:4464] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.local"] [unique_id "adEDmxntlX1yH_rDUPAwIwAAAAU"]
[Sat Apr 04 07:27:07.315432 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:4464] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDmxntlX1yH_rDUPAwIgAAAAU"]
[Sat Apr 04 07:27:07.314611 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:4464] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.development"] [unique_id "adEDmxntlX1yH_rDUPAwIgAAAAU"]
[Sat Apr 04 07:27:07.314332 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:4464] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.development"] [unique_id "adEDmxntlX1yH_rDUPAwIgAAAAU"]
[Sat Apr 04 07:27:07.079743 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.50:4452] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDm0e4KVHtVCYxqLiiNQAAAAg"]
[Sat Apr 04 07:27:07.077315 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.50:4452] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.dev"] [unique_id "adEDm0e4KVHtVCYxqLiiNQAAAAg"]
[Sat Apr 04 07:27:07.076537 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.50:4452] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.dev"] [unique_id "adEDm0e4KVHtVCYxqLiiNQAAAAg"]
[Sat Apr 04 07:27:07.059930 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:4464] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDmxntlX1yH_rDUPAwIQAAAAU"]
[Sat Apr 04 07:27:07.057485 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:4464] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.stage"] [unique_id "adEDmxntlX1yH_rDUPAwIQAAAAU"]
[Sat Apr 04 07:27:07.056649 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.50:4464] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.stage"] [unique_id "adEDmxntlX1yH_rDUPAwIQAAAAU"]
[Sat Apr 04 07:27:07.011772 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:4430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDm-F9KhWbiOcgFFztFgAAAAQ"]
[Sat Apr 04 07:27:07.009091 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:4430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.staging"] [unique_id "adEDm-F9KhWbiOcgFFztFgAAAAQ"]
[Sat Apr 04 07:27:07.008244 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:4430] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.staging"] [unique_id "adEDm-F9KhWbiOcgFFztFgAAAAQ"]
[Sat Apr 04 07:27:06.937560 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:4446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDmiCthhuxFleuDSXbuQAAAAI"]
[Sat Apr 04 07:27:06.936219 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:4446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.prod"] [unique_id "adEDmiCthhuxFleuDSXbuQAAAAI"]
[Sat Apr 04 07:27:06.935589 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.50:4446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.prod"] [unique_id "adEDmiCthhuxFleuDSXbuQAAAAI"]
[Sat Apr 04 07:27:06.863558 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.50:4432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDmtniPYZeu5gaRtZnWQAAAA0"]
[Sat Apr 04 07:27:06.862704 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.50:4432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.production.local"] [unique_id "adEDmtniPYZeu5gaRtZnWQAAAA0"]
[Sat Apr 04 07:27:06.862399 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.50:4432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.production.local"] [unique_id "adEDmtniPYZeu5gaRtZnWQAAAA0"]
[Sat Apr 04 07:27:06.709127 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:4430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adEDmuF9KhWbiOcgFFztFQAAAAQ"]
[Sat Apr 04 07:27:06.706402 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:4430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/.env.production"] [unique_id "adEDmuF9KhWbiOcgFFztFQAAAAQ"]
[Sat Apr 04 07:27:06.705511 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.50:4430] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "selvans.net"] [uri "/.env.production"] [unique_id "adEDmuF9KhWbiOcgFFztFQAAAAQ"]
[Sat Apr 04 07:00:47.910119 2026] [security2:error] [pid 118262:tid 118262] [client 43.156.202.34:56104] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "adD9b0-JUiFCpkU48exSBAAAAA4"], referer: http://97.99.19.201
[Sat Apr 04 06:35:38.219998 2026] [security2:error] [pid 119147:tid 119147] [client 45.205.1.8:56446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adD3ikbA0kW4ofYjW2SYfQAAAAY"], referer: http://97.99.19.201:443/
[Sat Apr 04 06:35:38.218326 2026] [security2:error] [pid 119147:tid 119147] [client 45.205.1.8:56446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "adD3ikbA0kW4ofYjW2SYfQAAAAY"], referer: http://97.99.19.201:443/
[Sat Apr 04 06:35:38.217066 2026] [security2:error] [pid 119147:tid 119147] [client 45.205.1.8:56446] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "adD3ikbA0kW4ofYjW2SYfQAAAAY"], referer: http://97.99.19.201:443/
[Sat Apr 04 06:35:38.216656 2026] [security2:error] [pid 119147:tid 119147] [client 45.205.1.8:56446] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "44"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "97.99.19.201"] [uri "/"] [unique_id "adD3ikbA0kW4ofYjW2SYfQAAAAY"], referer: http://97.99.19.201:443/
[Sat Apr 04 06:35:37.716720 2026] [security2:error] [pid 118259:tid 118259] [client 45.205.1.8:56428] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "adD3idniPYZeu5gaRtZnVQAAAA0"]
[Sat Apr 04 06:04:57.836964 2026] [security2:error] [pid 118262:tid 118262] [client 5.61.209.107:28882] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/SDK/webLanguage"] [unique_id "adDwWU-JUiFCpkU48exR_gAAAA4"]
[Sat Apr 04 05:49:48.225558 2026] [security2:error] [pid 118259:tid 118259] [client 63.34.170.138:46654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adDszNniPYZeu5gaRtZnUAAAAA0"]
[Sat Apr 04 05:49:48.224233 2026] [security2:error] [pid 118259:tid 118259] [client 63.34.170.138:46654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/"] [unique_id "adDszNniPYZeu5gaRtZnUAAAAA0"]
[Sat Apr 04 05:49:48.222389 2026] [security2:error] [pid 118259:tid 118259] [client 63.34.170.138:46654] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "selvans.net"] [uri "/"] [unique_id "adDszNniPYZeu5gaRtZnUAAAAA0"]
[Sat Apr 04 05:48:03.610991 2026] [security2:error] [pid 119039:tid 119039] [client 185.12.59.117:60682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adDsY0dGZ4UkGtUxX9Zh5wAAAAE"]
[Sat Apr 04 05:48:03.610101 2026] [security2:error] [pid 119039:tid 119039] [client 185.12.59.117:60682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/state"] [unique_id "adDsY0dGZ4UkGtUxX9Zh5wAAAAE"]
[Sat Apr 04 05:48:03.608094 2026] [security2:error] [pid 119039:tid 119039] [client 185.12.59.117:60682] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/state"] [unique_id "adDsY0dGZ4UkGtUxX9Zh5wAAAAE"]
[Sat Apr 04 05:48:03.607487 2026] [security2:error] [pid 119039:tid 119039] [client 185.12.59.117:60682] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/state"] [unique_id "adDsY0dGZ4UkGtUxX9Zh5wAAAAE"]
[Sat Apr 04 05:44:38.459065 2026] [security2:error] [pid 119150:tid 119150] [client 185.12.59.118:42936] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/Dr0v"] [unique_id "adDrlr4GKKJMq3sYUDwuPAAAAAc"]
[Sat Apr 04 05:43:30.336206 2026] [security2:error] [pid 118262:tid 118262] [client 79.124.40.174:34602] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/actuator/gateway/routes"] [unique_id "adDrUk-JUiFCpkU48exR_QAAAA4"]
[Sat Apr 04 05:41:58.432693 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/chosen.php' not found or unable to stat
[Sat Apr 04 05:41:58.297390 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/jp.php' not found or unable to stat
[Sat Apr 04 05:41:58.166146 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/x1da.php' not found or unable to stat
[Sat Apr 04 05:41:58.029393 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/xwx1.php' not found or unable to stat
[Sat Apr 04 05:41:57.898035 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/cabs.php' not found or unable to stat
[Sat Apr 04 05:41:57.765531 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/vee.php' not found or unable to stat
[Sat Apr 04 05:41:57.629469 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/file18.php' not found or unable to stat
[Sat Apr 04 05:41:57.498292 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/class20.php' not found or unable to stat
[Sat Apr 04 05:41:57.366321 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/class19.php' not found or unable to stat
[Sat Apr 04 05:41:57.228396 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/file21.php' not found or unable to stat
[Sat Apr 04 05:41:57.096587 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/ew.php' not found or unable to stat
[Sat Apr 04 05:41:56.966427 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/simple.php' not found or unable to stat
[Sat Apr 04 05:41:56.701151 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/file48.php' not found or unable to stat
[Sat Apr 04 05:41:56.566273 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/acp.php' not found or unable to stat
[Sat Apr 04 05:41:56.429140 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/gettest.php' not found or unable to stat
[Sat Apr 04 05:41:56.298740 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/alfashell.php' not found or unable to stat
[Sat Apr 04 05:41:56.162801 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/axx.php' not found or unable to stat
[Sat Apr 04 05:41:55.874131 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/bengi.php' not found or unable to stat
[Sat Apr 04 05:41:55.417771 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/bs1.php' not found or unable to stat
[Sat Apr 04 05:41:55.251332 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/motu.php' not found or unable to stat
[Sat Apr 04 05:41:55.099243 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/gssdd.php' not found or unable to stat
[Sat Apr 04 05:41:54.950681 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/in.php' not found or unable to stat
[Sat Apr 04 05:41:54.817954 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/bal.php' not found or unable to stat
[Sat Apr 04 05:41:54.681215 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/dev.php' not found or unable to stat
[Sat Apr 04 05:41:54.545518 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/k.php' not found or unable to stat
[Sat Apr 04 05:41:54.408477 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/prv8.php' not found or unable to stat
[Sat Apr 04 05:41:54.004373 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/f35.php' not found or unable to stat
[Sat Apr 04 05:41:53.532323 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/a1.php' not found or unable to stat
[Sat Apr 04 05:41:53.389015 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/fi.php' not found or unable to stat
[Sat Apr 04 05:41:53.163534 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/abcd.php' not found or unable to stat
[Sat Apr 04 05:41:53.030169 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/av.php' not found or unable to stat
[Sat Apr 04 05:41:52.762737 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/kj.php' not found or unable to stat
[Sat Apr 04 05:41:52.622331 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/fe5.php' not found or unable to stat
[Sat Apr 04 05:41:52.355034 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/wp.php' not found or unable to stat
[Sat Apr 04 05:41:52.215660 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/wp-good.php' not found or unable to stat
[Sat Apr 04 05:41:51.949231 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/BDKR28WP.php' not found or unable to stat
[Sat Apr 04 05:41:51.682465 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/wp-the.php' not found or unable to stat
[Sat Apr 04 05:41:51.547965 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/wp-michan.php' not found or unable to stat
[Sat Apr 04 05:41:51.414461 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/makeasmtp.php' not found or unable to stat
[Sat Apr 04 05:41:51.283026 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/alpha.php' not found or unable to stat
[Sat Apr 04 05:41:50.999500 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/fff.php' not found or unable to stat
[Sat Apr 04 05:41:50.861915 2026] [access_compat:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] AH01797: client denied by server configuration: /cgi-bin/index.php
[Sat Apr 04 05:41:50.723093 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/222.php' not found or unable to stat
[Sat Apr 04 05:41:50.583560 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/ms-edit.php' not found or unable to stat
[Sat Apr 04 05:41:50.443374 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/goods.php' not found or unable to stat
[Sat Apr 04 05:41:50.303116 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/adminfuns.php' not found or unable to stat
[Sat Apr 04 05:41:50.162128 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/ms-edit.php' not found or unable to stat
[Sat Apr 04 05:41:49.733792 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/wp-blog.php' not found or unable to stat
[Sat Apr 04 05:41:49.593128 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/sbhu.php' not found or unable to stat
[Sat Apr 04 05:41:49.446910 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/wp-update.php' not found or unable to stat
[Sat Apr 04 05:41:49.305624 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/tinyfilemanager.php' not found or unable to stat
[Sat Apr 04 05:41:49.026516 2026] [php:error] [pid 118255:tid 118255] [client 20.48.232.178:52201] script '/classwithtostring.php' not found or unable to stat
[Sat Apr 04 05:41:46.639073 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/aaa.php' not found or unable to stat
[Sat Apr 04 05:41:46.494116 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/plss3.php' not found or unable to stat
[Sat Apr 04 05:41:46.356547 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/xqq.php' not found or unable to stat
[Sat Apr 04 05:41:46.219076 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/wp-act.php' not found or unable to stat
[Sat Apr 04 05:41:45.939248 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/av.php' not found or unable to stat
[Sat Apr 04 05:41:45.804711 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/aa.php' not found or unable to stat
[Sat Apr 04 05:41:45.664322 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/bgymj.php' not found or unable to stat
[Sat Apr 04 05:41:45.526476 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/inputs.php' not found or unable to stat
[Sat Apr 04 05:41:45.384899 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/f6.php' not found or unable to stat
[Sat Apr 04 05:41:45.246922 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/ol.php' not found or unable to stat
[Sat Apr 04 05:41:45.105752 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/a5.php' not found or unable to stat
[Sat Apr 04 05:41:44.970277 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/66.php' not found or unable to stat
[Sat Apr 04 05:41:44.688657 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/ioxi-o.php' not found or unable to stat
[Sat Apr 04 05:41:44.539367 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/edit.php' not found or unable to stat
[Sat Apr 04 05:41:44.395990 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/txets.php' not found or unable to stat
[Sat Apr 04 05:41:44.260267 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/a2.php' not found or unable to stat
[Sat Apr 04 05:41:44.116611 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/fvvff.php' not found or unable to stat
[Sat Apr 04 05:41:43.976455 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/swallowable.php' not found or unable to stat
[Sat Apr 04 05:41:43.833542 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/w2025.php' not found or unable to stat
[Sat Apr 04 05:41:43.697783 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/no1.php' not found or unable to stat
[Sat Apr 04 05:41:43.555915 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/eee.php' not found or unable to stat
[Sat Apr 04 05:41:43.417861 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/sf.php' not found or unable to stat
[Sat Apr 04 05:41:43.281713 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/uuu.php' not found or unable to stat
[Sat Apr 04 05:41:43.143948 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/file61.php' not found or unable to stat
[Sat Apr 04 05:41:43.008133 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/fe5.php' not found or unable to stat
[Sat Apr 04 05:41:42.870509 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/19.php' not found or unable to stat
[Sat Apr 04 05:41:42.728517 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/inege.php' not found or unable to stat
[Sat Apr 04 05:41:42.585411 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/wp-mter.php' not found or unable to stat
[Sat Apr 04 05:41:42.447878 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/admin.php' not found or unable to stat
[Sat Apr 04 05:41:42.309939 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/100.php' not found or unable to stat
[Sat Apr 04 05:41:42.173307 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/xa.php' not found or unable to stat
[Sat Apr 04 05:41:42.037403 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/hplfuns.php' not found or unable to stat
[Sat Apr 04 05:41:41.897524 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/wp-kd4xalrg7m.php' not found or unable to stat
[Sat Apr 04 05:41:41.756472 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/read.php' not found or unable to stat
[Sat Apr 04 05:41:41.620673 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/zample.php' not found or unable to stat
[Sat Apr 04 05:41:41.484746 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/no18.php' not found or unable to stat
[Sat Apr 04 05:41:41.348091 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/about.php' not found or unable to stat
[Sat Apr 04 05:41:41.207021 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/ass.php' not found or unable to stat
[Sat Apr 04 05:41:41.065378 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/xwpg.php' not found or unable to stat
[Sat Apr 04 05:41:40.930391 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/byrgo.php' not found or unable to stat
[Sat Apr 04 05:41:40.794697 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/aligk.php' not found or unable to stat
[Sat Apr 04 05:41:40.659467 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/wp1.php' not found or unable to stat
[Sat Apr 04 05:41:40.518255 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/fetch.php' not found or unable to stat
[Sat Apr 04 05:41:40.372033 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/1111.php' not found or unable to stat
[Sat Apr 04 05:41:40.234928 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/xozx.php' not found or unable to stat
[Sat Apr 04 05:41:40.089750 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/control.php' not found or unable to stat
[Sat Apr 04 05:41:39.954409 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/111.php' not found or unable to stat
[Sat Apr 04 05:41:39.814429 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/file31.php' not found or unable to stat
[Sat Apr 04 05:41:39.671507 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/ftde.php' not found or unable to stat
[Sat Apr 04 05:41:39.530519 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/2026w.php' not found or unable to stat
[Sat Apr 04 05:41:39.388684 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/f35_S.php' not found or unable to stat
[Sat Apr 04 05:41:39.252854 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/nano.php' not found or unable to stat
[Sat Apr 04 05:41:39.108403 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/.yuf.php' not found or unable to stat
[Sat Apr 04 05:41:38.971710 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/.mopj.php' not found or unable to stat
[Sat Apr 04 05:41:38.832096 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/10.php' not found or unable to stat
[Sat Apr 04 05:41:38.691823 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/9.php' not found or unable to stat
[Sat Apr 04 05:41:38.553043 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/6.php' not found or unable to stat
[Sat Apr 04 05:41:38.395233 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/5.php' not found or unable to stat
[Sat Apr 04 05:41:38.257974 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/4.php' not found or unable to stat
[Sat Apr 04 05:41:38.121899 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/3.php' not found or unable to stat
[Sat Apr 04 05:41:37.980425 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/2.php' not found or unable to stat
[Sat Apr 04 05:41:37.842917 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/1.php' not found or unable to stat
[Sat Apr 04 05:41:37.702992 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/8.php' not found or unable to stat
[Sat Apr 04 05:41:37.567446 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/7.php' not found or unable to stat
[Sat Apr 04 05:41:37.424100 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/cacheee.php' not found or unable to stat
[Sat Apr 04 05:41:37.286733 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/ghhjh.php' not found or unable to stat
[Sat Apr 04 05:41:37.145848 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/bthil.php' not found or unable to stat
[Sat Apr 04 05:41:37.007909 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/gptsh.php' not found or unable to stat
[Sat Apr 04 05:41:36.577862 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/.well-known/a5.php' not found or unable to stat
[Sat Apr 04 05:41:36.295344 2026] [access_compat:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] AH01797: client denied by server configuration: /cgi-bin/a5.php
[Sat Apr 04 05:41:35.606260 2026] [access_compat:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] AH01797: client denied by server configuration: /cgi-bin/7.php
[Sat Apr 04 05:41:35.329513 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/.well-known/7.php' not found or unable to stat
[Sat Apr 04 05:41:34.495127 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/.well-known/f35.php' not found or unable to stat
[Sat Apr 04 05:41:34.345896 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/images/simple.php' not found or unable to stat
[Sat Apr 04 05:41:34.052899 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/.well-known/simple.php' not found or unable to stat
[Sat Apr 04 05:41:33.482545 2026] [access_compat:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] AH01797: client denied by server configuration: /cgi-bin/8.php
[Sat Apr 04 05:41:33.312517 2026] [php:error] [pid 118256:tid 118256] [client 20.48.232.178:52216] script '/.well-known/8.php' not found or unable to stat
[Sat Apr 04 05:35:46.741611 2026] [security2:error] [pid 119144:tid 119144] [client 43.165.135.242:39578] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "adDpghntlX1yH_rDUPAwGAAAAAU"], referer: http://www.selvans.net
[Sat Apr 04 04:46:50.754802 2026] [security2:error] [pid 118255:tid 118255] [client 43.155.157.239:58748] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "adDeCuF9KhWbiOcgFFzsyQAAAAQ"], referer: http://myip.selvans.net
[Sat Apr 04 03:51:22.022559 2026] [security2:error] [pid 118262:tid 118262] [client 79.124.40.174:34022] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "adDRCk-JUiFCpkU48exR-QAAAA4"]
[Sat Apr 04 03:42:08.129611 2026] [security2:error] [pid 119039:tid 119039] [client 170.106.197.109:35264] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "adDO4EdGZ4UkGtUxX9Zh4gAAAAE"], referer: http://arul.selvans.net
[Sat Apr 04 03:06:09.617196 2026] [php:error] [pid 118255:tid 118255] [client 210.97.56.132:52957] script '/xmlrpc.php' not found or unable to stat
[Sat Apr 04 02:39:12.141103 2026] [security2:error] [pid 119150:tid 119150] [client 43.131.32.36:41046] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/error/HTTP_BAD_REQUEST.html.var"] [unique_id "adDAIL4GKKJMq3sYUDwuNAAAAAc"], referer: http://97.99.19.201:443
[Sat Apr 04 02:36:42.873665 2026] [security2:error] [pid 118254:tid 118254] [client 43.130.57.76:42512] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "adC_iiCthhuxFleuDSXbZAAAAAI"], referer: http://97.99.19.201:80
[Sat Apr 04 02:21:02.290205 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:6680] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC73hntlX1yH_rDUPAwDwAAAAU"]
[Sat Apr 04 02:21:02.288554 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:6680] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/dev/.git/config"] [unique_id "adC73hntlX1yH_rDUPAwDwAAAAU"]
[Sat Apr 04 02:21:02.287756 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:6680] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /dev/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/dev/.git/config"] [unique_id "adC73hntlX1yH_rDUPAwDwAAAAU"]
[Sat Apr 04 02:21:02.286925 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:6680] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/dev/.git/config"] [unique_id "adC73hntlX1yH_rDUPAwDwAAAAU"]
[Sat Apr 04 02:21:00.540290 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:6672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC73OF9KhWbiOcgFFzswAAAAAQ"]
[Sat Apr 04 02:21:00.538786 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:6672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.git/config"] [unique_id "adC73OF9KhWbiOcgFFzswAAAAAQ"]
[Sat Apr 04 02:21:00.538237 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:6672] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.git/config"] [unique_id "adC73OF9KhWbiOcgFFzswAAAAAQ"]
[Sat Apr 04 02:21:00.537402 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:6672] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.git/config"] [unique_id "adC73OF9KhWbiOcgFFzswAAAAAQ"]
[Sat Apr 04 02:20:58.290273 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:6644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC72tniPYZeu5gaRtZnRwAAAA0"]
[Sat Apr 04 02:20:58.288922 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:6644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.testing.local"] [unique_id "adC72tniPYZeu5gaRtZnRwAAAA0"]
[Sat Apr 04 02:20:58.288364 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:6644] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.testing.local"] [unique_id "adC72tniPYZeu5gaRtZnRwAAAA0"]
[Sat Apr 04 02:20:58.287447 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:6644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.testing.local"] [unique_id "adC72tniPYZeu5gaRtZnRwAAAA0"]
[Sat Apr 04 02:20:56.452028 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:23104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC72AiRww9LW1QH1oCU3AAAAAM"]
[Sat Apr 04 02:20:56.450195 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:23104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/config/.git/config"] [unique_id "adC72AiRww9LW1QH1oCU3AAAAAM"]
[Sat Apr 04 02:20:56.449632 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:23104] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /config/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/config/.git/config"] [unique_id "adC72AiRww9LW1QH1oCU3AAAAAM"]
[Sat Apr 04 02:20:56.448809 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:23104] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/config/.git/config"] [unique_id "adC72AiRww9LW1QH1oCU3AAAAAM"]
[Sat Apr 04 02:20:53.799001 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.61:23092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC71UdGZ4UkGtUxX9Zh3gAAAAE"]
[Sat Apr 04 02:20:53.797353 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.61:23092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/public/.git/config"] [unique_id "adC71UdGZ4UkGtUxX9Zh3gAAAAE"]
[Sat Apr 04 02:20:53.796831 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.61:23092] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /public/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/public/.git/config"] [unique_id "adC71UdGZ4UkGtUxX9Zh3gAAAAE"]
[Sat Apr 04 02:20:53.796100 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.61:23092] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/public/.git/config"] [unique_id "adC71UdGZ4UkGtUxX9Zh3gAAAAE"]
[Sat Apr 04 02:20:52.047988 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:23074] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC71EbA0kW4ofYjW2SYDgAAAAY"]
[Sat Apr 04 02:20:52.046368 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:23074] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/settings/.env"] [unique_id "adC71EbA0kW4ofYjW2SYDgAAAAY"]
[Sat Apr 04 02:20:52.045844 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:23074] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /settings/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/settings/.env"] [unique_id "adC71EbA0kW4ofYjW2SYDgAAAAY"]
[Sat Apr 04 02:20:52.045026 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:23074] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/settings/.env"] [unique_id "adC71EbA0kW4ofYjW2SYDgAAAAY"]
[Sat Apr 04 02:20:50.550795 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:23060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC70k-JUiFCpkU48exR8gAAAA4"]
[Sat Apr 04 02:20:50.548872 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:23060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/config/.env"] [unique_id "adC70k-JUiFCpkU48exR8gAAAA4"]
[Sat Apr 04 02:20:50.548363 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:23060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/config/.env"] [unique_id "adC70k-JUiFCpkU48exR8gAAAA4"]
[Sat Apr 04 02:20:50.547587 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:23060] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/config/.env"] [unique_id "adC70k-JUiFCpkU48exR8gAAAA4"]
[Sat Apr 04 02:20:48.926842 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:23042] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC70CCthhuxFleuDSXbYwAAAAI"]
[Sat Apr 04 02:20:48.924813 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:23042] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.secret"] [unique_id "adC70CCthhuxFleuDSXbYwAAAAI"]
[Sat Apr 04 02:20:48.924263 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:23042] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.secret"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.secret"] [unique_id "adC70CCthhuxFleuDSXbYwAAAAI"]
[Sat Apr 04 02:20:48.923409 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:23042] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.secret"] [unique_id "adC70CCthhuxFleuDSXbYwAAAAI"]
[Sat Apr 04 02:20:47.513078 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:23036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7z74GKKJMq3sYUDwuMgAAAAc"]
[Sat Apr 04 02:20:47.511647 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:23036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.preprod"] [unique_id "adC7z74GKKJMq3sYUDwuMgAAAAc"]
[Sat Apr 04 02:20:47.511070 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:23036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.preprod"] [unique_id "adC7z74GKKJMq3sYUDwuMgAAAAc"]
[Sat Apr 04 02:20:47.510231 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:23036] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.preprod"] [unique_id "adC7z74GKKJMq3sYUDwuMgAAAAc"]
[Sat Apr 04 02:20:46.353652 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:31620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7zke4KVHtVCYxqLihuwAAAAg"]
[Sat Apr 04 02:20:46.351597 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:31620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/media/.git/config"] [unique_id "adC7zke4KVHtVCYxqLihuwAAAAg"]
[Sat Apr 04 02:20:46.351096 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:31620] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /media/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/media/.git/config"] [unique_id "adC7zke4KVHtVCYxqLihuwAAAAg"]
[Sat Apr 04 02:20:46.350401 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:31620] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/media/.git/config"] [unique_id "adC7zke4KVHtVCYxqLihuwAAAAg"]
[Sat Apr 04 02:20:45.400846 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:31606] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7zRntlX1yH_rDUPAwDgAAAAU"]
[Sat Apr 04 02:20:45.399000 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:31606] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/data/.git/config"] [unique_id "adC7zRntlX1yH_rDUPAwDgAAAAU"]
[Sat Apr 04 02:20:45.398430 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:31606] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /data/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/data/.git/config"] [unique_id "adC7zRntlX1yH_rDUPAwDgAAAAU"]
[Sat Apr 04 02:20:45.397599 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:31606] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/data/.git/config"] [unique_id "adC7zRntlX1yH_rDUPAwDgAAAAU"]
[Sat Apr 04 02:20:43.994973 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:31590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7y-F9KhWbiOcgFFzsvwAAAAQ"]
[Sat Apr 04 02:20:43.993424 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:31590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.test"] [unique_id "adC7y-F9KhWbiOcgFFzsvwAAAAQ"]
[Sat Apr 04 02:20:43.992861 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:31590] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.test"] [unique_id "adC7y-F9KhWbiOcgFFzsvwAAAAQ"]
[Sat Apr 04 02:20:43.992052 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:31590] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.test"] [unique_id "adC7y-F9KhWbiOcgFFzsvwAAAAQ"]
[Sat Apr 04 02:20:42.420048 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:31560] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/config.json"] [unique_id "adC7ytniPYZeu5gaRtZnRgAAAA0"]
[Sat Apr 04 02:20:40.645915 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:31538] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7yAiRww9LW1QH1oCU2wAAAAM"]
[Sat Apr 04 02:20:40.644482 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:31538] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.backup"] [unique_id "adC7yAiRww9LW1QH1oCU2wAAAAM"]
[Sat Apr 04 02:20:40.643923 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:31538] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.backup"] [unique_id "adC7yAiRww9LW1QH1oCU2wAAAAM"]
[Sat Apr 04 02:20:40.643212 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:31538] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.backup"] [unique_id "adC7yAiRww9LW1QH1oCU2wAAAAM"]
[Sat Apr 04 02:20:40.642971 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:31538] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.backup"] [unique_id "adC7yAiRww9LW1QH1oCU2wAAAAM"]
[Sat Apr 04 02:20:39.155577 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.61:31518] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/docker-compose.prod.yml"] [unique_id "adC7x0dGZ4UkGtUxX9Zh3QAAAAE"]
[Sat Apr 04 02:20:36.883640 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:7932] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7xEbA0kW4ofYjW2SYDQAAAAY"]
[Sat Apr 04 02:20:36.881619 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:7932] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/www/.git/config"] [unique_id "adC7xEbA0kW4ofYjW2SYDQAAAAY"]
[Sat Apr 04 02:20:36.881044 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:7932] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /www/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/www/.git/config"] [unique_id "adC7xEbA0kW4ofYjW2SYDQAAAAY"]
[Sat Apr 04 02:20:36.880260 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:7932] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/www/.git/config"] [unique_id "adC7xEbA0kW4ofYjW2SYDQAAAAY"]
[Sat Apr 04 02:20:35.317334 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:7896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7w0-JUiFCpkU48exR8QAAAA4"]
[Sat Apr 04 02:20:35.315021 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:7896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/static../.git/config"] [unique_id "adC7w0-JUiFCpkU48exR8QAAAA4"]
[Sat Apr 04 02:20:35.314528 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:7896] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/static../.git/config"] [unique_id "adC7w0-JUiFCpkU48exR8QAAAA4"]
[Sat Apr 04 02:20:35.313811 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:7896] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/static../.git/config"] [unique_id "adC7w0-JUiFCpkU48exR8QAAAA4"]
[Sat Apr 04 02:20:32.857534 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:7860] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7wCCthhuxFleuDSXbYgAAAAI"]
[Sat Apr 04 02:20:32.855702 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:7860] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/backup/.git/config"] [unique_id "adC7wCCthhuxFleuDSXbYgAAAAI"]
[Sat Apr 04 02:20:32.855203 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:7860] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backup/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/backup/.git/config"] [unique_id "adC7wCCthhuxFleuDSXbYgAAAAI"]
[Sat Apr 04 02:20:32.854440 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:7860] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/backup/.git/config"] [unique_id "adC7wCCthhuxFleuDSXbYgAAAAI"]
[Sat Apr 04 02:20:32.754238 2026] [security2:error] [pid 119150:tid 119150] [client 203.55.131.5:56990] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicon.ico"] [unique_id "adC7wL4GKKJMq3sYUDwuMQAAAAc"]
[Sat Apr 04 02:20:30.539620 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:7836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7vke4KVHtVCYxqLihugAAAAg"]
[Sat Apr 04 02:20:30.537923 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:7836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/cms/.git/config"] [unique_id "adC7vke4KVHtVCYxqLihugAAAAg"]
[Sat Apr 04 02:20:30.537366 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:7836] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /cms/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/cms/.git/config"] [unique_id "adC7vke4KVHtVCYxqLihugAAAAg"]
[Sat Apr 04 02:20:30.536562 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:7836] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/cms/.git/config"] [unique_id "adC7vke4KVHtVCYxqLihugAAAAg"]
[Sat Apr 04 02:20:29.657664 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:7818] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7vRntlX1yH_rDUPAwDQAAAAU"]
[Sat Apr 04 02:20:29.656028 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:7818] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.production.local"] [unique_id "adC7vRntlX1yH_rDUPAwDQAAAAU"]
[Sat Apr 04 02:20:29.655474 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:7818] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.production.local"] [unique_id "adC7vRntlX1yH_rDUPAwDQAAAAU"]
[Sat Apr 04 02:20:29.654608 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:7818] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.production.local"] [unique_id "adC7vRntlX1yH_rDUPAwDQAAAAU"]
[Sat Apr 04 02:20:27.496656 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:9434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7u-F9KhWbiOcgFFzsvgAAAAQ"]
[Sat Apr 04 02:20:27.495099 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:9434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.save"] [unique_id "adC7u-F9KhWbiOcgFFzsvgAAAAQ"]
[Sat Apr 04 02:20:27.494554 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:9434] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.save"] [unique_id "adC7u-F9KhWbiOcgFFzsvgAAAAQ"]
[Sat Apr 04 02:20:27.493685 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:9434] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.save"] [unique_id "adC7u-F9KhWbiOcgFFzsvgAAAAQ"]
[Sat Apr 04 02:20:25.486743 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:9420] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7udniPYZeu5gaRtZnRQAAAA0"]
[Sat Apr 04 02:20:25.485436 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:9420] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.config"] [unique_id "adC7udniPYZeu5gaRtZnRQAAAA0"]
[Sat Apr 04 02:20:25.484866 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:9420] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.config"] [unique_id "adC7udniPYZeu5gaRtZnRQAAAA0"]
[Sat Apr 04 02:20:25.484076 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:9420] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.config"] [unique_id "adC7udniPYZeu5gaRtZnRQAAAA0"]
[Sat Apr 04 02:20:25.483854 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:9420] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.config"] [unique_id "adC7udniPYZeu5gaRtZnRQAAAA0"]
[Sat Apr 04 02:20:23.191231 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:9400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7twiRww9LW1QH1oCU2gAAAAM"]
[Sat Apr 04 02:20:23.189119 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:9400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/server/.git/config"] [unique_id "adC7twiRww9LW1QH1oCU2gAAAAM"]
[Sat Apr 04 02:20:23.188579 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:9400] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /server/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/server/.git/config"] [unique_id "adC7twiRww9LW1QH1oCU2gAAAAM"]
[Sat Apr 04 02:20:23.187865 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:9400] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/server/.git/config"] [unique_id "adC7twiRww9LW1QH1oCU2gAAAAM"]
[Sat Apr 04 02:20:20.834366 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.61:9370] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7tEdGZ4UkGtUxX9Zh3AAAAAE"]
[Sat Apr 04 02:20:20.832560 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.61:9370] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/configuration/.env"] [unique_id "adC7tEdGZ4UkGtUxX9Zh3AAAAAE"]
[Sat Apr 04 02:20:20.831947 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.61:9370] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /configuration/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/configuration/.env"] [unique_id "adC7tEdGZ4UkGtUxX9Zh3AAAAAE"]
[Sat Apr 04 02:20:20.831208 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.61:9370] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/configuration/.env"] [unique_id "adC7tEdGZ4UkGtUxX9Zh3AAAAAE"]
[Sat Apr 04 02:20:18.034132 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:9350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7skbA0kW4ofYjW2SYDAAAAAY"]
[Sat Apr 04 02:20:18.031972 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:9350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/build/.env"] [unique_id "adC7skbA0kW4ofYjW2SYDAAAAAY"]
[Sat Apr 04 02:20:18.031481 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:9350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/build/.env"] [unique_id "adC7skbA0kW4ofYjW2SYDAAAAAY"]
[Sat Apr 04 02:20:18.030708 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:9350] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/build/.env"] [unique_id "adC7skbA0kW4ofYjW2SYDAAAAAY"]
[Sat Apr 04 02:20:16.243455 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:41580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7sE-JUiFCpkU48exR8AAAAA4"]
[Sat Apr 04 02:20:16.241937 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:41580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.sandbox"] [unique_id "adC7sE-JUiFCpkU48exR8AAAAA4"]
[Sat Apr 04 02:20:16.241373 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:41580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sandbox"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.sandbox"] [unique_id "adC7sE-JUiFCpkU48exR8AAAAA4"]
[Sat Apr 04 02:20:16.240505 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:41580] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.sandbox"] [unique_id "adC7sE-JUiFCpkU48exR8AAAAA4"]
[Sat Apr 04 02:20:14.403446 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:41566] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7rr4GKKJMq3sYUDwuMAAAAAc"]
[Sat Apr 04 02:20:14.401935 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:41566] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.envrc"] [unique_id "adC7rr4GKKJMq3sYUDwuMAAAAAc"]
[Sat Apr 04 02:20:14.401383 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:41566] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.envrc"] [unique_id "adC7rr4GKKJMq3sYUDwuMAAAAAc"]
[Sat Apr 04 02:20:14.400541 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:41566] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.envrc"] [unique_id "adC7rr4GKKJMq3sYUDwuMAAAAAc"]
[Sat Apr 04 02:20:13.828266 2026] [security2:error] [pid 118254:tid 118254] [client 203.55.131.5:36384] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "adC7rSCthhuxFleuDSXbYQAAAAI"]
[Sat Apr 04 02:20:11.593399 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:41564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7q0e4KVHtVCYxqLihuQAAAAg"]
[Sat Apr 04 02:20:11.591960 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:41564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.development.local"] [unique_id "adC7q0e4KVHtVCYxqLihuQAAAAg"]
[Sat Apr 04 02:20:11.591414 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:41564] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.development.local"] [unique_id "adC7q0e4KVHtVCYxqLihuQAAAAg"]
[Sat Apr 04 02:20:11.590577 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:41564] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.development.local"] [unique_id "adC7q0e4KVHtVCYxqLihuQAAAAg"]
[Sat Apr 04 02:20:09.472265 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:41560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7qRntlX1yH_rDUPAwDAAAAAU"]
[Sat Apr 04 02:20:09.470587 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:41560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.dev.local"] [unique_id "adC7qRntlX1yH_rDUPAwDAAAAAU"]
[Sat Apr 04 02:20:09.470035 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:41560] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.dev.local"] [unique_id "adC7qRntlX1yH_rDUPAwDAAAAAU"]
[Sat Apr 04 02:20:09.469154 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:41560] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.dev.local"] [unique_id "adC7qRntlX1yH_rDUPAwDAAAAAU"]
[Sat Apr 04 02:20:08.075983 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:41556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7qOF9KhWbiOcgFFzsvQAAAAQ"]
[Sat Apr 04 02:20:08.073974 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:41556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.ci"] [unique_id "adC7qOF9KhWbiOcgFFzsvQAAAAQ"]
[Sat Apr 04 02:20:08.073455 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:41556] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.ci"] [unique_id "adC7qOF9KhWbiOcgFFzsvQAAAAQ"]
[Sat Apr 04 02:20:08.072699 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:41556] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.ci"] [unique_id "adC7qOF9KhWbiOcgFFzsvQAAAAQ"]
[Sat Apr 04 02:20:06.592964 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:25552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7ptniPYZeu5gaRtZnRAAAAA0"]
[Sat Apr 04 02:20:06.591020 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:25552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env"] [unique_id "adC7ptniPYZeu5gaRtZnRAAAAA0"]
[Sat Apr 04 02:20:06.590513 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:25552] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env"] [unique_id "adC7ptniPYZeu5gaRtZnRAAAAA0"]
[Sat Apr 04 02:20:06.589674 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:25552] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env"] [unique_id "adC7ptniPYZeu5gaRtZnRAAAAA0"]
[Sat Apr 04 02:20:05.149106 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:25540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7pQiRww9LW1QH1oCU2QAAAAM"]
[Sat Apr 04 02:20:05.147258 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:25540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.aws/credentials"] [unique_id "adC7pQiRww9LW1QH1oCU2QAAAAM"]
[Sat Apr 04 02:20:05.146693 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:25540] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.aws/credentials"] [unique_id "adC7pQiRww9LW1QH1oCU2QAAAAM"]
[Sat Apr 04 02:20:05.145867 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:25540] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.aws/credentials"] [unique_id "adC7pQiRww9LW1QH1oCU2QAAAAM"]
[Sat Apr 04 02:20:02.464199 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:25536] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7okbA0kW4ofYjW2SYCwAAAAY"]
[Sat Apr 04 02:20:02.462568 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:25536] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/src/.git/config"] [unique_id "adC7okbA0kW4ofYjW2SYCwAAAAY"]
[Sat Apr 04 02:20:02.462005 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:25536] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /src/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/src/.git/config"] [unique_id "adC7okbA0kW4ofYjW2SYCwAAAAY"]
[Sat Apr 04 02:20:02.461184 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:25536] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/src/.git/config"] [unique_id "adC7okbA0kW4ofYjW2SYCwAAAAY"]
[Sat Apr 04 02:20:00.421191 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:25530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7oL4GKKJMq3sYUDwuLwAAAAc"]
[Sat Apr 04 02:20:00.419686 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:25530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/files/.git/config"] [unique_id "adC7oL4GKKJMq3sYUDwuLwAAAAc"]
[Sat Apr 04 02:20:00.419110 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:25530] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /files/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/files/.git/config"] [unique_id "adC7oL4GKKJMq3sYUDwuLwAAAAc"]
[Sat Apr 04 02:20:00.418285 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:25530] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/files/.git/config"] [unique_id "adC7oL4GKKJMq3sYUDwuLwAAAAc"]
[Sat Apr 04 02:19:58.088860 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:25528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7niCthhuxFleuDSXbYAAAAAI"]
[Sat Apr 04 02:19:58.086960 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:25528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/assets../.git/config"] [unique_id "adC7niCthhuxFleuDSXbYAAAAAI"]
[Sat Apr 04 02:19:58.086447 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:25528] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/assets../.git/config"] [unique_id "adC7niCthhuxFleuDSXbYAAAAAI"]
[Sat Apr 04 02:19:58.085705 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:25528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/assets../.git/config"] [unique_id "adC7niCthhuxFleuDSXbYAAAAAI"]
[Sat Apr 04 02:19:56.088106 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:50426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7nEe4KVHtVCYxqLihuAAAAAg"]
[Sat Apr 04 02:19:56.086624 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:50426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.production"] [unique_id "adC7nEe4KVHtVCYxqLihuAAAAAg"]
[Sat Apr 04 02:19:56.086075 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:50426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.production"] [unique_id "adC7nEe4KVHtVCYxqLihuAAAAAg"]
[Sat Apr 04 02:19:56.085259 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:50426] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.production"] [unique_id "adC7nEe4KVHtVCYxqLihuAAAAAg"]
[Sat Apr 04 02:19:54.892734 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:50410] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7mhntlX1yH_rDUPAwCwAAAAU"]
[Sat Apr 04 02:19:54.890595 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:50410] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/app/.git/config"] [unique_id "adC7mhntlX1yH_rDUPAwCwAAAAU"]
[Sat Apr 04 02:19:54.890030 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:50410] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/app/.git/config"] [unique_id "adC7mhntlX1yH_rDUPAwCwAAAAU"]
[Sat Apr 04 02:19:54.889230 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:50410] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/app/.git/config"] [unique_id "adC7mhntlX1yH_rDUPAwCwAAAAU"]
[Sat Apr 04 02:19:53.440720 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:50402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7meF9KhWbiOcgFFzsvAAAAAQ"]
[Sat Apr 04 02:19:53.438670 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:50402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.uat"] [unique_id "adC7meF9KhWbiOcgFFzsvAAAAAQ"]
[Sat Apr 04 02:19:53.438080 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:50402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.uat"] [unique_id "adC7meF9KhWbiOcgFFzsvAAAAAQ"]
[Sat Apr 04 02:19:53.437290 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:50402] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.uat"] [unique_id "adC7meF9KhWbiOcgFFzsvAAAAAQ"]
[Sat Apr 04 02:19:50.903033 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:50398] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7ltniPYZeu5gaRtZnQwAAAA0"]
[Sat Apr 04 02:19:50.901473 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:50398] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.testing"] [unique_id "adC7ltniPYZeu5gaRtZnQwAAAA0"]
[Sat Apr 04 02:19:50.900886 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:50398] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.testing"] [unique_id "adC7ltniPYZeu5gaRtZnQwAAAA0"]
[Sat Apr 04 02:19:50.899960 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:50398] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.testing"] [unique_id "adC7ltniPYZeu5gaRtZnQwAAAA0"]
[Sat Apr 04 02:19:48.503944 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:50368] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7lAiRww9LW1QH1oCU2AAAAAM"]
[Sat Apr 04 02:19:48.502377 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:50368] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.prod.local"] [unique_id "adC7lAiRww9LW1QH1oCU2AAAAAM"]
[Sat Apr 04 02:19:48.501816 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:50368] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.prod.local"] [unique_id "adC7lAiRww9LW1QH1oCU2AAAAAM"]
[Sat Apr 04 02:19:48.500991 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:50368] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.prod.local"] [unique_id "adC7lAiRww9LW1QH1oCU2AAAAAM"]
[Sat Apr 04 02:19:47.315972 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:50364] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7k0bA0kW4ofYjW2SYCgAAAAY"]
[Sat Apr 04 02:19:47.314410 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:50364] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.bak"] [unique_id "adC7k0bA0kW4ofYjW2SYCgAAAAY"]
[Sat Apr 04 02:19:47.313835 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:50364] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.bak"] [unique_id "adC7k0bA0kW4ofYjW2SYCgAAAAY"]
[Sat Apr 04 02:19:47.313073 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:50364] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.bak"] [unique_id "adC7k0bA0kW4ofYjW2SYCgAAAAY"]
[Sat Apr 04 02:19:47.312847 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:50364] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.bak"] [unique_id "adC7k0bA0kW4ofYjW2SYCgAAAAY"]
[Sat Apr 04 02:19:45.815674 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.61:62686] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7kUdGZ4UkGtUxX9Zh2QAAAAE"]
[Sat Apr 04 02:19:45.813524 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.61:62686] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/admin/.git/config"] [unique_id "adC7kUdGZ4UkGtUxX9Zh2QAAAAE"]
[Sat Apr 04 02:19:45.812976 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.61:62686] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /admin/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/admin/.git/config"] [unique_id "adC7kUdGZ4UkGtUxX9Zh2QAAAAE"]
[Sat Apr 04 02:19:45.812142 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.61:62686] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/admin/.git/config"] [unique_id "adC7kUdGZ4UkGtUxX9Zh2QAAAAE"]
[Sat Apr 04 02:19:43.849861 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:62678] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7j0-JUiFCpkU48exR7wAAAA4"]
[Sat Apr 04 02:19:43.848363 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:62678] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/media../.git/config"] [unique_id "adC7j0-JUiFCpkU48exR7wAAAA4"]
[Sat Apr 04 02:19:43.847769 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:62678] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/media../.git/config"] [unique_id "adC7j0-JUiFCpkU48exR7wAAAA4"]
[Sat Apr 04 02:19:43.846926 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:62678] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/media../.git/config"] [unique_id "adC7j0-JUiFCpkU48exR7wAAAA4"]
[Sat Apr 04 02:19:41.056614 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:62672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7jb4GKKJMq3sYUDwuLgAAAAc"]
[Sat Apr 04 02:19:41.054594 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:62672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.stage"] [unique_id "adC7jb4GKKJMq3sYUDwuLgAAAAc"]
[Sat Apr 04 02:19:41.053982 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:62672] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.stage"] [unique_id "adC7jb4GKKJMq3sYUDwuLgAAAAc"]
[Sat Apr 04 02:19:41.053084 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:62672] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.stage"] [unique_id "adC7jb4GKKJMq3sYUDwuLgAAAAc"]
[Sat Apr 04 02:19:39.338634 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:62656] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7iyCthhuxFleuDSXbXwAAAAI"]
[Sat Apr 04 02:19:39.336849 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:62656] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env_sample"] [unique_id "adC7iyCthhuxFleuDSXbXwAAAAI"]
[Sat Apr 04 02:19:39.336342 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:62656] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env_sample"] [unique_id "adC7iyCthhuxFleuDSXbXwAAAAI"]
[Sat Apr 04 02:19:39.335597 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:62656] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env_sample"] [unique_id "adC7iyCthhuxFleuDSXbXwAAAAI"]
[Sat Apr 04 02:19:37.225406 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:62640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7iUe4KVHtVCYxqLihtwAAAAg"]
[Sat Apr 04 02:19:37.223292 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:62640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.live"] [unique_id "adC7iUe4KVHtVCYxqLihtwAAAAg"]
[Sat Apr 04 02:19:37.222796 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:62640] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.live"] [unique_id "adC7iUe4KVHtVCYxqLihtwAAAAg"]
[Sat Apr 04 02:19:37.222046 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:62640] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.live"] [unique_id "adC7iUe4KVHtVCYxqLihtwAAAAg"]
[Sat Apr 04 02:19:34.983470 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:2280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7hhntlX1yH_rDUPAwCgAAAAU"]
[Sat Apr 04 02:19:34.981623 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:2280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.dist"] [unique_id "adC7hhntlX1yH_rDUPAwCgAAAAU"]
[Sat Apr 04 02:19:34.981094 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:2280] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.dist"] [unique_id "adC7hhntlX1yH_rDUPAwCgAAAAU"]
[Sat Apr 04 02:19:34.980246 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:2280] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.dist"] [unique_id "adC7hhntlX1yH_rDUPAwCgAAAAU"]
[Sat Apr 04 02:19:32.912398 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:2266] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7hOF9KhWbiOcgFFzsuwAAAAQ"]
[Sat Apr 04 02:19:32.910438 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:2266] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/project/.git/config"] [unique_id "adC7hOF9KhWbiOcgFFzsuwAAAAQ"]
[Sat Apr 04 02:19:32.909936 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:2266] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /project/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/project/.git/config"] [unique_id "adC7hOF9KhWbiOcgFFzsuwAAAAQ"]
[Sat Apr 04 02:19:32.909229 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:2266] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/project/.git/config"] [unique_id "adC7hOF9KhWbiOcgFFzsuwAAAAQ"]
[Sat Apr 04 02:19:31.839521 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:2252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7g9niPYZeu5gaRtZnQgAAAA0"]
[Sat Apr 04 02:19:31.837724 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:2252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/prod/.env"] [unique_id "adC7g9niPYZeu5gaRtZnQgAAAA0"]
[Sat Apr 04 02:19:31.837177 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:2252] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/prod/.env"] [unique_id "adC7g9niPYZeu5gaRtZnQgAAAA0"]
[Sat Apr 04 02:19:31.836273 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:2252] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/prod/.env"] [unique_id "adC7g9niPYZeu5gaRtZnQgAAAA0"]
[Sat Apr 04 02:19:29.521462 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:2236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7gQiRww9LW1QH1oCU1wAAAAM"]
[Sat Apr 04 02:19:29.519501 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:2236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/api/.env"] [unique_id "adC7gQiRww9LW1QH1oCU1wAAAAM"]
[Sat Apr 04 02:19:29.518944 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:2236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/api/.env"] [unique_id "adC7gQiRww9LW1QH1oCU1wAAAAM"]
[Sat Apr 04 02:19:29.518077 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:2236] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/api/.env"] [unique_id "adC7gQiRww9LW1QH1oCU1wAAAAM"]
[Sat Apr 04 02:19:27.782203 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:2228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7f0bA0kW4ofYjW2SYCQAAAAY"]
[Sat Apr 04 02:19:27.780006 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:2228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.default"] [unique_id "adC7f0bA0kW4ofYjW2SYCQAAAAY"]
[Sat Apr 04 02:19:27.779522 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:2228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.default"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.default"] [unique_id "adC7f0bA0kW4ofYjW2SYCQAAAAY"]
[Sat Apr 04 02:19:27.778759 2026] [security2:error] [pid 119147:tid 119147] [client 185.177.72.61:2228] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.default"] [unique_id "adC7f0bA0kW4ofYjW2SYCQAAAAY"]
[Sat Apr 04 02:19:26.618396 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.61:37158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7fkdGZ4UkGtUxX9Zh2AAAAAE"]
[Sat Apr 04 02:19:26.616625 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.61:37158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.local"] [unique_id "adC7fkdGZ4UkGtUxX9Zh2AAAAAE"]
[Sat Apr 04 02:19:26.616116 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.61:37158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.local"] [unique_id "adC7fkdGZ4UkGtUxX9Zh2AAAAAE"]
[Sat Apr 04 02:19:26.615389 2026] [security2:error] [pid 119039:tid 119039] [client 185.177.72.61:37158] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.local"] [unique_id "adC7fkdGZ4UkGtUxX9Zh2AAAAAE"]
[Sat Apr 04 02:19:22.853673 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:37148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7ek-JUiFCpkU48exR7gAAAA4"]
[Sat Apr 04 02:19:22.852089 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:37148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.dev"] [unique_id "adC7ek-JUiFCpkU48exR7gAAAA4"]
[Sat Apr 04 02:19:22.851534 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:37148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.dev"] [unique_id "adC7ek-JUiFCpkU48exR7gAAAA4"]
[Sat Apr 04 02:19:22.850686 2026] [security2:error] [pid 118262:tid 118262] [client 185.177.72.61:37148] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.dev"] [unique_id "adC7ek-JUiFCpkU48exR7gAAAA4"]
[Sat Apr 04 02:19:21.120110 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:37132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7eb4GKKJMq3sYUDwuLQAAAAc"]
[Sat Apr 04 02:19:21.117612 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:37132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/core/.git/config"] [unique_id "adC7eb4GKKJMq3sYUDwuLQAAAAc"]
[Sat Apr 04 02:19:21.117111 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:37132] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /core/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/core/.git/config"] [unique_id "adC7eb4GKKJMq3sYUDwuLQAAAAc"]
[Sat Apr 04 02:19:21.116385 2026] [security2:error] [pid 119150:tid 119150] [client 185.177.72.61:37132] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/core/.git/config"] [unique_id "adC7eb4GKKJMq3sYUDwuLQAAAAc"]
[Sat Apr 04 02:19:18.928264 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:37130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7diCthhuxFleuDSXbXgAAAAI"]
[Sat Apr 04 02:19:18.926278 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:37130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.prod"] [unique_id "adC7diCthhuxFleuDSXbXgAAAAI"]
[Sat Apr 04 02:19:18.925718 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:37130] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.prod"] [unique_id "adC7diCthhuxFleuDSXbXgAAAAI"]
[Sat Apr 04 02:19:18.924828 2026] [security2:error] [pid 118254:tid 118254] [client 185.177.72.61:37130] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.prod"] [unique_id "adC7diCthhuxFleuDSXbXgAAAAI"]
[Sat Apr 04 02:19:16.909168 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:38092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7dEe4KVHtVCYxqLihtgAAAAg"]
[Sat Apr 04 02:19:16.907143 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:38092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/api/.git/config"] [unique_id "adC7dEe4KVHtVCYxqLihtgAAAAg"]
[Sat Apr 04 02:19:16.906602 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:38092] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/api/.git/config"] [unique_id "adC7dEe4KVHtVCYxqLihtgAAAAg"]
[Sat Apr 04 02:19:16.905794 2026] [security2:error] [pid 118256:tid 118256] [client 185.177.72.61:38092] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/api/.git/config"] [unique_id "adC7dEe4KVHtVCYxqLihtgAAAAg"]
[Sat Apr 04 02:19:15.189247 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:38090] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7cxntlX1yH_rDUPAwCQAAAAU"]
[Sat Apr 04 02:19:15.187608 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:38090] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.template"] [unique_id "adC7cxntlX1yH_rDUPAwCQAAAAU"]
[Sat Apr 04 02:19:15.187112 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:38090] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.template"] [unique_id "adC7cxntlX1yH_rDUPAwCQAAAAU"]
[Sat Apr 04 02:19:15.186347 2026] [security2:error] [pid 119144:tid 119144] [client 185.177.72.61:38090] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.template"] [unique_id "adC7cxntlX1yH_rDUPAwCQAAAAU"]
[Sat Apr 04 02:19:12.091016 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:38074] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7cOF9KhWbiOcgFFzsugAAAAQ"]
[Sat Apr 04 02:19:12.088652 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:38074] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.staging.local"] [unique_id "adC7cOF9KhWbiOcgFFzsugAAAAQ"]
[Sat Apr 04 02:19:12.088147 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:38074] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.staging.local"] [unique_id "adC7cOF9KhWbiOcgFFzsugAAAAQ"]
[Sat Apr 04 02:19:12.087382 2026] [security2:error] [pid 118255:tid 118255] [client 185.177.72.61:38074] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.staging.local"] [unique_id "adC7cOF9KhWbiOcgFFzsugAAAAQ"]
[Sat Apr 04 02:19:10.797987 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:38068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC7btniPYZeu5gaRtZnQQAAAA0"]
[Sat Apr 04 02:19:10.796041 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:38068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/.env.qa"] [unique_id "adC7btniPYZeu5gaRtZnQQAAAA0"]
[Sat Apr 04 02:19:10.795553 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:38068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "97.99.19.201"] [uri "/.env.qa"] [unique_id "adC7btniPYZeu5gaRtZnQQAAAA0"]
[Sat Apr 04 02:19:10.794720 2026] [security2:error] [pid 118259:tid 118259] [client 185.177.72.61:38068] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.env.qa"] [unique_id "adC7btniPYZeu5gaRtZnQQAAAA0"]
[Sat Apr 04 02:17:54.122711 2026] [security2:error] [pid 119433:tid 119433] [client 185.177.72.61:48266] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "adC7IgiRww9LW1QH1oCU1gAAAAM"]
[Sat Apr 04 02:15:52.440207 2026] [security2:error] [pid 119144:tid 119144] [client 18.201.125.109:57924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adC6qBntlX1yH_rDUPAwCAAAAAU"]
[Sat Apr 04 02:15:52.439348 2026] [security2:error] [pid 119144:tid 119144] [client 18.201.125.109:57924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/"] [unique_id "adC6qBntlX1yH_rDUPAwCAAAAAU"]
[Sat Apr 04 02:15:52.437472 2026] [security2:error] [pid 119144:tid 119144] [client 18.201.125.109:57924] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "selvans.net"] [uri "/"] [unique_id "adC6qBntlX1yH_rDUPAwCAAAAAU"]
[Sat Apr 04 02:03:31.658457 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/lufix.php' not found or unable to stat
[Sat Apr 04 02:03:31.519064 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/index.php' not found or unable to stat
[Sat Apr 04 02:03:31.380787 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/html5-named-character-references.php' not found or unable to stat
[Sat Apr 04 02:03:31.237329 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/config.php' not found or unable to stat
[Sat Apr 04 02:03:31.079826 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/config-backup.php' not found or unable to stat
[Sat Apr 04 02:03:30.934494 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/class-wp-html-unsupported-exception.php' not found or unable to stat
[Sat Apr 04 02:03:30.796887 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/class-wp-html-token.php' not found or unable to stat
[Sat Apr 04 02:03:30.650483 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/class-wp-html-text-replacement.php' not found or unable to stat
[Sat Apr 04 02:03:30.442588 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/class-wp-html-tag-processor.php' not found or unable to stat
[Sat Apr 04 02:03:30.281107 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/class-wp-html-stack-event.php' not found or unable to stat
[Sat Apr 04 02:03:30.135211 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/class-wp-html-span.php' not found or unable to stat
[Sat Apr 04 02:03:29.985035 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/class-wp-html-processor.php' not found or unable to stat
[Sat Apr 04 02:03:29.840187 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/class-wp-html-processor-state.php' not found or unable to stat
[Sat Apr 04 02:03:29.660030 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/class-wp-html-open-elements.php' not found or unable to stat
[Sat Apr 04 02:03:29.522477 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/class-wp-html-doctype-info.php' not found or unable to stat
[Sat Apr 04 02:03:27.394564 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/class-wp-html-decoder.php' not found or unable to stat
[Sat Apr 04 02:03:27.240087 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/class-wp-html-attribute-token.php' not found or unable to stat
[Sat Apr 04 02:03:27.102243 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/class-wp-html-active-formatting-elements.php' not found or unable to stat
[Sat Apr 04 02:03:26.953445 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/admin.php' not found or unable to stat
[Sat Apr 04 02:03:26.791514 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/mah.php' not found or unable to stat
[Sat Apr 04 02:03:26.652336 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/images/chosen.php' not found or unable to stat
[Sat Apr 04 02:03:26.147451 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/images/lmfi2.php' not found or unable to stat
[Sat Apr 04 02:03:25.981757 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/mah.php' not found or unable to stat
[Sat Apr 04 02:03:25.842872 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/images/chosen.php' not found or unable to stat
[Sat Apr 04 02:03:25.410817 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/images/lmfi2.php' not found or unable to stat
[Sat Apr 04 02:03:24.555321 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/chosen.php' not found or unable to stat
[Sat Apr 04 02:03:24.392188 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/ok.php' not found or unable to stat
[Sat Apr 04 02:03:23.773367 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/file.php' not found or unable to stat
[Sat Apr 04 02:03:23.126536 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/xmrlpc.php' not found or unable to stat
[Sat Apr 04 02:03:22.975070 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/doc.php' not found or unable to stat
[Sat Apr 04 02:03:22.530570 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/makeasmtp.php' not found or unable to stat
[Sat Apr 04 02:03:22.372645 2026] [security2:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] ModSecurity: Access denied with code 403 (phase 2). Pattern match "wp-login.php" at REQUEST_FILENAME. [file "/etc/modsecurity/wordpress.conf"] [line "4"] [id "2000000"] [msg "wordpress bruteforce attempt"] [hostname "selvans.net"] [uri "/wp-login.php"] [unique_id "adC3uhntlX1yH_rDUPAv1wAAAAU"]
[Sat Apr 04 02:03:19.844231 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/post.php' not found or unable to stat
[Sat Apr 04 02:03:19.696922 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/fw.php' not found or unable to stat
[Sat Apr 04 02:03:19.536299 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/config.php' not found or unable to stat
[Sat Apr 04 02:03:19.250025 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/footer.php' not found or unable to stat
[Sat Apr 04 02:03:18.922130 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/link.php' not found or unable to stat
[Sat Apr 04 02:03:18.471186 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/packed.php' not found or unable to stat
[Sat Apr 04 02:03:18.028052 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/css/chosen.php' not found or unable to stat
[Sat Apr 04 02:03:16.781174 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/moon.php' not found or unable to stat
[Sat Apr 04 02:03:16.451541 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/filemanager.php' not found or unable to stat
[Sat Apr 04 02:03:16.305289 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/about.php' not found or unable to stat
[Sat Apr 04 02:03:16.163183 2026] [php:error] [pid 119144:tid 119144] [client 20.104.201.101:64958] script '/user.php' not found or unable to stat
[Sat Apr 04 02:03:10.405949 2026] [security2:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] ModSecurity: Access denied with code 403 (phase 2). Pattern match "wp-login.php" at REQUEST_FILENAME. [file "/etc/modsecurity/wordpress.conf"] [line "4"] [id "2000000"] [msg "wordpress bruteforce attempt"] [hostname "selvans.net"] [uri "/wp-includes/html-api/wp-login.php"] [unique_id "adC3rtniPYZeu5gaRtZnPAAAAA0"]
[Sat Apr 04 02:03:10.269430 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/plugin.php' not found or unable to stat
[Sat Apr 04 02:03:10.119233 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/gecko.php' not found or unable to stat
[Sat Apr 04 02:03:09.694264 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/403.php' not found or unable to stat
[Sat Apr 04 02:03:08.968656 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/radio.php' not found or unable to stat
[Sat Apr 04 02:03:08.817539 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/images/autoload_classmap.php' not found or unable to stat
[Sat Apr 04 02:03:08.386201 2026] [security2:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] ModSecurity: Access denied with code 403 (phase 2). Pattern match "wp-login.php" at REQUEST_FILENAME. [file "/etc/modsecurity/wordpress.conf"] [line "4"] [id "2000000"] [msg "wordpress bruteforce attempt"] [hostname "selvans.net"] [uri "/wp-includes/theme-compat/wp-login.php"] [unique_id "adC3rNniPYZeu5gaRtZnLgAAAA0"]
[Sat Apr 04 02:03:08.240611 2026] [access_compat:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] AH01797: client denied by server configuration: /cgi-bin/moon.php
[Sat Apr 04 02:03:07.941242 2026] [access_compat:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] AH01797: client denied by server configuration: /cgi-bin/xmrlpc.php
[Sat Apr 04 02:03:06.667103 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/db.php' not found or unable to stat
[Sat Apr 04 02:03:06.473445 2026] [access_compat:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] AH01797: client denied by server configuration: /cgi-bin/about.php
[Sat Apr 04 02:03:05.001624 2026] [access_compat:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] AH01797: client denied by server configuration: /cgi-bin/admin.php
[Sat Apr 04 02:03:04.825040 2026] [access_compat:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] AH01797: client denied by server configuration: /cgi-bin/1.php
[Sat Apr 04 02:03:04.227343 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/install.php' not found or unable to stat
[Sat Apr 04 02:03:04.066982 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/1.php' not found or unable to stat
[Sat Apr 04 02:03:03.898011 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/.well-known/index.php' not found or unable to stat
[Sat Apr 04 02:03:03.740220 2026] [security2:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] ModSecurity: Access denied with code 403 (phase 2). Pattern match "wp-login.php" at REQUEST_FILENAME. [file "/etc/modsecurity/wordpress.conf"] [line "4"] [id "2000000"] [msg "wordpress bruteforce attempt"] [hostname "selvans.net"] [uri "/wp-includes/rest-api/wp-login.php"] [unique_id "adC3p9niPYZeu5gaRtZnFAAAAA0"]
[Sat Apr 04 02:03:03.417966 2026] [access_compat:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] AH01797: client denied by server configuration: /cgi-bin/fm.php
[Sat Apr 04 02:03:01.994917 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/css/cong.php' not found or unable to stat
[Sat Apr 04 02:03:00.093697 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/edit.php' not found or unable to stat
[Sat Apr 04 02:02:59.948807 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/readme.php' not found or unable to stat
[Sat Apr 04 02:02:59.811965 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/themes.php' not found or unable to stat
[Sat Apr 04 02:02:59.669916 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/.well-known/lv.php' not found or unable to stat
[Sat Apr 04 02:02:59.487007 2026] [security2:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] ModSecurity: Access denied with code 403 (phase 2). Pattern match "wp-login.php" at REQUEST_FILENAME. [file "/etc/modsecurity/wordpress.conf"] [line "4"] [id "2000000"] [msg "wordpress bruteforce attempt"] [hostname "selvans.net"] [uri "/wp-includes/customize/wp-login.php"] [unique_id "adC3o9niPYZeu5gaRtZm_AAAAA0"]
[Sat Apr 04 02:02:59.328064 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/.well-known/as.php' not found or unable to stat
[Sat Apr 04 02:02:59.172463 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/wp-mail.php' not found or unable to stat
[Sat Apr 04 02:02:59.020564 2026] [security2:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] ModSecurity: Access denied with code 403 (phase 2). Pattern match "wp-login.php" at REQUEST_FILENAME. [file "/etc/modsecurity/wordpress.conf"] [line "4"] [id "2000000"] [msg "wordpress bruteforce attempt"] [hostname "selvans.net"] [uri "/wp-includes/js/wp-login.php"] [unique_id "adC3o9niPYZeu5gaRtZm-QAAAA0"]
[Sat Apr 04 02:02:58.129711 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/x.php' not found or unable to stat
[Sat Apr 04 02:02:57.081891 2026] [security2:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] ModSecurity: Access denied with code 403 (phase 2). Pattern match "wp-login.php" at REQUEST_FILENAME. [file "/etc/modsecurity/wordpress.conf"] [line "4"] [id "2000000"] [msg "wordpress bruteforce attempt"] [hostname "selvans.net"] [uri "/wp-admin/css/colors/ectoplasm/wp-login.php"] [unique_id "adC3odniPYZeu5gaRtZm7AAAAA0"]
[Sat Apr 04 02:02:56.906049 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/test.php' not found or unable to stat
[Sat Apr 04 02:02:56.611940 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/info.php' not found or unable to stat
[Sat Apr 04 02:02:56.303746 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/.well-known/link.php' not found or unable to stat
[Sat Apr 04 02:02:56.014792 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/alfa.php' not found or unable to stat
[Sat Apr 04 02:02:55.453028 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/ini.php' not found or unable to stat
[Sat Apr 04 02:02:55.165829 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/fm.php' not found or unable to stat
[Sat Apr 04 02:02:54.841734 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/ty.php' not found or unable to stat
[Sat Apr 04 02:02:54.677549 2026] [php:error] [pid 118259:tid 118259] [client 20.104.201.101:64903] script '/default.php' not found or unable to stat
[Sat Apr 04 01:59:49.938706 2026] [security2:error] [pid 118262:tid 118262] [client 43.166.226.186:42338] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "adC25U-JUiFCpkU48exR6wAAAA4"], referer: http://whoami.selvans.net
[Sat Apr 04 01:56:41.021574 2026] [security2:error] [pid 119433:tid 119433] [client 80.82.77.33:53948] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicons/favicon.ico"] [unique_id "adC2KAiRww9LW1QH1oCUbwAAAAM"]
[Sat Apr 04 01:56:40.272175 2026] [security2:error] [pid 118259:tid 118259] [client 80.82.77.33:53330] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/.well-known/security.txt"] [unique_id "adC2KNniPYZeu5gaRtZm2gAAAA0"]
[Sat Apr 04 01:56:39.742607 2026] [security2:error] [pid 119147:tid 119147] [client 80.82.77.33:52394] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/sitemap.xml"] [unique_id "adC2J0bA0kW4ofYjW2SYBQAAAAY"]
[Sat Apr 04 01:56:38.972801 2026] [security2:error] [pid 118262:tid 118262] [client 80.82.77.33:52122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/robots.txt"] [unique_id "adC2Jk-JUiFCpkU48exR6gAAAA4"]
[Sat Apr 04 01:56:15.491421 2026] [security2:error] [pid 118254:tid 118254] [client 80.82.77.33:34624] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "adC2DyCthhuxFleuDSXbWQAAAAI"]
[Sat Apr 04 01:52:55.805183 2026] [core:error] [pid 119039:tid 119039] [client 5.189.148.247:40954] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Sat Apr 04 01:28:11.315476 2026] [security2:error] [pid 119039:tid 119039] [client 66.132.195.49:46508] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/security.txt"] [unique_id "adCve0dGZ4UkGtUxX9Zh0wAAAAE"]
[Sat Apr 04 01:28:03.363911 2026] [security2:error] [pid 118259:tid 118259] [client 66.132.195.49:14862] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "adCvc9niPYZeu5gaRtZm2AAAAA0"]
[Sat Apr 04 01:27:50.157129 2026] [security2:error] [pid 118256:tid 118256] [client 66.132.195.49:30938] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicon.ico"] [unique_id "adCvZke4KVHtVCYxqLihrwAAAAg"]
[Sat Apr 04 01:27:49.280318 2026] [security2:error] [pid 119433:tid 119433] [client 66.132.195.49:30924] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicons/favicon.ico"] [unique_id "adCvZQiRww9LW1QH1oCUawAAAAM"]
[Sat Apr 04 01:27:48.571355 2026] [security2:error] [pid 119144:tid 119144] [client 66.132.195.49:30888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicons/favicon-16x16.png"] [unique_id "adCvZBntlX1yH_rDUPAvugAAAAU"]
[Sat Apr 04 01:27:48.034823 2026] [security2:error] [pid 118255:tid 118255] [client 66.132.195.49:30880] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicons/favicon-32x32.png"] [unique_id "adCvZOF9KhWbiOcgFFzsawAAAAQ"]
[Sat Apr 04 01:27:47.527793 2026] [security2:error] [pid 119039:tid 119039] [client 66.132.195.49:30860] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/favicons/apple-touch-icon.png"] [unique_id "adCvY0dGZ4UkGtUxX9Zh0gAAAAE"]
[Sat Apr 04 01:27:43.988581 2026] [security2:error] [pid 118262:tid 118262] [client 66.132.195.49:7322] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "adCvX0-JUiFCpkU48exR6AAAAA4"]
[Sat Apr 04 01:18:10.157836 2026] [security2:error] [pid 118255:tid 118255] [client 170.106.143.6:59714] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "adCtIuF9KhWbiOcgFFzsagAAAAQ"], referer: http://97.99.19.201
[Sat Apr 04 01:02:26.403222 2026] [security2:error] [pid 118254:tid 118254] [client 43.135.133.241:34336] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "adCpciCthhuxFleuDSXbUwAAAAI"], referer: http://selvans.net
[Sat Apr 04 01:00:56.330202 2026] [security2:error] [pid 119150:tid 119150] [client 122.51.236.174:56878] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "selvans.net"] [uri "/"] [unique_id "adCpGL4GKKJMq3sYUDwuJQAAAAc"], referer: http://www.selvans.net
[Sat Apr 04 00:59:28.997376 2026] [security2:error] [pid 119144:tid 119144] [client 216.244.66.203:46304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "selvans.net"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adCowBntlX1yH_rDUPAvswAAAAU"]
[Sat Apr 04 00:59:28.994030 2026] [security2:error] [pid 119144:tid 119144] [client 216.244.66.203:46304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "selvans.net"] [uri "/robots.txt"] [unique_id "adCowBntlX1yH_rDUPAvswAAAAU"]
[Sat Apr 04 00:59:28.992424 2026] [security2:error] [pid 119144:tid 119144] [client 216.244.66.203:46304] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "selvans.net"] [uri "/robots.txt"] [unique_id "adCowBntlX1yH_rDUPAvswAAAAU"]
[Sat Apr 04 00:46:11.651116 2026] [security2:error] [pid 118480:tid 118480] [client 20.14.74.80:33636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.7"] [tag "event-correlation"] [hostname "97.99.19.201"] [uri "/error/HTTP_FORBIDDEN.html.var"] [unique_id "adClo9NlooP0tW6U4gzZOwAAAAA"]
[Sat Apr 04 00:46:11.648314 2026] [security2:error] [pid 118480:tid 118480] [client 20.14.74.80:33636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "97.99.19.201"] [uri "/"] [unique_id "adClo9NlooP0tW6U4gzZOwAAAAA"]
[Sat Apr 04 00:46:11.646311 2026] [security2:error] [pid 118480:tid 118480] [client 20.14.74.80:33636] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "97.99.19.201"] [severity "WARNING"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "adClo9NlooP0tW6U4gzZOwAAAAA"]
[Sat Apr 04 00:46:11.645758 2026] [security2:error] [pid 118480:tid 118480] [client 20.14.74.80:33636] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "97.99.19.201"] [uri "/"] [unique_id "adClo9NlooP0tW6U4gzZOwAAAAA"]